5d886595deeeb94565f29a59787970e5fb9db839077941ce63ebb9e5736f0f50

Analysis

max time kernel
600s
max time network
605s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nulle a chier la raclette chinois intolerant lactose.mp3
Size

289KB
MD5

052e6c0b6f167a7da0515a75bb723a02
SHA1

ba0d45ec867618f2d4e87433d5551e75e739761b
SHA256

5d886595deeeb94565f29a59787970e5fb9db839077941ce63ebb9e5736f0f50
SHA512

d7330abf792ccc82656589ad0922da206bf5421d05dd36b6161d355cffde635aa65333fdf511cbd5d9a230e34d1d0b851bbb919311b88019a91681f632c92c76
SSDEEP

6144:pU004GauSJWLdaeQpIC1R7JWZYPlP2Wvhda7AOP9:pWoWpQzop2hdiAOl

Score

8^/10

bootkit persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 5 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

Processes:

unregmp2.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	unregmp2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\DontAsk = "2"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,19041,1266"	unregmp2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\IsInstalled = "0"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Stubpath = "%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"	unregmp2.exe

Drops desktop.ini file(s) 1 IoCs

Processes:

unregmp2.exe

description ioc process

File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini unregmp2.exe

description	ioc	process
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	unregmp2.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

unregmp2.exewmplayer.exe

description	ioc	process
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\V:	wmplayer.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Drops file in Program Files directory 1 IoCs

Processes:

unregmp2.exe

description ioc process

File opened for modification C:\Program Files\Windows Media Player\wmplayer.exe unregmp2.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

description	ioc	process
File opened for modification	C:\Program Files\Windows Media Player\wmplayer.exe	unregmp2.exe

Drops file in Windows directory 3 IoCs

Processes:

svchost.exemspaint.exe

description	ioc	process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

9008 taskkill.exe

pid	process
9008	taskkill.exe

Modifies registry class 64 IoCs

Processes:

unregmp2.exewmplayer.exefirefox.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\image\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4204450073-1267028356-951339405-1000\{39C601A0-0913-4D94-9A80-66A0039A8FE2}	wmplayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\NeverDefault	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\NeverDefault	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867}	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867}\ = "Open Media Sharing Handler"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{A45AEC2B-549E-405F-AF3E-C6B03C4FDFBF}	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play	unregmp2.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
5992	MEMZ.exe
5992	MEMZ.exe
5992	MEMZ.exe
5096	MEMZ.exe
5992	MEMZ.exe
5096	MEMZ.exe
2496	MEMZ.exe
2496	MEMZ.exe
2496	MEMZ.exe
2496	MEMZ.exe
4700	MEMZ.exe
4700	MEMZ.exe
5992	MEMZ.exe
5096	MEMZ.exe
5992	MEMZ.exe
5096	MEMZ.exe
2496	MEMZ.exe
4700	MEMZ.exe
2496	MEMZ.exe
4700	MEMZ.exe
5668	MEMZ.exe
5668	MEMZ.exe
5992	MEMZ.exe
5096	MEMZ.exe
5096	MEMZ.exe
5992	MEMZ.exe
5668	MEMZ.exe
4700	MEMZ.exe
4700	MEMZ.exe
5668	MEMZ.exe
2496	MEMZ.exe
2496	MEMZ.exe
5096	MEMZ.exe
5992	MEMZ.exe
5096	MEMZ.exe
5992	MEMZ.exe
2496	MEMZ.exe
5668	MEMZ.exe
5668	MEMZ.exe
2496	MEMZ.exe
4700	MEMZ.exe
4700	MEMZ.exe
5992	MEMZ.exe
5096	MEMZ.exe
5992	MEMZ.exe
5096	MEMZ.exe
5992	MEMZ.exe
4700	MEMZ.exe
4700	MEMZ.exe
5992	MEMZ.exe
5668	MEMZ.exe
5668	MEMZ.exe
2496	MEMZ.exe
2496	MEMZ.exe
4700	MEMZ.exe
5096	MEMZ.exe
4700	MEMZ.exe
5096	MEMZ.exe
5096	MEMZ.exe
4700	MEMZ.exe
4700	MEMZ.exe
5096	MEMZ.exe
2496	MEMZ.exe
5668	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

taskmgr.exemmc.exe

pid process

5708 taskmgr.exe
7696 mmc.exe

pid	process
5708	taskmgr.exe
7696	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs

Processes:

msedge.exe

pid	process
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe

Suspicious use of AdjustPrivilegeToken 31 IoCs

Processes:

unregmp2.exewmplayer.exeAUDIODG.EXEfirefox.exetaskmgr.exeAUDIODG.EXEmmc.exetaskkill.exe

description	pid	process
Token: SeShutdownPrivilege	4028	unregmp2.exe
Token: SeCreatePagefilePrivilege	4028	unregmp2.exe
Token: SeShutdownPrivilege	4012	wmplayer.exe
Token: SeCreatePagefilePrivilege	4012	wmplayer.exe
Token: 33	3428	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3428	AUDIODG.EXE
Token: SeShutdownPrivilege	4012	wmplayer.exe
Token: SeCreatePagefilePrivilege	4012	wmplayer.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	5708	taskmgr.exe
Token: SeSystemProfilePrivilege	5708	taskmgr.exe
Token: SeCreateGlobalPrivilege	5708	taskmgr.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: 33	2512	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2512	AUDIODG.EXE
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: 33	7696	mmc.exe
Token: SeIncBasePriorityPrivilege	7696	mmc.exe
Token: 33	7696	mmc.exe
Token: SeIncBasePriorityPrivilege	7696	mmc.exe
Token: 33	7696	mmc.exe
Token: SeIncBasePriorityPrivilege	7696	mmc.exe
Token: SeDebugPrivilege	9008	taskkill.exe
Token: 33	5708	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5708	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

wmplayer.exefirefox.exetaskmgr.exemsedge.exe

pid	process
4012	wmplayer.exe
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exetaskmgr.exemsedge.exe

pid	process
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe

Suspicious use of SetWindowsHookEx 23 IoCs

Processes:

firefox.exeMEMZ.exemspaint.exemmc.exemmc.exeMEMZ.exe

pid	process
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe
5664	MEMZ.exe
5664	MEMZ.exe
5664	MEMZ.exe
5664	MEMZ.exe
8036	mspaint.exe
8036	mspaint.exe
8036	mspaint.exe
8036	mspaint.exe
5664	MEMZ.exe
7448	mmc.exe
7696	mmc.exe
7696	mmc.exe
5664	MEMZ.exe
5664	MEMZ.exe
5664	MEMZ.exe
5668	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

wmplayer.exeunregmp2.exesetup_wm.exeunregmp2.exefirefox.exefirefox.exe

description	pid	process	target process
PID 1324 wrote to memory of 2924	1324	wmplayer.exe	setup_wm.exe
PID 1324 wrote to memory of 2924	1324	wmplayer.exe	setup_wm.exe
PID 1324 wrote to memory of 2924	1324	wmplayer.exe	setup_wm.exe
PID 1324 wrote to memory of 1508	1324	wmplayer.exe	unregmp2.exe
PID 1324 wrote to memory of 1508	1324	wmplayer.exe	unregmp2.exe
PID 1324 wrote to memory of 1508	1324	wmplayer.exe	unregmp2.exe
PID 1508 wrote to memory of 4028	1508	unregmp2.exe	unregmp2.exe
PID 1508 wrote to memory of 4028	1508	unregmp2.exe	unregmp2.exe
PID 2924 wrote to memory of 1772	2924	setup_wm.exe	unregmp2.exe
PID 2924 wrote to memory of 1772	2924	setup_wm.exe	unregmp2.exe
PID 2924 wrote to memory of 1772	2924	setup_wm.exe	unregmp2.exe
PID 1772 wrote to memory of 4024	1772	unregmp2.exe	unregmp2.exe
PID 1772 wrote to memory of 4024	1772	unregmp2.exe	unregmp2.exe
PID 2924 wrote to memory of 4012	2924	setup_wm.exe	wmplayer.exe
PID 2924 wrote to memory of 4012	2924	setup_wm.exe	wmplayer.exe
PID 2924 wrote to memory of 4012	2924	setup_wm.exe	wmplayer.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 4364 wrote to memory of 3240	4364	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 1064	3240	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Nulle a chier la raclette chinois intolerant lactose.mp3"
1⤵
- Suspicious use of WriteProcessMemory
PID:1324

C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Nulle a chier la raclette chinois intolerant lactose.mp3"
2⤵
- Suspicious use of WriteProcessMemory
PID:2924

C:\Windows\SysWOW64\unregmp2.exe
C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
3⤵
- Suspicious use of WriteProcessMemory
PID:1772

C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
4⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Modifies registry class
PID:4024

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Nulle a chier la raclette chinois intolerant lactose.mp3"
3⤵
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4012

C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
2⤵
- Suspicious use of WriteProcessMemory
PID:1508

C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:4028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:4504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4b8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3240

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.0.712494521\2125292780" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {495075b4-e1cf-4539-8fcf-6a7d0b1cc29a} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 1900 1e3652ef158 gpu
3⤵
PID:1064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.1.1990390447\639280745" -parentBuildID 20230214051806 -prefsHandle 2456 -prefMapHandle 2444 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28faef37-3818-450c-8bd6-bc1576cf9394} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 2468 1e359589f58 socket
3⤵
PID:2688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.2.765906937\990346340" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e9f3305-f31a-4d2b-8276-95b4db4fe3d9} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 2980 1e368ae4b58 tab
3⤵
PID:4864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.3.1684243389\198861387" -childID 2 -isForBrowser -prefsHandle 4160 -prefMapHandle 4156 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8bee0ad-1682-4813-a2e5-b5387ff358c1} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 4172 1e359586b58 tab
3⤵
PID:1140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.4.1600291686\718653221" -childID 3 -isForBrowser -prefsHandle 5136 -prefMapHandle 5160 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cced1cd8-c835-4b87-a725-1a776ebe60c6} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5172 1e36d02b458 tab
3⤵
PID:5304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.5.985651072\257156612" -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78bc071b-3141-4a8e-b6bc-9f47a076f7d4} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5320 1e36d09b858 tab
3⤵
PID:5312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.6.78374904\1193689421" -childID 5 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2dc88eb-241e-45d0-9ef3-6062517dfe93} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5504 1e36d09c158 tab
3⤵
PID:5320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.7.1755153929\657867175" -childID 6 -isForBrowser -prefsHandle 5988 -prefMapHandle 5992 -prefsLen 31143 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce1cc149-c8e3-4d1c-9b7c-5dcea2d90c69} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5824 1e36e4dab58 tab
3⤵
PID:5680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.8.1667258934\938717666" -childID 7 -isForBrowser -prefsHandle 6900 -prefMapHandle 6904 -prefsLen 31222 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8f952d4-f1d3-4bd1-aab6-4df02eb05f4a} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 6936 1e36b259158 tab
3⤵
PID:3220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.9.197615379\543882090" -childID 8 -isForBrowser -prefsHandle 6904 -prefMapHandle 6876 -prefsLen 31222 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dffd57b4-02ee-4e50-95d2-a4a05a46e499} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 6788 1e376ceb458 tab
3⤵
PID:1764

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.10.169484548\414990209" -childID 9 -isForBrowser -prefsHandle 6688 -prefMapHandle 5220 -prefsLen 31222 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2761033-0826-4fe1-978a-6270cd1ed4d7} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 6640 1e374468b58 tab
3⤵
PID:3272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.11.1129352829\980182067" -childID 10 -isForBrowser -prefsHandle 6500 -prefMapHandle 6496 -prefsLen 31222 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4159013-0205-431e-a71b-c35b0b0e5318} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 6508 1e37446bb58 tab
3⤵
PID:5072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.12.1853628131\191182922" -childID 11 -isForBrowser -prefsHandle 9732 -prefMapHandle 7008 -prefsLen 31222 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8d5e353-b81f-4360-ac4e-9e627f72b82a} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 9844 1e37034c758 tab
3⤵
PID:5844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.13.914029922\1296692370" -childID 12 -isForBrowser -prefsHandle 6708 -prefMapHandle 1660 -prefsLen 31231 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f33b918-028e-481c-878c-b6c59719ae67} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5592 1e359589658 tab
3⤵
PID:4564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.14.1874390109\1445112687" -parentBuildID 20230214051806 -prefsHandle 5208 -prefMapHandle 5752 -prefsLen 31231 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d06a58b3-91da-4b6c-9680-0b41028b62ef} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 6720 1e36ae81858 rdd
3⤵
PID:700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.15.801490821\2146032232" -childID 13 -isForBrowser -prefsHandle 7012 -prefMapHandle 6744 -prefsLen 31231 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef3c38f2-c904-4772-818d-5d3eabd5d08a} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 7040 1e36e142758 tab
3⤵
PID:5592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.16.1599945813\2109689450" -childID 14 -isForBrowser -prefsHandle 1636 -prefMapHandle 6148 -prefsLen 31231 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62049e05-4f8e-4909-aaff-e875b3d45bc5} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 6184 1e3752d5658 tab
3⤵
PID:1700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2720

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe"
1⤵
PID:5384

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5992

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5096

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2496

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4700

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5668

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:5664

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:5568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
4⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
4⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
4⤵
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
4⤵
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
4⤵
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
4⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
4⤵
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
4⤵
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
4⤵
PID:6424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
4⤵
PID:6452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
4⤵
PID:6644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
4⤵
PID:6664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
4⤵
PID:6816

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
4⤵
PID:6988

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
4⤵
PID:7160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
4⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
4⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
4⤵
PID:6348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
4⤵
PID:6356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
4⤵
PID:6844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
4⤵
PID:6868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
4⤵
PID:6604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
4⤵
PID:6588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
4⤵
PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
4⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
4⤵
PID:7128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
4⤵
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
4⤵
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
4⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1284 /prefetch:1
4⤵
PID:6596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
4⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
4⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
4⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
4⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
4⤵
PID:6568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
4⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
4⤵
PID:6276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7872 /prefetch:2
4⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
4⤵
PID:7024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
4⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
4⤵
PID:3256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
4⤵
PID:6288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
4⤵
PID:7080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
4⤵
PID:6260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
4⤵
PID:6632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
4⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
4⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
4⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
4⤵
PID:7944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1
4⤵
PID:8040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
4⤵
PID:7548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9112 /prefetch:1
4⤵
PID:7604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
4⤵
PID:7752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
4⤵
PID:7484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
4⤵
PID:7720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
4⤵
PID:7400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5474258657174034043,1024250165566434340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
4⤵
PID:9200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
3⤵
PID:6760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:6748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
3⤵
PID:7016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:3228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
3⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
3⤵
PID:6944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:6664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
3⤵
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:6952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
3⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
3⤵
PID:6324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xc8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
3⤵
PID:6288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
3⤵
PID:6612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
3⤵
PID:7872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:7888

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:8036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
3⤵
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:6528

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
3⤵
- Suspicious use of SetWindowsHookEx
PID:7448

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:7696

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
3⤵
PID:7852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
3⤵
PID:7640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb924846f8,0x7ffb92484708,0x7ffb92484718
4⤵
PID:6336

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:5012

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5544

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4b8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:7308

C:\Windows\System32\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im memz.exe
1⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:9008

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
Filesize
530B

MD5
a7c936ff9df636a433ec4a4a05b14d72

SHA1
9dea8ad840be302333fde52f11f7d4c305a5598b

SHA256
a22965e591f64083bc8c743a6d1ad425dc455b9b8d7606597e338cb06db1bb83

SHA512
0dfec83e98b9bf3f3b2fbef95f41d4b26d1e2cf710a0441eb24a3dd5c95850b0ff7301c2b0a2ab0017e048e4ec8ee183ebfdb84827e576ac9790f370da70fa3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9e2d0ee2-dcae-4839-bddf-6130e457ac5b.tmp
Filesize
5KB

MD5
08b0d5cca865a4322bb5f47ce34ece50

SHA1
6c4dfa514e059594409ca11a1ed41cb6ff0802cc

SHA256
a7ba2d408665e397542fe53eacdf7b4d288a980f8dddc0c40d3f1ae106946142

SHA512
77b0bc2177a9a7f0a24aed1471cfc8bd395694ceeeac45ffb2a8656a64096222a6d4f93627cbc28a140b5cf3ea22b925d9a2dfd235dc6bd2c230b8adace7886f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
Filesize
168KB

MD5
b4ca633a270a720e0d5d5a6b5cc32598

SHA1
ed4e9f07075c1a8e393f7c242cbf6566e68259ea

SHA256
ea07d2d032318fc2b5c90ff56ad48082941c37ac2490c803677734600ba86a9c

SHA512
cab9026986be9f74de60af6c153b1eebf15e44f2416006b1fb198bcf1315fc1c599aaf1f1f9a0a0caf62ce274494b6fc516d55f2abc3a1879b8b4bfe2286d814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
Filesize
253KB

MD5
9ee31b74e2aac153e8d194575ac8d5a3

SHA1
b4caee910b2e11a45c6318e0049162b5dbdccb7d

SHA256
9956eb896643e25edf3bd6878c0744472dd0d7e5d8101029d86387189ec56a50

SHA512
af748e3e2c5b1e5530e86771fea8347fafb32c09f45dfc0966f09fbdfceda13d27bf34e6d4907d3438bbae3a215673f05366bb66d9b099a017b4c5c8337c242e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
Filesize
164KB

MD5
9881b05be5afa9d9ad51c848bfee029b

SHA1
71e54284a3df088e041c380dee6d48e5eb0d72b6

SHA256
348ea595f97b003f546dc3fbc0937988374dc67a7d1956adfbd98c6f900e8253

SHA512
2efd9cc44a4b89d9337cc2886e422e74e5f6e2cbb5e4d091153803ccc84efea58e0736d38d15131db8b97acad63e54fce926edfbc78afea73ebe427665749ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
209KB

MD5
13e5aab9d6440032f7314c13dc6f5e64

SHA1
67142c725ccec2ab15f0467f895bfbb3218fdf0c

SHA256
dbbce51f118f245ef0af71002275bc16f3e8108fa96191b8c14d6d0c3aff067d

SHA512
0687230f62929a81a6c4951245480b7029f3ed3047a484d2be9f3c1c324fbce817c06c834f22ee733efec0e4899491c0f27e5dd4ace6af83ce6e958995560f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
42KB

MD5
4bdabc799a50f4cb28e7bb018a885ff0

SHA1
adc1c1086d5a92af7d570ee2ce8ad497be92b78a

SHA256
4813cbd8e1d728cf79a458ddd0fbe693967197a02d8b44b36a63c9001916a7f2

SHA512
5716d45c33a640e20c4a0d59b3ca3d559c645b28dd9eadfd7ae619e328966d42201700e21ea7f3beea186a027fea5a25b45d9eb443cb5bac3e106ba36daa3c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
Filesize
233KB

MD5
5a238698967c05e5f87133f5a2e09edd

SHA1
45524fc05f2181cb65a50e5bb85f2a8567dd8cb7

SHA256
0f107a498e8a29aa6b5608453327afa5ec8e3117d255e52e0dd75a8d8231e89f

SHA512
fa1576ffa2b7e7159e323282ffac801044991d4e9bc2e0c5adf43aed6b3f2f559e91fe6d7f682e12e6b75fc1de89420eb8bf639cbbc8c405f98c1452af511427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
Filesize
47KB

MD5
1af625b5988f4098155457b42c9e7604

SHA1
f101a2737ad079176c92bc2684f8961b074ad710

SHA256
44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014

SHA512
b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
Filesize
32KB

MD5
fe0cb11576905a924b316b72b715c2e3

SHA1
31a833346d235602a4fc51b49ef9bf57d9d1409f

SHA256
ee9fdfd767036158d8d3bc22f6c3095c5bfa6c17d4611eaacd45a5a829a864b9

SHA512
0227816287e01021bc07b84db89642ed0cc5e1c3a653a8be2c38bc53dcb17cd62b1a45051cf143ba9c2a5880df961d281192547fbb0788d95659ec5169e98ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
Filesize
134KB

MD5
f80fb8dbd8cce469d6f4918c3ab26ac6

SHA1
50352cd5f784484d439c9fcd268478b5ee8c4c0f

SHA256
286229f836081317ce97816afcb371930c9890427f64cf8ad4a28a0baf5e2361

SHA512
0fae565b89670694bbc0050b17830cecc28c477327c9dd7fc9797737b6b5b63ff5dd88e613d62da488176fd808509f5604664cc8ffe32031803423fab6dda1b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
Filesize
20KB

MD5
5b5bb5200e5488514ba929206469ab7b

SHA1
3d6088d665cc3dd2fb6cd8e11027abb503507a13

SHA256
9cbc9abf06fe8baa7e38868d7accbe6bf6a1a3c3433c0ad1f5272fdb6346472d

SHA512
864a8f24f342f5d58d9f96fd27cd0bd3f4d08f8e30914c25d8f5406c7df55bb55f098e959b65764c63dcf87ffb6c0531ae435bed28205bcc2c29741f98860d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
Filesize
96KB

MD5
93e2451f1ef91019a701155fa181e70e

SHA1
263c9d6b90442dae5569d1afe109fb415d31ab88

SHA256
f80916be8b6d7c5f001591ef6157157310537800cb4e8ac4cb3bfd924802d8ae

SHA512
3446c205f07cbbbc9dff4a3a57cd79bd68395e1ae9e63d7decf23ae530f0853e5efadc8d4860f209bf0f7226866bc5993ce460e734e097055c370cc6a0f40e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a
Filesize
122KB

MD5
881b1f363f0914a75d798572abc5c312

SHA1
96f77c9eac3efa72d1fb625a09bacd6cff945c6f

SHA256
3f68eecb5f24c9bd1a086a455fab1698206019e282faec85295aec7f52f5a914

SHA512
86f9ef3c29e834d01ef3ba939e270c45430e1fccccc96c6050fa19680ac6cc4d59dc3823f9b2a90d812b2937630114e49abc0104ebf0705f8c9614645b07169d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b
Filesize
25KB

MD5
c437842f4b63d0670c043ae8e4f45635

SHA1
98fba95e041f891f8236cf1071d1bcde55fef1f5

SHA256
9e99c547d235f2a4be05ee95ea2900f8d45bd647eb4e6284c2a06d5de2ac26f2

SHA512
08627120c11c9f1c7072c6116537c36ba658109d64cdf8888c5821549cb52ccad8972a642078dc34928329fba0ba95d9d31075fc27349b3c52ecff37db95258b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071
Filesize
199KB

MD5
4abe85593cbe72b202de6008f2b57e5e

SHA1
442133edacd22e0f8c7463d3bcf575d84d8376eb

SHA256
bb08b5f1a2ea927b3e3f608fea0ee435278546c55cc8bfbe3eb35b339b177438

SHA512
c9da39f8f406219c815a2743b473b60b8818850c969bfb02506f4e6b5102e30a6589a4feeabb4f7323a9a4b7918feb8ae82f7c1e06b96c129117ac994a1e8cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073
Filesize
16KB

MD5
ddf9e6b63630bc36d67d1253a926ee48

SHA1
63d5e02dbb16b05885c20dee9541bbc6f939eee5

SHA256
228220fb6aa57f32c5901e60f1a2e17ebae1a6d411ac4c33259cfc870070ca61

SHA512
c71a5d5b8c56f7990e70cd0e91f7dab1adf8be7173ff192f566ba5da2cc4bc7e9cf3f5382e9b64dae63b3ec66d2186e17f6ecaeab864152bf33faf9a90578d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\257770502cbd5906_0
Filesize
3KB

MD5
95ca27921b5ad519ebcae6ced684e878

SHA1
8e9fef4b7d630913665e1aff7f1e92f4edff4965

SHA256
1f29104a32d4b5d2385685502a0f4507592d3e9ce9f90da0829c14095af49e53

SHA512
feb0910c3a4c30a1cd6103326439ae68692a753abe7c633c82291714d21f30b7f010891a62e7e5ed25fca272a9fefc9bae9a1fd26e01e1bd9fe68ab0596e9282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b4d00adb8ac939e_0
Filesize
2KB

MD5
fa36eff463f0c85ab2fb5fc913a23187

SHA1
70e3799454b5533caa9d400e009b1d8bb8a9d4fe

SHA256
d85ef9f9a4fb21cfeb9bdb3337f7f958ddbc66092ad6ea36ad0dc130a6398d39

SHA512
88bcf319f3b9db688c81f882f414cfb416d0f2547314f94ff5c35014267ab801aa52f840a5f102b78d7840c683ff0e15b799591b24a21f71a05488fe90878c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3272ba8b48d1c240_0
Filesize
232KB

MD5
4e5b8134ee5f407cc245c1e5a7faa330

SHA1
a59c2940299a0d755f08d00cea9ac2008685e48e

SHA256
133dc24c756466d7cbbf11ee0bf38d23ca7663638217b0db9e70be426ca21658

SHA512
fcdbbdf3dd1b621d2c0e6ff3012c9b0788e9dcba204c4f92e7e4b6c5eb4592590f6b483987d38546e9ce00139a940c2bbcaf7377dfe8c4de2685b88c3af963f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7bb6e713c669e693_0
Filesize
4KB

MD5
381da52dc360bd108d4b979f3bc63046

SHA1
81473aa56c934d93bc111da03100c6345e1b8e2d

SHA256
bef471d35f6b54ff18a4426a417c8a4fa9215abc386edab68b686cce77ab1735

SHA512
43dc40ef92671d999d96510154cd2cdf3bac6ab72a55b5e79914828865ab719f6814e10a47544322d6a703b60a118b1ed7f9eb6bb9fd81c4f56600bc8bbb09a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a47b83ed0c7083a6_0
Filesize
1.3MB

MD5
bc1daedc0ca5a39565cbcf9f2a3fbfaa

SHA1
d9331a14ab74e5c38d84fef855d6bb5ce98c403d

SHA256
48121472f647145f9261c25a904ce900899a763a266dc896e285b4a67bcf3c83

SHA512
fc663f94ed1be865a316356316620c7ebac7b00d4cb06e97881b6e417a24817e43d2afde3e92af448e65ba5dad93887a6979ee661ebb14feca816b348c16ccca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c94eaf7078a56ac1_0
Filesize
19KB

MD5
2822e5f9451946d36675b85596368e58

SHA1
18f04b33f4083847a40dbf1cb74bb3fc7f0cde1e

SHA256
5ad7f76312dc644f60a872815f59d02b3e88d7712b296e08fb74f9a8d5803dcc

SHA512
e64ec92af56184d674bfab0aa0680fb3a254b0807ce9a725409fc8028eded23cef27f33d5727ef938e04c6e0dabac52786d3111fb9e3bbe6390ece2400a708de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cbe1bb575e19636e_0
Filesize
349B

MD5
eb455032973ab574bbfc3176f11601cd

SHA1
34d29b855b2a98b885ca0208b9a49a8553adba20

SHA256
7cbe6f4a23c7992536e42aa60bbdfe65d3729e6f276db277fafba38dae708d7b

SHA512
0e7f400e856fe69893c04b95ef10843b517cb9b1fcb4f086e38cdf8a5131270de47874596575c9340af12cc75860f4b315bed21d609161efa29c94412f31ebd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
ac06a26b665a018ead01db108bdfe744

SHA1
eaae572f3f62544bf3c7bbc922618f2baa3fb588

SHA256
7bd977d56fcaa64b84de1fc3a48ffef8848eb79e59517102a3f8328e8485a969

SHA512
42f8a67497f517d125a0d5c0661d08a9fa887808a03202415d4232b819d2509def28f6c0fd2aacd7ff3b11ad54c08553c73345e2af017af7b1ddd3b9eb44cb4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
23a068e0614e60a5e0e0d2a82ed83bff

SHA1
cd38cdaad96c54140891413c5f1cae27fe18e88f

SHA256
0c4f610ed50f30613a896c8e994d09711eca6ba66b06c9198bf58e35b906944b

SHA512
747aae85271ecb9082b4e71ad3baadc240ee50621ec6180e062a9aa0fed88d19972fc03e08156170a72a7b53bbf38bb324e6286214773d9a9e2ff031522f24d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
9266374ec8d03d7185cdedf221066d54

SHA1
d94da82e3ceef9d5dc6835a613f64f86158c2b82

SHA256
cf1685d18733d309608e7dd8c5b762aaebf0e7bc8ac92f120cab360b375ca030

SHA512
0bb6fcb0b68061e9894b9ce141370fd47b19411d8945239f2afff906a85a6776185cc18fce2b669856a60224a53706afc659d88ad7dbeec9b83ced8226975fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
6f4ede621d7f033c65916ae183a2ad9c

SHA1
7cd2de6addd835275ed934c57ff99ec69bd319ca

SHA256
566a3b6e09e4d4b7181ecf7733bc827e05403499e54155cb087004854a0c13f2

SHA512
7493f8ad5b6aa61ce89baa273bf794eafecdd5d13ebe1385f0b9465de209e75a8ccbb4b020d3ae004565cc7a9befd0498b02680983f18277f3be9819e184a13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
239c5c87599552b7e36326f5c54d9cd9

SHA1
b01835b87a3cd1013c57c1262d91315993f1be32

SHA256
f71f71d9dac73b2356bd1d4c8b017a4805d4bce88ae5a698ecd5f4a1072b732d

SHA512
b7e47ef5dc4eb00eea21d7050f77a0b7543fc8eb8a3c6d631934ac5c8d278b55b94f9d8b60fae8c59699572b22518b8b5957eaa887aee0a8ffba1b232e07dba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
32beb9ea1f2b4d732e1a736ccd1c022c

SHA1
ac8197425e867621d378200b67f25217626e7f8b

SHA256
48b2c48b9946dace3b3045f3386f8453f4c79985d50ae112def1677d21dd8544

SHA512
b80442a55f38a5762f4572231c3c7299938d79ee52a490c7d9e9a950d5a05c9882a56636d87b3ea91959717f11a6ebb26023eb80c98fef5edbc4eb35fef3d2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
b4f194e866677981bc876b0327995fa2

SHA1
9ec4b9234c2a58d41e089bf7d9be8c987fa0ef7c

SHA256
8039abb379fdb5190995c1b1440bb9cc99bc8a867c537b5dd890a700fefa2271

SHA512
10b2a8934cb18887065a4fe3090cb8aa4fe1ab78d1706fbdade3fd59d2a58ecec0a6771a031d4e951ab26f914e58e27b176d59738518133a14ed11598f5a3d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
12KB

MD5
54b597852bb18b01e38841ffe6b3bd25

SHA1
671b302de287be59b024cdfd2b72a5c3134bc208

SHA256
45069efb54017a1673452f9ef47d18c1b3e574df8d5743f30a443f7c7cc919b2

SHA512
f9f2ec348b424982e9940bc10658b64005b562014de5a57fff75011dc1538429ece893cff8cb6f2a9c78b7e556195d8d89c694571894768618add9a6a49ad5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
12KB

MD5
6189ec6090bae08c445df4fa63c936fc

SHA1
38c540eb1e90cab413b3548bd051162cf433e55b

SHA256
f762d233db550938e404def3248f44b4956b7bf177b111948b70fa5d192c9d41

SHA512
9b2d39be8dc0e19d3f5fa792b69b95f30e1d27bf01236a32d2915a9b4bc4ad7a80d79ed0dfcb79bd5953a7275342ab00b125411ac383c623484627ac65597cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
d40ff84ad17657e9a31e6f60a673cdf8

SHA1
8317aa056d12ded599cd280cb2e22035a27af9de

SHA256
e8291944fa9c242333721452e8718ad09def7f6a3e51f7c364e4ea9f00a049a9

SHA512
f81cac63618be7c81e48c58c3c3d464635dc2d49fd3bacf423490516a6d88d705b1c966466dd82ef18c9d5c6c79dac4e45725f82076d0166d235fbaf72a9b8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
fd97ece3291079619ff35941cead023b

SHA1
98527de3f99c8526462b81719de0a029e5570962

SHA256
1e68d7730f6350cccd4451ea14da4b4745bf309881adebb43c5c8ebf72fd7201

SHA512
ae52285753e2269c3672dcd94f03dbc61a9fc3f442ae2f75ddc672d37afedab41af95bec5b47a737139ec48aea36d733beb4de03a3b04b01f8b9631a28a9999d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
88336b39b2adc06daeef6e5d0703bd05

SHA1
93e4d105cf1a2e065761ce017ddc6a02c9eb0b2e

SHA256
b466d9d0d68294ead2730e3013069a81a96e6dd2277d4879a873366e017ee4f4

SHA512
ac2af014e8014be37118732d988653a85411f1e6ca59298a657e3870c68d53dbac6475e3892e49f2a5dfbda9696426446e4551a8de61c3edadbb005ad15119f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
10d7bf546e11bd955b8d44d7fd8545d6

SHA1
03186bce5b4da2e941b1c096a286c78731a8fba9

SHA256
a2190a02cc380fde70a59c907bdcda0214ac7a2a68aabe9230a6054ceccc9d04

SHA512
6ec08cedca0f1080ae24c453b9e2c312ead534900d37489ad0ef0272071c5fad713d9ac75a5fd8ea7e3a8476d79cd41633d35293de0eefdb94d727ff8680bfd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
b79f1734ecbd9f662c0bb3cba2fc2373

SHA1
a49e959f8a25ddab5cff047bcf23dfe9ec28354e

SHA256
cf51e6ef9cce859bff8bec024c33790eb48cd5ab6976d5d4c7ad032e59ac5d9b

SHA512
ee881dd1bb2108779ce9c706b68a55178a65d7b19ff9db5e81543a31102272732693031d0776ed998000b900badd0ba6394c1a1b193ab5f7b43100b12c94a95d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
c13e9744c5973ab915ee82479449dbed

SHA1
2864fcdcaffdb4047a6321c507c4633baf7f9156

SHA256
7d83c779455640f222c5bcb313067de5d918a97cfe8331f523a47aad3258bc1d

SHA512
6499a219e6c1df436f0f7da6b279659c56fc0f77fe4a7732e1d43550c44ef8c518191286276500ad833465defa45f3063a56c21d46d75dfc4b5064a71084b72a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c5f3daec933f3660a8af80b32782c913

SHA1
9ebff04501d7e142bcfe774c989e35960ac2bf1a

SHA256
df863116ddef42eac302bc4f4df1b84cb7d0f65b3f79e4de885ba7f502704b08

SHA512
c5b772d7366a011edc1cf0aa0f85e973a225e971c28778b90e368aa0ed79ca753d967dbcd661154b3681172763bf6d50fd668b98f952a817721b0ca3f90390f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
fe9e295dd47cb206bc6a8d4f159b1962

SHA1
2a282ea972a0452d65c0a0f8d1701cb068dc1c2f

SHA256
809fb72cb958945a1b7ce8ed7cf6493937d0cdfe4dca65f4f7f1f896996f9dde

SHA512
56437ff931ad50bb8498b14608e8140c56852549f854a6160d887e26b25141a8abe67947e20cf0da76357708314944ef1942c29188344d920ea918f6779efaf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
5195f475380ccfc11b3dd86aa71c8ae2

SHA1
644056c6a3508a466b81b058343e33facce41a80

SHA256
3e608c793a66345dfa7129f1eb09e366d972bf5473abe94d9a0bd9b001179141

SHA512
9dfb944fe2299bdae9fc513d01d455ea6a84c3e310e4b1c8fc5a0f3e657ac1a36304919ea0fa9024d56488a7f92ea031ad976120825994d2af2f9d60d68319a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
e3d481c8ace6e9b29465d25abae185a7

SHA1
60de048485796f3568f7b9de2f993d2dcb7e9d3a

SHA256
b706c14bfd2d0c3a7d69c67680ac67dabbe6945d19e6ddc07ea02a2649e2ee7a

SHA512
c6aaecb4dd66876c425eda5b2fd915f26b9f49c1983edc1d6a28b2cb621758eb5f7892bd3d381030176a718bb75802655c65648769506fee70639267e9b2ddb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
52107d70e6ce31761e9919a893aa78e6

SHA1
ea7983277e0020e6fd4c9a33f3cdca7fa96fd8e7

SHA256
62030db57ea1655bddb8e1d05d5ba1762701594274392be16e369909cdb2216a

SHA512
00fd3605a3977abd48ae2611b7b992caf24442197d8c171f29a70fb9df7d372c10fa524fc27c577b08be7340271443c554afd4a394396d5c3fa8f15243d44be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
4d048e07a8bf864ea8304bdf7cfb7619

SHA1
326447ff6d82d11fa399a6a642f90cac326b37fe

SHA256
491bc02d87f96809bec68315dde3839c735c443d257124143fa0beff4c7e2ce9

SHA512
8c4036089f41dfef96eb5bb1030c21d02c2a68bfcbc083d6cbfad508f483d07e9c087763f0c286d2cdcd032fdb45c721853e0ac06d2d6e778d26c2e1f92ff48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
80bbc2d22e9b20e996998e985bea375a

SHA1
b31f9f064f5a22cf87369338c60624125ab0d883

SHA256
25753d3e5319eae2b48b6bb0a9f7959e47eed446f4b4dc5cff709ec51b37df9d

SHA512
e91373073bedadff2e686d24aad6aa70c25e88f59528baaa2170bbb92afd82842b40778f5cec4340198df7c4a24cc08c3cbb96238b56580d1a4b2b5a56d41e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
1c35e4bfe8bf9f8c073d3edd7b38e8a3

SHA1
7e96d5fcd5e381b4f90be1edbf4b48a527b31bd6

SHA256
058dce0ac6c4f0a28133f4ecbca9dfb78a9de4a918e76e59b4cfbd45b7e30b3e

SHA512
3724c196fad794365fd9a68b728900e3b6408abaa807b099cdb966183109cbc76ccc33a0440344c73acab6f13fd35aed212a9154a9e233f13fe64ec690cd2601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
0d029a4585b28f674edbf2c3367acd2f

SHA1
cb57b26ff148b60092925e04b5252549dc1293e5

SHA256
2ab356631fee3a9226b676f8570de9fd7fea2091b9ff46ef6f51abe25677f66b

SHA512
9450439eb00a2ec4d9edef931df2a3fb94e58b55cb5ea57c4d3e92b5fdd7b634445a024e6a13f0ca84c7b1aa4d20848be0cac7c98e1898d1c9b2f4bb5599d90d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
cd982bb2e03b126d0207cb14c8e28feb

SHA1
18c27b9051d547f99506dc3adcfd7523954ef56b

SHA256
905b4665b776c0cd139c414ee83a7aa67f7e21eab8cce88e530df4a0c64e5e45

SHA512
108ad76db0905de0cad3dee96c7332a4d4bdc4145556e4f6a53bde6091ff478711ee7d5f0f1408a6beb4a68aacf812a8ba28347006c6667387653fda5f05bca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
27792bd76d82f846c6c6abf474f23325

SHA1
034aff71b83e5613530e2fda5f4f5a932a7c95c8

SHA256
bab02fd75d2a6e413e221e67fa787e439d39e674686f197c2d47ca8b42d2e497

SHA512
4a6c08e9782ff2c74183fb7992dc37e65d719ccf057025f2776ecbbe90dfd11349a3e007ada350ac4b63cc22f8c0856a82e0aa4faab545c8cdc8b2664cfdc9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
de3352d6426cb33d167b8ed211a0c746

SHA1
0f76d183dfe3f5d0a25fa25040b0794c66e89e39

SHA256
f4534a1c3dccf95ef5ca1ec60f0f3bf135e5957c6383949bf23680210c39b443

SHA512
b1ebc76602fce756b5c1138303ab8e0eeebd56c06fec8c930af989846e5173f10353d78d2e65a169c773f075271bcb443a6c74de46698416f90d96c666507752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5be5d8.TMP
Filesize
90B

MD5
4063358df73f5d0ce6e948a80f8a941f

SHA1
9a2bc351189d86adb68b94322943a99b35578a33

SHA256
c44c660cb2bf60461fd48b53bee5c368125df02b6f2f6a608bd1f80f4dadea79

SHA512
ff9baea02a75cccc3b84acb6b8a2ef30be2d318b7f69ba55d2b4f0d2e2d5f6c44e984a0d69b441fbc8d75a17a231d094c77787a5a156350b2838b0f08bae28cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
4e8072119393950662fde6534237cd3f

SHA1
e3a16e5b22929a80cb36101e3e9c2d5f7b4a88ba

SHA256
5f825915028b4d27d72fb50190fc333d2ae49b39e6021b27402f33fc4c84f5ce

SHA512
90598d69e60ef9846afbccfa6842205ea85acc75ede48013c82024af002a7c209961ca6b9e24a923dc0c21cdd5a3dafcab944ad31ae536170341f528b65c33d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5bffc9.TMP
Filesize
48B

MD5
733df6675532a6bfa4a3993080200c8c

SHA1
aa19c3580efcfdf892faf811392c53ccc7683044

SHA256
fced7fa652286a220395529877f200e3c3481ceb43c03c2055aef230eedff31c

SHA512
adca4ee5e872422bf7f40c261798e0546f0e99e9e429eb32da07b2af61b9de714c5bf18714b203370adb2500c67b1a0fc98f4851011de72c87a195e7c038eea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5a70964aa0db4bef5078a800fed87dee

SHA1
53dc624fc0d100b9c746b139980d4db6169d5167

SHA256
b4e0ec8eb3ee6424f6ebb87b3bb50c67e8bc4450579543aff2c7fabddaaadf48

SHA512
47391444f26e523cca6e81ef7fbd87079b05674a1bd6f18b0ddf6e1cd9f2ceaaf9f6908528f09cbff66b7e8fa24f82a374aa5c81aa53df7f5e055ed0934a7dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b68b4112e5d97bea74550d626f894277

SHA1
51f70f0529747f0ada0e95ae694971db457d9c30

SHA256
9bee0dcc56c0d8e57b053e76dea0577bae47731b471ff1a2db5ca958222504b6

SHA512
589ec26fc3cf451ced4838f43fd04ed74c79adc6fc7a6212362fb1f73b0d54188ce1b3e19ab373dfab1d5aca1e1556a9ab854964da6aca2c3de0900cf384ff2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
4860f216838ad4e1bf49538163822581

SHA1
20f69e2ccb94d489c5dce1e95dd78fecda43edcd

SHA256
55e02db8ab93b2f2ab0e3805d3d7b29685d6bf04d169fad765a3f0f8c44aa207

SHA512
3d70e93f78ba89973f4b597e6170b288428ccfc0d8b30b7b24cb7778a1fa85e6845b3019fcfd1adbd7dff37118e364b538576980eddb064081846a5ee9fbc8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
87e93f1d475e36c6e79e73aba2e8795d

SHA1
5e1f562cf65e0c6a1cfcf5906036b69e2f796626

SHA256
d5da259a928b31fbb64652ca65b9b7aec07015b9933ddfd3af4191026af7dc81

SHA512
d200c5e4c0e4e3ddade4dd55af4011bee77728376eb80366a18b484dae4782c7a1ae2eff7bea8204034bf7b5c9de5bbf52cbc86521732848a0cfb4bc671f79fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f188823e87f140d911261862ff149f71

SHA1
d4991954d5c5362683371c486e3bc540e73ca791

SHA256
7c08678227581e7eb2507f890bdc0a9119f07d2142e4e097167179708a55ae3d

SHA512
f5ff9e7cf23d8739681464f185ae8567bb7604f75722e83a39aa756a0feebc97fa8cb9429cdae45661c18d0f4859808f3ed2d04d3242fbd94307fcee8a285408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
b8e96be65abd27105f28d20f41928706

SHA1
84c7c4e6c3c60ad7784a8a9da6a065028d14f5fd

SHA256
095119bd3c95d1fa359957bf3167088b8bac28044afad1943efb22a9cc1c7db9

SHA512
0e4bf4e1b89b0812f8d1a75678a969fe76d248bde8bfb80596c8150844b70904d537ba3874d8b870e74a0db9ec9a9b3efcbd52be9815c80964c07f2fe920a1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ff7a4da98046a9dcc44447a9f77f291c

SHA1
539f44867f93e130bf5d7b291ebd27ecb4be9c64

SHA256
d12f92c976439c821d883ca77109d0613974af7c8817b8fa71bf9e3f85874466

SHA512
15ee50bb0cbcca5804522720620606be8b6dde1e0cc53bb6fadd63f9f9e4fe529b4a7271d42edc33f107f88d608e07b1402d1781486c48b87abf60d254a1869c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
29e09698e2065092ee901dbac2f2bcb2

SHA1
489a6897c8f318b78d6d8d51453497e1f2468d21

SHA256
91de1eb6a992530994520830ec6002b4f538e12a73f327ddb3801d8ade44cb07

SHA512
e72979ce6977024d2e8fcfc3cebb31201f82a7aa4ad9e1b82e3cd773d00be662ab3aa95dabc2a3c276d32d2b40ca7fdefafb465029debe33def340365d0c2b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b5f62.TMP
Filesize
1KB

MD5
e9fd0cc00178437a1451b08f9cc552d6

SHA1
bbf86b8df6473d7347a229fb80c18143110b684f

SHA256
a2a6bf7d2ff38f1120cf1c00b662ddffa58eeba8fbfa646be59ef9e0d1e045f9

SHA512
b3eab9fe56866aa28a378f8c15e78de6c2bdf7bc3df60ade58f76abbf5e1cb7cffc0d2fde92c05d6fd60495055313cee8520461392418604509e61abf3fbd7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
2780b066b474feb017a5d6c5bb1d779b

SHA1
d8f3decd4338423d409d84e10c58625640aaea80

SHA256
fa2ed7910f4ef7f474b9378f5ccece179d1cdff5828d1b85d2e90e84a098aa35

SHA512
744546a31648a298992bc52d4151218c16326718e7ec322051036a67d35f42fd28b16d2dd670e581cb097154540bf7c5da7ce29febb27dce6bfabe010787c4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
72299acf0634ece8fb798732c56f40dd

SHA1
e14f1ee1f5cb29914873ac27f9d9c27ca2df42c0

SHA256
85ca0a56d520314a3560d5b68be0f63358665f0a6ce1e89c02c7149fdc4b4cb7

SHA512
2467009c535a1bcfabf8bf58e1b667dd5fd406fa9b06851f5dba9db3fe272b3680a24b02408c180972060195c7499cfdf29928ee19092e3821821ca4ec8388eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
23608b9e70d56ff866d4bedefdbf7f38

SHA1
32332ee7ab3a679253d0ed265dc153820f72d413

SHA256
6d53719bd3f7657e87416960cc133b2c48e63616a4c241fd24a892f7a5664aa6

SHA512
afe9c59e80edefcc689e73f7385f0a1a76cd2609a77c4ce59801031b1c3a7ce5d365bc488f976b2affeb469823b80ef22259d06ce28daea3a8247ee565a755dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
74d355a4dcc80403d4e7bb95f61daafd

SHA1
95ce3a73aafe8be2316eb0dc17b09ea476a0ba9a

SHA256
e532adf6a60d89c9344b503bef5c8f056355efe5fce0f50b7f99c29c4d0f2001

SHA512
64babfefa7f8d02321f84ff640d507406353d96787bcd7f6cbcc19541bd0f037a47c4a2aae4e97596e3530ceddd6e2e9eebab36bd270781e2001a3ddf45363f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
3ca34140cc396b7efa88c58cbdfabffa

SHA1
103b25b75ed56c474f1be5f51b72d1c6673726ad

SHA256
2a5e75b17ca02b50c60188cda0cfc5fbe9d70bb3731757ee9add0c26e613caac

SHA512
8fd179e36b8de048847c644e2bed3a4f72a903fb515863183214dd59a3d3f68ab3613c9c801bf4371942b80104990a4ce364cf527d56669f660cbbf26aae1f66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
7e8a91b7ac880b16ba96c92a1410c050

SHA1
8471ac7ab8603c30c22f75df2777ef183895b63a

SHA256
8ecfc8b9120aa556bd180d1f68b82a073068206b6fa247f11b034eee9ffedc59

SHA512
27138f639e542529bb64b492ee871ca0a9bc08712663f10e959aba4e466ec1b72a87115ea5c64bba8c193af973ffb03f5a5643ea0e69868657e0205f0d75d25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d011ee17a7fb0f756846e9c66da1b6c9

SHA1
11e02db551c1f9ee4689f1b3b2e8178ea9b59244

SHA256
4abd37266d124709759dbc379a5b98c88f95e065fa0cf06a019d9b5170203392

SHA512
9c0e61f860ab39ef355a33876837d8b3fd7a5d9ff5b4893b07f18a8ab258f2e3bc474ad6d0e62bbb4e9c25a738aaa6d50d4b057bc3fa0303ac68ccba1f057a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
11ca6dd62fc4f78a2a1adbb5b6ee519c

SHA1
f6416b7e8e44689051db6828f00a722a1791c63c

SHA256
6a4f3d6ba3d20c3e3effa5e295567924d99a85915cb8901ea527d215e5b9dbc8

SHA512
72b02cbc22046f258c383022b7d6dbc94aa7d59fd4600794826bb74376f9c4ad34c3dcb639fea536e5b6a6171facdba6f61692d4249ddd75cb9b38591a62c30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
7bdea22d58ae30f6a087eeade81eee5e

SHA1
5aa0b4e47f55aad68e99dfea8ad1e0eabdc3b332

SHA256
9220286365627ff3a9d1c5df06449987f9a8cef5a3d2387f537ee3456292f34d

SHA512
ad98a9a828a8d5d4be3950119e609175becb02eace59e7467a72c82f4531deb5d5d5af753efce64e83f67bbaf14cb9d9efa111cc20244eb62ee6fa3f59ce14bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
384KB

MD5
82afb9dc5e51ad3b2c1695ddf9bf4881

SHA1
c3867fb6cbc2932fa81474ec93e77e7be25d976f

SHA256
a2e9a26e9b0038253f615c78447fe1cc3c3856d54112a5d00f30711acd33e259

SHA512
4086d2136ccbe84bff7295aa20f4c6e367403ef34e6900ae69901bf264904cc8747472aabf76701d9febef9872ad9890e94c98c724ffdef68b99f3f0bad2abf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
1024KB

MD5
322e789f3d4d349edc164f162d035e25

SHA1
2bf220c835fb3804f65247e93ab8c23431fd9014

SHA256
d337e4a499846468986c262193579cf31fef3f0c1c961a44729c7e7a806958c5

SHA512
78d817392556e9eb89f12c56d2e7fea9698c83f369ee9d9fdbd7f72b998e2426f68448d52fcb562068f2a3cb1d1c082ba10a6bcdc853d2f2fe0fa2fe9c3abf68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\activity-stream.discovery_stream.json.tmp
Filesize
27KB

MD5
b741b392eadc98bc20d8e07a9ad02d96

SHA1
637663d514c4ecab6f6253eefe793241c5556d9e

SHA256
83d70a7e20dda56cf3cba2426a0608f9a71db13054bfaa0351ec521ab0d5e5a8

SHA512
f4116f4970b88fcd24ec60fbfa2a7fb3c6bc547d2b185ef0c7953c7626379683f1ddd9e148ea623a315d2ce6f21801652d1466fe25e8e7f4e33dd004ea087f05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\doomed\19421
Filesize
14KB

MD5
5574fd205021843a559a7b304944d37f

SHA1
02710638be491f9e274b125206ca2acc6d0d49ee

SHA256
e639f3cd21d9f2b05fe112db9be2f2888c05b4aa9d7566b325bfde59b0c9e8bc

SHA512
9f369aa98a80368ab0046bb9d764e7f184e36380146427b40dad2f032423c77a882c2fdcac88aa860922599e191375f8dd90b3d17e7b5b13bb83c1914023c1c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\doomed\7906
Filesize
11KB

MD5
08fd5c387a1f44c11d4728615686342f

SHA1
c8de8cdb887e1606db5ab7843fbf7329f346cf56

SHA256
17146a078574e0d30fb219391254ea6fe35d234b80d560d3f2e6f67bf5ab504a

SHA512
8d7946672fb4ff3d79dc23e5034160b097406799fc9137d9adec6a3af28fe852d78bd0dbc4cf5355c740f33051a222245317220e971676b70a6d095bf125d13a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\1C95F1850B98D09EC14634AE0FEE750C102657A5
Filesize
34KB

MD5
d23506c67f596f0c20972aa6d3074730

SHA1
0af258cd28cccfc3c1265686372ebf6a80efd2b3

SHA256
f55aa9687b6c433d6737016bf3cfaebc50ffbf4ccb5c8e39188e2863ea9cd231

SHA512
72c956e71b86752a0f1d614164024088c18f51e5d924436c4abcacdbbf8248760a14da3a847c58c56834a8efbc18c49ef0326ca3a6deef5d7ee04ef671dfe14e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\35B4B92B823C0512A393776F47765FF4F79A91FB
Filesize
121KB

MD5
b8df4e6fa3cd45c1b706c35cf210e4f2

SHA1
d33edf6e21495a422528d7a02d9f5dabb762c2bb

SHA256
43e1667d929420eb927c99f6f2c9bf6acd07f5c03cf070197a8dfed0a02c53e4

SHA512
6b7a40b8507b8207729e39e1d25f91c77527112088187b1ef4f75ed696026b8ef0e08168ab84b246fa0bbf184b8fad95ed1cdd6ae10cb97530a92d6d6f6865b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\49CD8B97D6479B71DF86AB5A0AA3F702F3D6A300
Filesize
145KB

MD5
102f64935554b7bfd3a87d4e41acbdd2

SHA1
6eb082b4957d5f9271e8a90aefea691d020a5de0

SHA256
1cae1a0e96491e62875ef00c31b9ea294dd02c1b61ce3681f80d7b47ad8e079c

SHA512
6663bcb44ba40a162e0f86d7103bdd07673a557cd02c5e9ebd22f4156c985d0db704b2b1befd5efc1832ff783255d079f21489239233176265075b9dd0904ea8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\5932A00535DD4D44EFE39BFA0DFA865E5D718649
Filesize
60KB

MD5
aacf35da18ce56cf955d7c0a19d0598a

SHA1
d5dffddbaf04dafebcdda59c5e434814f5aa80b7

SHA256
0b9fc15b4b43a06907d74ba845f5cc121b6ff81d496d452c618a3895a4959b28

SHA512
5eae7d4469d147b32ad28c341eebb258c94d2764470c4f9c6b8798c9ffb3ecd32b23b589e61966818634eb819c5c2c1091f6313709c98ebdf400e7e7a0e5ed8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
Filesize
32KB

MD5
dc19604806169986f75a77c23d25a761

SHA1
1f47bedde12ab2fa0d88bb1ec001f92c9d1778b5

SHA256
a37ac76bc472a6cc02ba92fdbfe1ad3e896c138811f4dc9bf4c757403a1528bc

SHA512
8ed56a69d7180be6f6e6cfa6b78e3594c47893b4030e36361a60d5d71c8584f167c0015be85ed3bf19e2301c6bebb527b1508d9ef1d4e91cbab7f2f5c8a08bb9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
c6aff70c8c3a6da3613c00586d7264ba

SHA1
dc153148c758a8f256cb3936a1c29b5111e6809f

SHA256
760e6e19f898883b322416da5f0b1f9dad5d554365641bc8fd4f9fc886294323

SHA512
3d5e0fc842ec3c38377d1ceaf9dbc118927e9f4a8548979888cc4f43317677c0aebe4c50728b14b39f96aa93fd6421e7a574764e25645c8a207e486cc6563c4b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\98548360A42A21A9012B7B8CEF232AD237A057C4
Filesize
968KB

MD5
4e48c14470f9b17344d55d8c8ecf00fb

SHA1
15d3445d1cfd95b72b8a5695b1f2a6926f9bbdb7

SHA256
848736a3cd13fa0f0c8bd4d8524100b0bb7169cb2f2ac5b6f020c7317f8ed4a0

SHA512
f998079659f2e86144f48a9d2360e92d782b11d054fc18b22941758bd15edeb17b07c02dffaac1b037e43f051d20b987b24d2cb371c19702a00ea6009db977d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\B50C6786C2871A731E69395BA84B76CD740F4C24
Filesize
55KB

MD5
0f84e0e09b53a7b84cf47a2bfcda545c

SHA1
53342104d0ea337e4d28aba8572288363b3c6398

SHA256
83527c8bea985ca81252367cfc6a673932fce72cafd435291fed1481899c6a66

SHA512
1a405938c79a420e038552709982832e9305b7a2cfbab960a505f2da937fe690b4f4ced946069e3b2d8d362aaf2750c7712bf5194966840f131c8a3acf6f6ca1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\CB3A452331DE6BA2FF117D15E6D36BEE60C487AA
Filesize
368KB

MD5
447e94a6f9556dc15db58295dd3a5525

SHA1
429cc8eb6ee2b681cf7804562ea308f391e56aa9

SHA256
5ebb272263d2eb90a5f2cc8ad934d1bad718ff11a0957322c1f082db0cbf8e29

SHA512
9f6d690fa1c2ee06afac7daa1ecf71101c06ab95ae948af1d1bbeca154238839b9ab0b5fb65a7529afb860589fde2ed0527aef139ab1b184d5f07f4e561021ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\jumpListCache\U5+sSqAhSXJXKVxZylIwGQ==.ico
Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
Filesize
1KB

MD5
c96d3a70834f266c51597aedfeb73cde

SHA1
ed4a5832e8c2af4de6cd39bd3c4d4c99a68f0880

SHA256
0411a24b7f2b9d4b89bacd83c983343bfacc3fc60687b01fd8684b52d86d6e8d

SHA512
3dae874cb92c818e4117f1425091b81d888f516900b5f7aea390bc1e5a4b8f1a6a2129a238982993bf8dbc02088d078aa6e6b9b9c77b3e5ff408e9cd45374473

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
14KB

MD5
1cfcf13921d9713602d3367abfe484ec

SHA1
b78b6b4f20ace35baebe60be015ac393d6a6b16e

SHA256
c8f87a057712082738f90056bea3d7f94831c2dbaef4c11a532168b0575299f1

SHA512
4099deb3505f10e052e25c301f465cae3f9d85e79629fb9388d560820b527a41cbbea1407a3c354d639b32e72fb0585b42ad1bb9651718a91cb0ada9ae8fceb4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
23KB

MD5
5e351df3e009856cb667403449db518d

SHA1
4d0fb437bf097353e44d6a55c53cac83e56d7b29

SHA256
e90f0af7ccdef3a6dfc3dc0c45ad511bf9301a92148f0b79a93b409087089b1d

SHA512
e267c630cfa9247af3aa42a84fe95c2e7a52e6d55e4c3af2cc3b565a1b5fcbef57f859d0b4868571146ab2baf8c5de7192a765e845d0f0f3ed54efa268cb1374

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs-1.js
Filesize
10KB

MD5
7039e390c41fce83738ab0ffcbe72a63

SHA1
fa948c1a93b6cd378707ace60d1640ab46a70359

SHA256
98db2a7404da6b043a69d793d5fd8ce363988442f9be57f67fe31d9c7941e4b6

SHA512
450b9bee40ef846e450354cd04cf7d12713e6cc530cbf59e1ce953725a55e848e4be85ba08288422544943811081c3360144243e0c503257dd195f0d66062ec8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs-1.js
Filesize
7KB

MD5
2dcec098894735d70ce78c95ff3ba002

SHA1
453d163e94c022ca72d1e2709501a182a51c7ec5

SHA256
06f451af91d5c0cf83581f76d8ea37c3eb1bd636b5a9a81239a14f99a29fa530

SHA512
a6c73ab832f02df81d4fb2fc49a7dfad9ebc4af589d2237152125c7c3a33faa7b63916ce5e6b8f5ba994cadcc32cb033ddb2ae323e8ed025751814a89f74ddff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs-1.js
Filesize
10KB

MD5
5b481f0bbdf44e784443731108dd4496

SHA1
1156f7ed2476fa467aaa155c9d16475cd4462cdc

SHA256
e803493d59c159ba55d638627a32d6d0212d73eacdb7e1f225008752263aff33

SHA512
5cbed4fbdaf4d5fcd837853bf7c6f7ec7be250cedf0d679eb77b976148bc80494652259c1722a4701bc6bf040d6a2e6fe0d38a62eb0f2f5bc16b6c2d0ade661d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs-1.js
Filesize
8KB

MD5
1c50d9b23c2d26dff574ce2245a6faaf

SHA1
f9fc02eadf549def7e597fdcb7f087e2cf78d5ea

SHA256
4e07c0ad376fc529a34b94238e535973db7355db23ec4f883ee034ba8b94cc7e

SHA512
5aa6c6a9e3f63bacc9e8663edb7df15c8ae18d3267063ea0922d4d774fa5a333aa04187fe603bde940d4a447bc15edb903eb00e92b11c5d9989103eeb5d27b78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
Filesize
6KB

MD5
9b3282b2313ba4447c37932bfb4840bc

SHA1
cbceede3fe407d581f02b9a7fd2f7405f4d2202b

SHA256
85252de0541a46f0ab0aa13e568fe3002e9f8e0bd11c220f3c5191329e063b5f

SHA512
da8fdfcfd81a02e2759c4a74fad3e3a73fb53eb5d90e2a819ead4a1ce5f215f08c4e436d32c1831eb4792413c03c5d49a9d61b1bfc1f0a221af7dd0e2518cf51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
Filesize
7KB

MD5
4c97919cd1b6d750bdea50464ae7aa51

SHA1
935d146150b1d1fc7dae3fb86697ac0b68377653

SHA256
d29a1bbaad6dce92e7e4c95f4b7a33ec52616a30e370e1025a34f14238ab1878

SHA512
d6ecd249f1020bc3c03ee2575d22e4bca44cfc2f21d4f652be5f0794519f38de6a781219bcd43d6f405d2448649b2757d4ea0569e009f610e7fd0f2ec6989ef1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
Filesize
10KB

MD5
47ef415bbefb996bd194b4a3d0b74794

SHA1
c5e99096d761fedec73a01a895ba2631078bdea0

SHA256
3fe193beee2a60dc9d1a24508721d8bac70bdfbbb717ce37576dea7bf6e8f497

SHA512
acd0aee8a8e1444cce86b1798e6f227814d375b4e9ae657e3d3d1245a956e7f5b0161320a9e453f7250649b8bb4a751d8522789125d9891785344fb1088746de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
76df2039653a4d4b942e1c8950d63d83

SHA1
dffbe118f5466d61b31cdfcb5c1e619a245c2a60

SHA256
8978368b9a3954010dd06be17ca62cbcadf4b0631a2ae980d3eb3a01d4d1f80f

SHA512
3fab341f535fdd08ff90af0b02b9a4b811eb63507a80e6e48bb3eb98e3a9da4a98845311b9c4499b45da993422173d628b86f1c3901b30c652aef7af95bf1454

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
b6bbd193b8ac459362c9879dbf075682

SHA1
04ee58c2b0f68a93aefa6c2f3c89af64ea4f6778

SHA256
c60ea1a29dc963300b29b5c10f5efe756416fb7ed830d1e02640ff09e5d35149

SHA512
c15a1534be31d883b92ea2d55a51dc77fb04c3b2e39b54d10f094afe71985444f1bed1995253d9241c13e3944ce657003518a77c31e577d64bc0479732b7ce9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
54527025022ac1120b776980130fe3cd

SHA1
7075ada74f46c9edf5250dab59545ac490f91286

SHA256
6dccec582bf6f6a18415e1299e09c8241a42ecb96469f2d95ecd1145da115b98

SHA512
c7ccc9cf6d6d07496dbf695ce2b0554ad441ce54c1c928c4e691ee5cbe0cba0de23855f7ed0c645e1821c4dec4208f38e2a2bb21f66918747f89cdd687c456a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
00d5a1ecb09bfe0c01a725b6794fce02

SHA1
0411303c00b335cf9402b4ea71c5bf3ccd999b2c

SHA256
14bb37141d1a86e63f7b5c0c68d65efa0a7f43407b1360808cf371f700624065

SHA512
eeea63a278743dd96c3d858db7c817d9ee3354502481d5120558897c6e0cd3a95cd25d493474c1eef95fd6d69df5a672798398bf6eb1520f2b6cd3b7f98a5afa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
12KB

MD5
f67a452c3fc3d69c2f384f281c9c0afe

SHA1
c1f8ed4bf06ef99ea4d354fc4a43686800059284

SHA256
176a560a2d387c4b4e9775a250b451eb2c2022a9df9102f1aef6d473b8165599

SHA512
aef9ebacf383032af2eed2fc722ad0cd8fa40d00698765368cf5d7d03e6dd9b06fac11fc4bb5db8bfaaa6f24c2f7fe9e5863a8757c81cc1f120f46a345119494

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
8211beb4e5063d83c37f3dcb787e51e7

SHA1
b9db9adccda858028e80a586c1b889f7d41aaf1a

SHA256
cb4734bdb7d5a5abbceee486d3d08787ff765e2fb12c9380e7b7564fdc9d3155

SHA512
baba7b66d063813fa77efda038ea07bcdb3cfb1650a7f83dfb0e17783c621eaacc62104cf73582c883321a668bcf34a1cdea1a420aebf5cad4b15d684662fcc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
13KB

MD5
82d8651e879ffe92863af9f527b510b5

SHA1
bb2920c94bbe76455325aa34a8af8b2e881ca3e5

SHA256
c04fbb5830e8c07dcb2477aa9d9278f2a3e44e3869343059638eb386d5d2b1a0

SHA512
e29015c683a6b45cde0b8ad9132307ed9f1694228e482a695f09f1de864c96a3bc779ed325f788d039b1c5f60ea6bd86b833eb904e9999fe0a72916ec66c607b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
12KB

MD5
1df104066da55b4cb0152ffa4f3c0253

SHA1
dea4b20c3d1b959dd68723e5e23e1ce3630f4436

SHA256
77bbb8e8b3a6dbe6b3d670f36a006670d980cbcab08b3bba7520e433a96a25e4

SHA512
99f3e41712b81152bea84fffb53024460a5980ecc21f84ae5a5733b9c015d43311a03af7bcc3a64100f21c9206c171e796d6ad8c343d4e2f1222710072e5dae1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
18KB

MD5
1ba5a55bb8479ae893fbdb20b88cf2dd

SHA1
da7c20bc90ae3eb51281bc7bb053a7fd22237b7a

SHA256
9399bd3f80d578bb67b5b6f9a8c941166cf436a47c40d5ea760d52684263641d

SHA512
2510ebe05f6c20a63fa38959c569f8542077cd4d5f4e9edce3c6b5c7046978dffe467b1ce8b2bf6fa0ece4bd8f5a4725c3b99d65bc879aae62e4787678794540

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
12KB

MD5
0174cf4edfbdf0877629fc330d266a84

SHA1
0768b4d44186382132effe806a6f42a5985d0033

SHA256
6ec546d84aba1d44ed0391f882f681002c9269ec8689a4c0da094d9d0c9efa0e

SHA512
927c669ce700abaee60ab0dc35e06729441462fd56b4d007e773e0d08dde27a337760748ec2e2f1efb51112700f90b6ad5a13fa6b6d1eceb6b034e12f5586fed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
16KB

MD5
6097cc5d18f5477af951d6e7ff7fccfa

SHA1
d125588cd0bbe00d784cc8586fb5021762787d88

SHA256
942afe03c2abe8c42f338a4beca10c7c64c9c394e991432b19eca5b4c01ca28c

SHA512
173b35c9faf14bb7f25b4e47c068e86b577eded0035b2ba983c7454ac42b95b61ab21ffe590621d8b655d011a58d87bf0229d21b78a577f6e66441323d988025

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\storage\default\https+++community.spiceworks.com\cache\morgue\96\{b5e84acf-5f4d-4d18-8622-216f1395e660}.final
Filesize
1KB

MD5
f96a54ff7795f89040c5a04cacdbb15f

SHA1
d51d46a913a308f73b4471dda2b95732235454f2

SHA256
574318a27f812b65da1b014e0cc3abf5836d1d781c056df175a283a74856e179

SHA512
28c973416409a3292884ef1d3ca16be617bcbc4b9784773ac8944a8ee08af8ac4f21effb282891231a8f82cc7e5fdf40a198993106a447828e57c4aee803d3cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\storage\default\https+++community.spiceworks.com\ls\usage
Filesize
12B

MD5
f751c6a4e244081c5e433232ce6cdd33

SHA1
5110b80300ff714a9c7e02cc7206c11033ff8beb

SHA256
2cd0e59331e63951d4c6003000f3117678f55659fefe0721e267f72d706477df

SHA512
ecaebe57a0a4b2fedb10d519b18fee12aff8b5a1354faa1101350bdea58d71a91a92b1e068f2a1ee6a08b7c6bcd6695f80ba494447b4a0feebaa9eecc5cef3f6

Download Submit
C:\Users\Admin\Downloads\Qqv3fODB.zip.part
Filesize
8KB

MD5
a043dc5c624d091f7c2600dd18b300b7

SHA1
4682f79dabfc6da05441e2b6d820382ff02b4c58

SHA256
0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a

SHA512
ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_5892_ARIFIPOINIYLNUTP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4012-49-0x00000000039E0000-0x00000000039F0000-memory.dmp

Filesize
64KB

Download
memory/4012-42-0x00000000039E0000-0x00000000039F0000-memory.dmp

Filesize
64KB

Download
memory/4012-46-0x00000000039E0000-0x00000000039F0000-memory.dmp

Filesize
64KB

Download
memory/4012-45-0x00000000039E0000-0x00000000039F0000-memory.dmp

Filesize
64KB

Download
memory/4012-41-0x00000000039E0000-0x00000000039F0000-memory.dmp

Filesize
64KB

Download
memory/4012-44-0x00000000039E0000-0x00000000039F0000-memory.dmp

Filesize
64KB

Download
memory/4012-43-0x00000000039E0000-0x00000000039F0000-memory.dmp

Filesize
64KB

Download
memory/5708-3139-0x00000228BDDB0000-0x00000228BDDB1000-memory.dmp

Filesize
4KB

Download
memory/5708-3131-0x00000228BDDB0000-0x00000228BDDB1000-memory.dmp

Filesize
4KB

Download
memory/5708-3130-0x00000228BDDB0000-0x00000228BDDB1000-memory.dmp

Filesize
4KB

Download
memory/5708-3132-0x00000228BDDB0000-0x00000228BDDB1000-memory.dmp

Filesize
4KB

Download
memory/5708-3142-0x00000228BDDB0000-0x00000228BDDB1000-memory.dmp

Filesize
4KB

Download
memory/5708-3141-0x00000228BDDB0000-0x00000228BDDB1000-memory.dmp

Filesize
4KB

Download
memory/5708-3140-0x00000228BDDB0000-0x00000228BDDB1000-memory.dmp

Filesize
4KB

Download
memory/5708-3138-0x00000228BDDB0000-0x00000228BDDB1000-memory.dmp

Filesize
4KB

Download
memory/5708-3137-0x00000228BDDB0000-0x00000228BDDB1000-memory.dmp

Filesize
4KB

Download
memory/5708-3136-0x00000228BDDB0000-0x00000228BDDB1000-memory.dmp

Filesize
4KB

Download