9cf8aa32ba85ad5f7efd72d512dd06e39efd60be82e75c611a99a5bd9fc057c0

Analysis

max time kernel
243s
max time network
250s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2023 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ziprar.7z
Size

3.9MB
MD5

ada85b435f9dcedf0b61baae04c02b1e
SHA1

a93f773bcdb051bd13102bb729e9301bd18ab565
SHA256

9cf8aa32ba85ad5f7efd72d512dd06e39efd60be82e75c611a99a5bd9fc057c0
SHA512

4e0e5361185977e38cfb4c24b7f96a1310113cadcdbdfbc07bc210d7dc0a4477bf5f7f51f926110fc03bb6b2991e45507d19b644067413b1091cc711a53195ba
SSDEEP

98304:4ilYM0FdtH44/peCy88vfqGKISARU9WwFud9zNcx+7t:4zFdtH4DvT4QkulaUt

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

ziprar.exe

pid process

3196 ziprar.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

ziprar.exe

description ioc process

File opened for modification \??\PhysicalDrive0 ziprar.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	ziprar.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\047e47df-c0f4-4bd1-b942-a226b0a3fd8a.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230329105831.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

Processes:

OpenWith.exe7zFM.exemsedge.execmd.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Applications\7zFM.exe\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Applications\7zFM.exe\shell\open	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zFM.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c0031000000000054566fa9110050524f4752417e310000740009000400efbe874fdb4954566fa92e0000003f0000000000010000000000000000004a0000000000fe36ce00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zFM.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Applications\7zFM.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\""	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Applications	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000005456afa31000372d5a6970003c0009000400efbe5456aea35456afa32e000000142702000000080000000000000000000000000000008c1e220137002d005a0069007000000014000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Applications\7zFM.exe\shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "2"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Applications\7zFM.exe	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 31 IoCs

Processes:

ziprar.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3196	ziprar.exe
2532	msedge.exe
2532	msedge.exe
3196	ziprar.exe
1756	msedge.exe
1756	msedge.exe
1080	identity_helper.exe
1080	identity_helper.exe
3196	ziprar.exe
3196	ziprar.exe
4572	msedge.exe
4572	msedge.exe
780	msedge.exe
780	msedge.exe
3764	identity_helper.exe
3764	identity_helper.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
4168	msedge.exe
4168	msedge.exe
1336	msedge.exe
1336	msedge.exe
5008	identity_helper.exe
5008	identity_helper.exe
536	msedge.exe
536	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

OpenWith.exe7zFM.exe

pid process

1404 OpenWith.exe
1892 7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7zFM.exeziprar.exe

description	pid	process
Token: SeRestorePrivilege	1892	7zFM.exe
Token: 35	1892	7zFM.exe
Token: SeSecurityPrivilege	1892	7zFM.exe
Token: SeDebugPrivilege	3196	ziprar.exe

Suspicious use of FindShellTrayWindow 59 IoCs

Processes:

7zFM.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1892	7zFM.exe
1892	7zFM.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
4572	msedge.exe
4572	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of SetWindowsHookEx 55 IoCs

Processes:

OpenWith.exeziprar.exe

pid	process
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe
3196	ziprar.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exeziprar.exemsedge.exe

description	pid	process	target process
PID 1404 wrote to memory of 1892	1404	OpenWith.exe	7zFM.exe
PID 1404 wrote to memory of 1892	1404	OpenWith.exe	7zFM.exe
PID 3196 wrote to memory of 1756	3196	ziprar.exe	msedge.exe
PID 3196 wrote to memory of 1756	3196	ziprar.exe	msedge.exe
PID 1756 wrote to memory of 2372	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2372	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 3292	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2532	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2532	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe
PID 1756 wrote to memory of 2164	1756	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ziprar.7z
1⤵
- Modifies registry class
PID:5060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1404

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\ziprar.7z"
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1892

C:\Users\Admin\Desktop\ziprar.exe
"C:\Users\Admin\Desktop\ziprar.exe"
1⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc201b46f8,0x7ffc201b4708,0x7ffc201b4718
3⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
3⤵
PID:3292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
3⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
3⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
3⤵
PID:844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
3⤵
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
3⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
3⤵
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
3⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7c7355460,0x7ff7c7355470,0x7ff7c7355480
4⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
3⤵
PID:732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
3⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
3⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
3⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
3⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
3⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
3⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
3⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
3⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
3⤵
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
3⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4540118810931924007,1598932797946727659,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
3⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:http://dsc.searcharchiver.com?9f8fc642b1386317b8a623c979499c3d=H1xAXFNHX11ZWFQNEQQwBw9cQ1pQRldZU1ZDXFlCW1peUVQJDB0LU1pWSi4nNikoW1FCX1FCK1w6LEJcUUVcWi5YRF9WQllcWFYzSgIcDgAFBB4zCBBSXg%253D%253D
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc201b46f8,0x7ffc201b4708,0x7ffc201b4718
3⤵
PID:264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
3⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
3⤵
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
3⤵
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
3⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4144 /prefetch:8
3⤵
PID:2200

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
3⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
3⤵
PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
3⤵
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
3⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
3⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
3⤵
PID:180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
3⤵
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
3⤵
PID:2200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
3⤵
PID:2328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
3⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
3⤵
PID:2108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6510864210220621696,9821359373919150312,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
3⤵
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://ziprararchiver.com/thankyou?tyid=178BFBFF000306D2QM000134E963766237A
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc363146f8,0x7ffc36314708,0x7ffc36314718
3⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
3⤵
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
3⤵
PID:688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
3⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
3⤵
PID:344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
3⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
3⤵
PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
3⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
3⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
3⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
3⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
3⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
3⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
3⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
3⤵
PID:1760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,17623081338909799825,13413345560419362171,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
3⤵
PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.ziprararchiver.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xbc,0x128,0x7ffc363146f8,0x7ffc36314708,0x7ffc36314718
2⤵
PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3934982261364815549,14053999422426783230,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3934982261364815549,14053999422426783230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3934982261364815549,14053999422426783230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
2⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3934982261364815549,14053999422426783230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3934982261364815549,14053999422426783230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3934982261364815549,14053999422426783230,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3934982261364815549,14053999422426783230,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3934982261364815549,14053999422426783230,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
2⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3934982261364815549,14053999422426783230,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
2⤵
PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f5375d76176573c2cc0ecdfea81c4ccd

SHA1
a61fea9a4d1fc5d3fe4f06a103827edd9c914f80

SHA256
53797b963da779dd2441d4be5dc39dc09be5881c6ef4d8e5b3c525f12c026574

SHA512
75d3e9189ddfc38a5bc8b437e516fd7f3029f6c346fb964e8f954c3511a0a7f6c1687a960cf2a39cd54e59d17379e10a2b23fbc1eb3b13476fc7de0155759866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
014c9ce3e520f19a8bba679c7296f8c0

SHA1
dea10f30a0c313c5c9e23e45b21ed5c5e02624b9

SHA256
8d37ac330684d1c59dfd971e5e5b8b1923e4d127262a8ed5159896358c52a295

SHA512
d473297d1104abedeb488e33d49b6d563d0c8e002dad29abdcd7b7735e14d1b32c36bd057421a52befdbbbce06260c58530ffd38aad4878af74a722e664f050f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
014c9ce3e520f19a8bba679c7296f8c0

SHA1
dea10f30a0c313c5c9e23e45b21ed5c5e02624b9

SHA256
8d37ac330684d1c59dfd971e5e5b8b1923e4d127262a8ed5159896358c52a295

SHA512
d473297d1104abedeb488e33d49b6d563d0c8e002dad29abdcd7b7735e14d1b32c36bd057421a52befdbbbce06260c58530ffd38aad4878af74a722e664f050f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9771fe7236c2247aeb9281b057178c38

SHA1
72ce62c0495aa96c25164af25a0ebb9f681e6cba

SHA256
7a4469459151416ca603e0aace83db39c4a1ebcb922d03c565a457a53942b331

SHA512
b01d8b0c17221d03ea867b77ff26d383150510b3a7e14fa0294def648d7c8d59e84cae595cb93313eb321f789c706aa82046629f0ca6ea179083464925a081a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3f0c20f8477a4fe56a79f9b7569b534b

SHA1
8007a61215d154b0955f512ba2e243714ce29c0f

SHA256
eff849f905886898603db6001ce6285841cbe187f78f3f54f87884564939a255

SHA512
28a6b0e20b74fd836a85fb6f22d5700dc79a53ca7cdbcb050463a3b698265b9a8d28f131aba8f0428b78452132a53e5d1fe4e2aa0c114ccc9aa77b0529db41e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5f4c5b78b54b340b50229009358208e2

SHA1
295c71603fb62673b30d021c5fc38a0dd91ff52a

SHA256
cb4f4ced8a4ca30038c630be972031dc30d94eff424ff8c814c7c7d60442a22e

SHA512
5a89902e10c3443fa3dcbcc16fc784d66e41e8d8f8c38829fbdc7a4d884dad31d4c29eb1fe1e70a25f6547077dca9a3b269a2bc63b6ca40b38779cf0a547d7ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1fa76e08-4119-41d3-b06c-8767f2fcadd6.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
506293ef28a87cb3d8d546cfa888c327

SHA1
ded7a7c48fb26847070eb8317fd24b35793d5abf

SHA256
ce355eb095c0fe2d36b1cb390395870326eb934e3863504cd950fc0af20429fe

SHA512
2af6cada7280077c17090b4c52b6368036fae9d3e3eab08f13ad23b6a336be7722181070cf16c1925a58bcc8cd0923178247c5d589126d45a38c6aab89f4884d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
c0e0b8896fdd4960367c9d2b80accb52

SHA1
e2f7da9eba511b041e1ab8ef75771a087c1e5963

SHA256
b8994b824c4a2821b064dbfe564a11c0a6918e16c6938fa6f640cbf72aafb9c5

SHA512
62bcea5250fa110f49894033ad427bb9b0bd9ddbbc1fe6603de4b7e5758d9ada8bae67c62603034d3dad36ad5447665ee373a484a801a614e32da600e1a73bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
48KB

MD5
29bc3f794701be3e95087066dee8c28a

SHA1
77462dab73d477a2270b417e9b80bf3d2d3683de

SHA256
c6011c49e51450d9ef7959c041b0929d6f15aa0cf83ad8beee35f02482e4e205

SHA512
78d722c07f9f65013bf109e52cc08306f2ab02051425fb71484390181ffebc0cef5577436378527dcee526611b829a2f74b91e2558ba715b41f2d1e9c9224ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
Filesize
400KB

MD5
c979b1455db21f8886dab3d3892cb64b

SHA1
d00720b6391dac9f7231d75ab51a5a11e85353c8

SHA256
ec3ffc8a5c733dfed8078e22d4ba7a8c4e41583d139c9f936172ad2e4714957a

SHA512
1fcf586b4b55d9f5298037fdf23d3dc4e69f1c931caffc3e712c92f68d68111a9badd9de06ef7c9bef00e04dce5118648df28285a891b433f0ed4b9fe2902d49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index
Filesize
256KB

MD5
1994109a586457a3665478b98c161b86

SHA1
8ec9aca3925e3c0862cf20b1bc28de17d3db08a5

SHA256
dd169ac836658e0cacbed645c40e39f27e2cf14f0c38e37f980c489a285261db

SHA512
ff196f7e38331d1d414e9e6d3e741657a0effee3e854359244ce36cb1380ed151b0f8a904e7212a25055e03536006779d9e7f74102fe2c605c3a72db3d7a3389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
9a4913c5b7510cfe763e7b1f795066d2

SHA1
827a430fcd045626ee7ffd8ae36c41ae67fc06f1

SHA256
785f90c7733bc19aad18ba6755245d9fd6763e47b9e468de1edfbdd216c17131

SHA512
03fed78b1bac9152d8c50d8b182f2c7c2240017f8b317c93d4172bd5d502ad6cc4a2b8d3eff66314a172535e85ffd73b109ba44fab1d39eac67e6f3a16c1df43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
8be3c273544ef0959f1b587780a81064

SHA1
f8cf115c88daea36a352d167105529f78a35ec02

SHA256
e4d7e777cc3984e383e6d9a2f45f2fa7b1e90bb2e2d7c018beff812de3758b5c

SHA512
91520c042afc5b74903c9a6a07af9bbfa87251d159a4ec2ec624a6e7e3d013d323d1e0b18fa570328103836d215f36906daa3353c7fda6c163bd4638695b6854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
a4e2a516b22d0aab9c2a327f6b7c332f

SHA1
d65e7db5243e96d6b046b0178545078e05cb7c70

SHA256
b06eb7bc01760055660b886678d7699e26a5c0001f4613611800f5cb1656b06b

SHA512
91575b764614d62f80f5cc8396835c7e0f9924f22cc0bfbd6be77b6138da9db8a476432db0c23738a83c1e77f643fefab2e8ef71602704bb0eaf8f2bbbace58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
dca8665dcdc2ccd7dd7c9141f6639393

SHA1
ef089509bdb0a37acf4f81c4d9b22c0746a59ae1

SHA256
5c84cdc780f629971730d6569a9a27084ffb5d96a257a573dae3274499a5ed12

SHA512
89b512f6072ebeb73fa8b7a64b31b8c8a487ed93737aefdbab37853c5d606fc658b5308ac5f152b9e4bdbda97e4e0a058eb7e3e06c3ee6bc2cb2acdec12581db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
c83b4bae445b3051e9b6b804eec6b145

SHA1
da57a4ab4096775d04336a4a1ac8d0f3f83b5468

SHA256
e119005d90c3a402197a0bfe78c879baa2388802cf6d65d1a9b47f08929b1fe2

SHA512
1166d7366a5fc644f105c6ce70b5d55b7064036d91012be7852596259fcbd3e9c729c35768459a04c4228df745e3578218867cda55f273f7c398152cddda6b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
281B

MD5
f883e1a63aef594ce1348ed7a8feb2d0

SHA1
180cfeddea5acc9217bf394c2d2ac3e9fa6951a2

SHA256
6d80e666b1e04e83d13486f7c2a6fea5598e25eb3a1173f2b49fbd748a280eb3

SHA512
61b814a1fb4b04bd26998738c710e6d2dc78f33ceb0fe20c21a902988575d949e4f601f38b3a5f09731c8da9fae7d2f4e798de843e441c68d20429a74639f48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
4c7c70815b262477f76efe9803570b51

SHA1
0f11d36f4dce91c25b527f2b3a38e30f4d102b66

SHA256
89084cc4e9679c22424390dd7561d7f370650170850353d899c3f05137a43e2c

SHA512
c4b9bc9bf462a0c568ca5906cd7da1464810b0e805c3c6da6f9d9ae2794f0ec259ca5cca3fe885c94fefab9f7cc7fceef99be2414d23faaa3c1f08571b2b1213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
ccde38f97543121b07afd3941a8120e9

SHA1
4f5148c37be1866a755669257c73aaa49e6945dd

SHA256
dd851209c01ed7975d7530b888d41bcef414c98b0b931039f8cc2323c8ab184c

SHA512
6c3ccd6db792ba64d0d9c4d1d1c31a035b214508049f6f3ec96ae2528515668150be914527c88b0d9ad8b1fa857efecd9b9fda6b1611a14f0a5c25d4f1f403c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
c5bcdb417518b07829fb8618e926e082

SHA1
177c828801b5fe89fe6295e773c67e5e6610cb5a

SHA256
15c3e5dde598cc38468d9ebe44fe5e9f503cbcea822048fe3525f43312f09f4c

SHA512
c98ce181be8d4c0be2b3ddabd6209242d9144ec14d4b48bdf691425b50a335aba940a91087205d92766fd76cd4b0cbb2a4435f0d6407060b841111ee3275ef65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
1e2dbad4aa03868c4ff2fc1a48e8ea70

SHA1
a8ac43317f445c7343735ef33fcf5ea71376c1ec

SHA256
05554e15bb8f4efd81403daa6947fbb2a921d26962a6c618aed3450b86f04bfd

SHA512
32979be675c5a5e7f39f93a4b5010a5b3ceea893e418eafbb60c2ba46a9356ad2012c480dc4045238da6ee00ef23bab8be1ab72876f9dfeb4f1104bce363466a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
693B

MD5
1040c91a0412c2f38322e05c3cb34468

SHA1
79bfcb8ee24a23bf86ae30903198b732cd4381ac

SHA256
b26b0a9a15c401cf45b918fa783cd1efdffce662d0bf50f552ed342a5e4d005e

SHA512
8ea53c489e398179dac610c865999099d93d3cfb9bfcf70ea14eba389b3b1b28438678fceea5a0af0bd16b61312123b81cd7251f49393a9cbf98594f3d88f735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
9719af4a5e784bde516cec6b68aaf43e

SHA1
824e79fc18f58624e9a905658822874f75151439

SHA256
6ac9a70d6458930eac61b57e14ad83ec943dac46313056481b9002dfb9eac9c7

SHA512
67a869e055b7adaee6c5e54c6cb78d79e9ab5ec655258b44859acc52bd91a880a0d570a5246e3cea8fa77903ab3df19f5d97c5a49557ca88c8bca2d04bf7675e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
78e56bb5476429f1ef8aa4f889b5cdf6

SHA1
cfb4f65cc475c7d81885ffdbaaac50358d58a086

SHA256
579520c91e3eba86fcbb6868aed7606f19eddc00f7cf243625cd3e451aea3a58

SHA512
9f02bc31ea8d8ee0c8a90dd332d917d17c5db66974b647b23cd1e167d5f731ca7ddf29bc4ceb986759f7bdadce6259f7cb15d4240b10916dd9d871f073060586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d00045dd32fc7ffd3ccc2f8077b06bea

SHA1
b9ebdd8e420c56f054679970f851f32fed8a7897

SHA256
8f1f177bab7bec47c15cfb9fccb9295fe9754984d8160834a3c5b9a587cbcb66

SHA512
96771ad307d35f22aa18cc85af0d889f4936a0b603a526e406417e8196f1f1672987bc0e2dbb2fd67bf0f958222275321fc28c4f2ebe2e17f22d94c4a804c7eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
cf0f0a8f7a9ca08abdc4b290ff7051ec

SHA1
8c23cb61790bc5123519af23fd569164e2052bed

SHA256
a30848a57da16ff3da31828cfc9f608d4e8d73ca62e092a71ef9a80cbbb46344

SHA512
0e0c6fbe53130432e62c8faf7c42ee5e830a9a5b78e5157e92930c2c7284066a53c75431582fc7fb83595b16e60c0d06614dfb9f22d3aa382a2b4abfca8a2fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
358f334abf1e82f9a2e3465b9d3a9cab

SHA1
c5371258dff249d8670b61167c61ffecf442024d

SHA256
2cb9300c57f87aead7011423db14ddd8df96f594b47f2b9fd41e7d1b69236567

SHA512
6bd1e1022bf012e191bcace855c186e312a3117d56874159d9c2483efccf5a73ced2819ee8aa3127de37bc3c7dd3cb1df1513f6ca7017268345e25bcec4a7b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
0fc034146acd0889224a9ba2561b7b7b

SHA1
8effe7ea43f6bd84d680000deaae917bc125dd99

SHA256
68e1167f9add0868bce2e0e75783a633ec5420ef327f482ff4c4bd3acee159b1

SHA512
7e0a7472a034b7e2ec27e3c3ebc49f3ab36111ca4d4a09c6327170b96698e401d965a80c77db66e760fa798b7f6421985fec99361363864ecf31a5dd5b00104a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
d0b28ed0049207cfed48b9536249b638

SHA1
08e0ac883acff33bcc35bced4efcf238d5a4e714

SHA256
a2f1c905ab18bd6f2ecdf20308274aa42abad4b1c08ad46b424edae0988cbdcf

SHA512
f6eb5fedf520653528c42589887f471f8282076eb92a26e6e5ddc4e0acbe96dd7622650d03bdf0e6dc69cdf03a837254c11755c1168847699460625646c35c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
98849c7de7656241baa02546d7a9d2e6

SHA1
82ad9d6c921752ee1a36a70af79763c00df55101

SHA256
ba3b38d01e980ba5780ecb28177f612419ed8dbc566bfdd80489e88cf2d70cf8

SHA512
a07fe3fbd111ecf67f8a04eb8acd34a2abd345e38ccf6e484b353728bd06f7559a1ae494fc03829c78870911948554f3d505fd3442c31a550f6d01a4e041ad4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
418997f55ec5422ef8af5f1db04935aa

SHA1
a685b1f354043da76407bd5f124c5a2d5b02a57a

SHA256
0153d31b92e2e0a987543d715717003c3425c86f2c5efdbb34a2b340fcea8135

SHA512
274691e6a0e1333cc567b4809afcc5f2fb9384176bca07f210c2bc454a8e058ff0e2c5668b5d6b175ec23d0c1faee32a01a2cc6313e738c5cff0e279307f5081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
418997f55ec5422ef8af5f1db04935aa

SHA1
a685b1f354043da76407bd5f124c5a2d5b02a57a

SHA256
0153d31b92e2e0a987543d715717003c3425c86f2c5efdbb34a2b340fcea8135

SHA512
274691e6a0e1333cc567b4809afcc5f2fb9384176bca07f210c2bc454a8e058ff0e2c5668b5d6b175ec23d0c1faee32a01a2cc6313e738c5cff0e279307f5081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ee709ffa94cf12211c496ccadf78bcf0

SHA1
e07ffb84f81f46778a8d95303dd7062a69f50b5b

SHA256
63983d76e0a5de5daf1ca15bfd86d106cb6d4d85df372c186d58e984d338c2a0

SHA512
7d345aafe4eb257c9925e7f7450d93642f08f48860d9eb0f0252c4306b132dcca59c5cb9c4e67471c465f3c8db547296f1af464c8661c5a3aaad68e9735b19f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
25f93c2f15fb32106ff4b648469e4642

SHA1
8752a5eb7ca43c71d3abcbfbd55132f99a0fe0ec

SHA256
c0a2ea06e4aa09446d1782ff975ddbfcb06107804b4d3866e5dab1a408877ef9

SHA512
17d8ac0a190b398b3c000377b5739690858568131dfd333d9e48dec09031b23272ae298e04cda72c14de0837ac79fbc872a1b39d91534545d03492a94626b37a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
567bc9783601203f8ba45f28383cb4fc

SHA1
2a9e97ae275059d6574fb4f5d9429005d16997d0

SHA256
d93a481806e03508eb82321fa1dfd90c25f0f55859523cf860584f1b78fb3bf1

SHA512
0006218439907c50fa6c697e6b7e312b6913ca39f075dfe354aff2e8d5b97718bfb43d4042015b7d6ac0750e16add72fe07d1cde85b878e421369ca2c57b3289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0bcbee7a8eb054aad04f4dc5b41e4bc8

SHA1
450f57d7f3f653bae467ae4062ad7bf923fea129

SHA256
55e13bd08c78ad55bcd4a36b85399a9f40a0c2ca14f7f4f74793dab8617b25a0

SHA512
fca7ec723f9e1d792920454cbeac9c89e7751fbe6a249ac3c92c5bd597b454ee817210b0f7ddb1bfe7487ac6c8071e504cdc6db5fe0cdfc3cfd4e33b1ee44bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
Filesize
36KB

MD5
0247e46de79b6cd1bf08caf7782f7793

SHA1
b3a63ed5be3d8ec6e3949fc5e2d21d97acc873a6

SHA256
aad0053186875205e014ab98ae8c18a6233cb715dd3af44e7e8eb259aeab5eea

SHA512
148804598d2a9ea182bd2adc71663d481f88683ce3d672ce12a43e53b0d34fd70458be5aaa781b20833e963804e7f4562855f2d18f7731b7c2eaea5d6d52fbb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c325881ebe65f710ffde9291a337fa80

SHA1
1ee282fbda5f7c9b49406abfc182cc83148883e6

SHA256
3b769be053cc0fb275a708dbd5e7cca5af41a5b4994385cbd19266e880da9c0c

SHA512
f28ba69ec56f4d1dd8e241cb47d4514ac7f9d9cb177929f1c48dbb04bcc9adea13d95f415dfb4c660eb3c79ad1211ca15459b3c566179365d026ab3e5b4cad0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
014e1e150ab74fb8fae9d603555c65cc

SHA1
1ebad1fd77f898a5c72546be450638eaa59397cb

SHA256
3d238e51bc94bb52ef8571ce7d4b87000e0fd1bc1fea92cd782ba2d994fe4f70

SHA512
a732bc41b6bad9dbf12283103aa4d17a57b08d2a79c155a2c0f5981adca7fd4ce85d6f2debc6f8db0cc0af67c7edb79fdd4b6493964cc88d797b73153ec0612c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
289B

MD5
541c42f1c98b3e1b011d22eba854e707

SHA1
db30188de1f22e3077e7044be1386a5d0ecaed9d

SHA256
0768e811c51ac61a8e573ac6b53f89dbb1d89eb2fcf62536a9a5f730329c584b

SHA512
47828c1b40deb8d37d6ff4fc8f7673fbb59b40e07f54f0fa4121b91941160134c251e20f7f28f7ee5185f3c8aee2b7e95a1bef573bc64c68912016accbe90604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
279B

MD5
1a9fd49bb7ec8dc6e2cf8ceb15f02568

SHA1
bc69ff52e52cadea0c5f5f02338e4154f8d79a3a

SHA256
60ddd5f3a0faf6e35cb403a93b2f2b8524bf91165897d01753851a0381408166

SHA512
1528200c64f3c439e10372f419076e2281e7f88aebc72d2de0883946fa4ba12bc50e27c7ef2416f5c7ffec869c8bf3162736657322db5326e8d5a665cee543cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324561113353554
Filesize
193B

MD5
32ee551713632694377afaac31f885bf

SHA1
fa1dd4934885032e0dd88eedb67b9a6b8e6b1977

SHA256
5aea5bdca6852a19f5cbf4613555d4cffe115d0e70564c7831d878a5902c5b0f

SHA512
026c6b863b35bccad1a500f68fe86f4ed14f80ae1827cdf575459047021fef1d185c73f58ca080827870f4aa6938a9b447555419ea56bc38fc27c095372b5846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
a8e5fd75da228da815f72305ca39fa7a

SHA1
49ebe62c87faefe3cbe9e15fae1eb80fe27bdce3

SHA256
84d1154ff74c9bf7b681b406b01951d2d795d3fbb64413ab183863215dbb948c

SHA512
fbe20aa961192b750d43ffb7d0df78585a7dd564dfb3f7431f4cd53b732e426fa4269117753b4ed5919c3638372b282ba746c7306a18dc6a0777af135ff73139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
772d0a015ff40311296ad4de6dfb99f1

SHA1
4fb7fe546937b0734b7bb4fc7e2398eff60a1e80

SHA256
4d64097e5766df16aaf69bd8b526459adfa19e87302d7c13972e14020601b3c5

SHA512
e37b862ddf449fddffa78a1fce88cd0de92fb884d12b51a2ab94e1c74de5c202a7961c92e7e4f85c6546575db6e8575ebd89f1cfd2030c0343617512aaab8583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
4539747901e40955f7d9df0c90d07b13

SHA1
93c69a4861410946cfbe743aa68e8245d763704e

SHA256
21ac361a274a53bb61ceb115f4c223dad1985baffc5d76712efd7d58a5dbe2eb

SHA512
7c31c5719a5b3750eca1b7a90a47bf820e17b957da89dad2c6d88b3697b168227abca728777c58346ad7d059030b018b841279baccef5d12d342202ecd0b4017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e6cfc608f80a885c5f8908002a591ba7

SHA1
6e548df48fafc9c20b8f3723988cf1bd11c63cba

SHA256
be6c40edee2d0a9a14ec6a7854649eba2d1d581fdf0b1ff18a21c1c34b10d166

SHA512
113d46ffd57970a94094ca8b4f70a9638eceb894f00e4cb4adac16d07229754fa86ee6857d5454ba81b74d9ff37e1e2fc69fdda541ae96f85bf464adaf067210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
25dee433a81dbdf7b4c4f95b7351fa48

SHA1
9c4ae1ca1e1307da8add8c8f85321aa6475c8e6e

SHA256
4f693b9428a0f33f70553f6794dc0748d3e8a7dc88bcdc67db7622b4d2c51004

SHA512
9c2721bd930a3e9f030a93bf387620895f5bf3fdce664f41ce5fc406a7be4dab1c41740b9ad680ea7b32ca6ac5809705f18d2d3c519dc12f70f9526ecc42259c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
e27c5ce7a2dd046318f2aec1b1ee9b02

SHA1
a2eefe47fe2213707c614b938c62b83a12527693

SHA256
ba651994139eb3f93951133489bcdfa44c7435f689b328cf3dcde67df942f662

SHA512
94b6c3293ae4bcf05c2d43bb6f54e2a78618457aeecd554a15439952223835b289b9418cec835acfb041217886fd974048b8583c151be2bf1b0b82765170e13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c4de52a7-1d83-4e08-bfec-13d7c0410961.tmp
Filesize
6KB

MD5
c41e17a1701eb77c3f22610245e8dbe8

SHA1
7781a34df605049e172ddfe938b1af6c655560f0

SHA256
d8993c948a7a8215d2baefdc5b3f379d2764713a3ba4e3a05bed33f00c8bddfc

SHA512
92c874298f72b9376464b8b685cd5d2310a12782089a7fd4114b6679ef2dfcc3cb3ababd437fb9a0b4e3edf8ad080774de6d48c2bef19b80e0c03c0978d4ab10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
bfbb2bec37f8f2dc2995c96c6e3097cb

SHA1
70088d8a1049702f8c4d8003cf97f049425d6c1f

SHA256
11b11c9d29e365cfad2536f7d9a18db275ef4c8c7a9025712b3f12f84ee45408

SHA512
5dcaaf5f79f7c4e0954528fa7b4e2e7905a33e968e1215745aa2c38c97956b5e743cfb15515a909702ea8f78479605c8e73792531ebef4d53bcc512ccf04b491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
279B

MD5
2580eeb6a6aa9cd7073c831a6f93a77e

SHA1
a0859bb1cc2dc3ed70c25af85049fdee06482e57

SHA256
fb236cc8e313f29757c58daced4f00386a1d019747b32d12c2f330fd32a232e1

SHA512
918f878cac602ee10a0d90120938ae6853d6474e60d9f38bc76618a2bf83e22da8f354068ac34956302ac99168d9186cc04161f3f85384d05f49a471e90fd421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
160B

MD5
2e19a9040ed4a0c3ed82996607736b8f

SHA1
5a78ac2b74f385a12b019c420a681fd13e7b6013

SHA256
2eeb6d38d7aad1dc32e24d3ffd6438698c16a13efd1463d281c46b8af861a8ce

SHA512
86669994386b800888d4e3acb28ab36296594803824d78e095eb0c79642224f24aca5d2892596ac33b7a01b857367ed3a5e2c2fb3405f69a64eb8bf52c26753f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
297B

MD5
0a346d894f8ae516158d904f47c82e69

SHA1
ae6870debdab30038d931321a68edff4ae310494

SHA256
ef83fc3d77a4a71f5614c5a225d3702ab6d2157540c4b9747f90dad0b34a91b6

SHA512
5110a13f19e3adfbc70bbda414f9d79af3c3a9684fd6dfd28da9ea4688c5c530a750451d8295ee4b940ab1ba85a808b254c83d83a45263299633460752b06edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
c213c4198fda0f066ed6fe28eb62da02

SHA1
d6cd6fc1d46287e05e8a516ff0fb8375e3804d39

SHA256
2f294a00ff98df7f76ad666457e8fe4b8a1628e27c6a6b2dd96591875becc302

SHA512
f17e4c7edffe720943eca0f06d4e3ffced12a484f2dcdefd6cb16295373af82a800c85499edb177a70e43b2d48311fe2b7537575e20f4e973177e4c26e35fb54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
e3f7effb064545ab3c9e29e778e9cb2e

SHA1
dc4970a8dc2e415b539ba219e68bf6015ba7fe82

SHA256
1826705e3f780250e45f62a925d9192964365c379df0174fde33ec96b13436c5

SHA512
5c3777f89e1126ea0c2d92371472cf6848cb85eb5d6a94381d41f786589b3859966bae613abc18957616c03576ad5ad9ae202e45ed188dfb0961fc365a78d28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
e3f7effb064545ab3c9e29e778e9cb2e

SHA1
dc4970a8dc2e415b539ba219e68bf6015ba7fe82

SHA256
1826705e3f780250e45f62a925d9192964365c379df0174fde33ec96b13436c5

SHA512
5c3777f89e1126ea0c2d92371472cf6848cb85eb5d6a94381d41f786589b3859966bae613abc18957616c03576ad5ad9ae202e45ed188dfb0961fc365a78d28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
97552fcf972f2621a490ee97109a2fb3

SHA1
3d7b4c813fe9c9d13e9a2406183073d58d4345e5

SHA256
1711667447379b787ca3b772e45345ab3cb9504a630e6fba110898fa37c61895

SHA512
3e34fbf13fa12786ee4e711704a9304fdd1005f91bb53bcc927031ae192f2abaf6d0d1d146c11fa7d5eb8bf64003edb46efcfa6c4981db461fad5d1e745f4e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b50cd8eaa115c0f23de3b61b81d21dc0

SHA1
00e0f72d5cee673f380b8df1c5936ece3db073d4

SHA256
65e769f6f26372022706428edc4f1787b4ab63d605319908298f2ccbb87f7a37

SHA512
5055a6c0a9f0aacb9cbb7f409e7cd92063971cf0a5d756959371113c36971e1b5228afa73eacd276bf101f42e55af0b8754a3b72deb99604f8ce9c89a8cb076d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
9f473b02b8d50a6851d593b83f36f95c

SHA1
05818e4d170b51f6289188dd5e88211e5910814b

SHA256
c3126fa3cc1686c0b5fe8b83ef05f668d2d2d259a737af025be838b37e34cd7b

SHA512
9700798e07309a66ce9ad22b0aad8be07b0a9a15d8924f65f2d7c3613d88e9b49548e8ee8083b39ef91fde45b8e5a8d17e85c4990f1172428131237ff943039f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bae857ed-6acc-430b-aa59-f24e26ce3da4.tmp
Filesize
12KB

MD5
b9e6c4dda2273a5ca0104b500a5e245a

SHA1
7512bc2bb2256e2296ec668069e0d159855645c3

SHA256
0786c4474b66341403842bf6973bf84ca85afa8ca7d85fdb4f467970b0a28671

SHA512
040a0c805528de5506c60611445b49c45e48e77519ffc232521e47921fcf72accb147ce7f68e971b62a90c310f241289c7768de268e384197d3062e82c77c2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
d4aab5dde77c4b26d77bb10811c8c419

SHA1
f76a417e0901e3eaecd55914981eb76d4f0ee62d

SHA256
c6f30dcb35e9569711c52fff320e5877b6e67520ac5939089a9ef9b0f39fda70

SHA512
df60cd9dbe5cf220b0120a5ccb3b08377859adfc0cd4dccae8a4f4d2704441af6854fb4f74fb7614336f533aa48d3ea239eba67de932a43474c0bcc272dedfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
d4aab5dde77c4b26d77bb10811c8c419

SHA1
f76a417e0901e3eaecd55914981eb76d4f0ee62d

SHA256
c6f30dcb35e9569711c52fff320e5877b6e67520ac5939089a9ef9b0f39fda70

SHA512
df60cd9dbe5cf220b0120a5ccb3b08377859adfc0cd4dccae8a4f4d2704441af6854fb4f74fb7614336f533aa48d3ea239eba67de932a43474c0bcc272dedfd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZipRarArchiver\installer_loader.gif
Filesize
60KB

MD5
75fe3240a546f8ceb8e513e18d404f2c

SHA1
5c614060fb7765cdaf26eb6a50f6306e0fbe40f1

SHA256
ea1d5e14222178c61efa65c01a4b60dec5f3dd801bd26ce00979de4b54019020

SHA512
7c0924c5a5324461a090ba2b5c5531f7a973be6dfad830f0d9ce6a108a137b6e213ebc575939b0a91251f70ec8e5c761e4c3f5c15f4627e9ff8ab9daa6d41bdc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
77097d457c43bec0b5880f2c49397dd7

SHA1
b1a226a8c9e4f36a2cd2f32a56cea7850aa6b96b

SHA256
dff33b88444be9645ea2a469fbcb3478dd91d21348986f4e360fb5484a97edd3

SHA512
e5eacb2bfeaa9a270b4834802eb3618921ddddf705d3533a0e86d147116c7fdeee6d6e4ac1f9b594753572005600eabed6c35240ca3686099a1bf822f0df400a

Download Submit
C:\Users\Admin\Desktop\ziprar.exe
Filesize
6.7MB

MD5
5c8a4c8fd3cc94f957a2ed070a606431

SHA1
c25c4e6178f9434f6ee74790b31a7c09bd812271

SHA256
94dd39bc894ee60fc3c7ae21f53da2e29ed2d7b60515fd17b49ff57b0679a591

SHA512
9ba24100c48fc8831d1acc84a3fa14b2dea8ae6b509d5fba537ced5ef91f2379e6c87c43fc027e11eda4c0ff4788d5936dccd625eb042569af4f6b33c4ac2daf

Download Submit
C:\Users\Admin\Desktop\ziprar.exe
Filesize
6.7MB

MD5
5c8a4c8fd3cc94f957a2ed070a606431

SHA1
c25c4e6178f9434f6ee74790b31a7c09bd812271

SHA256
94dd39bc894ee60fc3c7ae21f53da2e29ed2d7b60515fd17b49ff57b0679a591

SHA512
9ba24100c48fc8831d1acc84a3fa14b2dea8ae6b509d5fba537ced5ef91f2379e6c87c43fc027e11eda4c0ff4788d5936dccd625eb042569af4f6b33c4ac2daf

Download Submit
\??\pipe\LOCAL\crashpad_1756_OGFESJZEYLVYTVLG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4572_KWJMVHCRFJCWHOHE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3196-801-0x0000000008FA0000-0x0000000008FBE000-memory.dmp

Filesize
120KB

Download
memory/3196-152-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/3196-167-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/3196-160-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/3196-159-0x000000000E910000-0x000000000F0B6000-memory.dmp

Filesize
7.6MB

Download
memory/3196-158-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/3196-157-0x000000000A0A0000-0x000000000A0C2000-memory.dmp

Filesize
136KB

Download
memory/3196-156-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/3196-153-0x00000000056E0000-0x00000000056EA000-memory.dmp

Filesize
40KB

Download
memory/3196-800-0x0000000006FD0000-0x0000000007046000-memory.dmp

Filesize
472KB

Download
memory/3196-184-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/3196-151-0x0000000005150000-0x00000000051B6000-memory.dmp

Filesize
408KB

Download
memory/3196-149-0x0000000005040000-0x00000000050D2000-memory.dmp

Filesize
584KB

Download
memory/3196-148-0x0000000005780000-0x0000000005D24000-memory.dmp

Filesize
5.6MB

Download
memory/3196-147-0x0000000000040000-0x00000000006F6000-memory.dmp

Filesize
6.7MB

Download
memory/3196-229-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/3196-261-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/3196-289-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/3196-317-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download