c841159847d9aa30087e10b67b3d43ad09497980760bcd57b8893e30f0794bae

Analysis

max time kernel
137s
max time network
339s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Monoxide
Size

183KB
MD5

e7137f5eeb8323becf1243095717112e
SHA1

90dd5a0da4f145fe3a1d7126178da30c9df22b37
SHA256

c841159847d9aa30087e10b67b3d43ad09497980760bcd57b8893e30f0794bae
SHA512

1b89ca9299bda056dc89ac2cc8081eb5816814744fd1c47ec5b2c902052e18d57fca2216d0ad77ae714b06b0da189db06cfb87bd6c99cfa3aff8447b62128699
SSDEEP

3072:ojTRgFloUWbwXwXIjhArpstmBCnLeKD5tVJpa2Ugt1y206taPexDuqJmo8YJaQUb:sTRgFloOxDuqJJ8YJaQU2SJxX520WLyl

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

Executes dropped EXE 1 IoCs

Processes:

彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

pid process

5824 彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

description ioc process

File opened for modification \??\PhysicalDrive0 彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

pid	process
5824	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e357354e-a57f-4a75-b5d5-3f4e6f5adac1.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230401184459.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

9192 5824 WerFault.exe 彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

pid	pid_target	process	target process
9192	5824	WerFault.exe	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

4340 msedge.exe
4340 msedge.exe
4532 msedge.exe
4532 msedge.exe
1764 identity_helper.exe
1764 identity_helper.exe
5724 msedge.exe
5724 msedge.exe

pid	process
4340	msedge.exe
4340	msedge.exe
4532	msedge.exe
4532	msedge.exe
1764	identity_helper.exe
1764	identity_helper.exe
5724	msedge.exe
5724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

AUDIODG.EXE彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

description	pid	process
Token: 33	4908	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4908	AUDIODG.EXE
Token: SeDebugPrivilege	5824	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
Token: SeTakeOwnershipPrivilege	5824	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
Token: SeTakeOwnershipPrivilege	5824	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
Token: SeTakeOwnershipPrivilege	5824	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
Token: SeTakeOwnershipPrivilege	5824	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
Token: SeTakeOwnershipPrivilege	5824	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

Suspicious use of FindShellTrayWindow 12 IoCs

Processes:

msedge.exe

pid	process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

Monoxide x64.exe彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

pid process

5796 Monoxide x64.exe
5824 彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
5824 彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

pid	process
5796	Monoxide x64.exe
5824	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
5824	彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4532 wrote to memory of 4492	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 4492	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 804	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 4340	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 4340	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe
PID 4532 wrote to memory of 3716	4532	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Monoxide
1⤵
PID:2544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
2⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
2⤵
PID:804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
2⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
2⤵
PID:1940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
2⤵
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
2⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8
2⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:2616

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7b3315460,0x7ff7b3315470,0x7ff7b3315480
3⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
2⤵
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
2⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
2⤵
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5912 /prefetch:8
2⤵
PID:2484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
2⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
2⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
2⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
2⤵
PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
2⤵
PID:5716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,2254853204541780030,5128345623880250818,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6224 /prefetch:8
2⤵
PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3340

C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe
"C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5796

C:\Users\Admin\AppData\Local\Temp\彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
"C:\Users\Admin\AppData\Local\Temp\彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5824

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\bn.txt
3⤵
PID:6088

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\io.txt
3⤵
PID:6116

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ky.txt
3⤵
PID:4808

C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
"C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"
3⤵
PID:5268

C:\Program Files\Internet Explorer\ielowutil.exe
"C:\Program Files\Internet Explorer\ielowutil.exe"
3⤵
PID:5448

C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe
"C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe"
3⤵
PID:5468

C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe
"C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe"
3⤵
PID:2552

C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe
"C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe"
3⤵
PID:5480

C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe
"C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe"
3⤵
PID:4692

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf
3⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html
3⤵
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15771608585561546031,17601630589081442690,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
4⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,15771608585561546031,17601630589081442690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
4⤵
PID:5712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html
3⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
4⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
4⤵
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
4⤵
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
4⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
4⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
4⤵
PID:100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
4⤵
PID:5448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
4⤵
PID:740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5992 /prefetch:8
4⤵
PID:5616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
4⤵
PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
4⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
4⤵
PID:1940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
4⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
4⤵
PID:1580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
4⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
4⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
4⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
4⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=qrcode_generator.mojom.QRCodeGeneratorService --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5560 /prefetch:8
4⤵
PID:6460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
4⤵
PID:5932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
4⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
4⤵
PID:7108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
4⤵
PID:6920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
4⤵
PID:5540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:1
4⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
4⤵
PID:7220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
4⤵
PID:6828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
4⤵
PID:7304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
4⤵
PID:7448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1
4⤵
PID:7528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
4⤵
PID:7676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:1
4⤵
PID:7800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9492 /prefetch:2
4⤵
PID:7900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
4⤵
PID:6824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
4⤵
PID:8300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
4⤵
PID:8288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:1
4⤵
PID:8776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9632 /prefetch:1
4⤵
PID:8892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10424 /prefetch:1
4⤵
PID:9180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6644019788048553896,551613898812156555,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1648 /prefetch:1
4⤵
PID:8924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm
3⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:5388

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css
3⤵
PID:3544

C:\Program Files\Java\jre1.8.0_66\bin\jjs.exe
"C:\Program Files\Java\jre1.8.0_66\bin\jjs.exe"
3⤵
PID:5116

C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE
"C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE"
3⤵
PID:2916

C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe
"C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"
3⤵
PID:1960

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js"
3⤵
PID:5712

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
3⤵
PID:3552

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp64.msi"
3⤵
PID:1616

C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10O.CHM
3⤵
PID:1400

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"
3⤵
PID:4572

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Mozilla Firefox\crashreporter.ini
3⤵
PID:4468

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\VideoLAN\VLC\NEWS.txt
3⤵
PID:6432

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Windows NT\TableTextService\TableTextServiceTigrinya.txt
3⤵
PID:6864

C:\Program Files\Windows Photo Viewer\ImagingDevices.exe
"C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"
3⤵
PID:6920

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
3⤵
PID:6328

C:\Windows\System32\PresentationHost.exe
"C:\Windows\System32\PresentationHost.exe" "C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Generic.xaml"
3⤵
PID:4580

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
3⤵
PID:4376

C:\Windows\System32\PresentationHost.exe
"C:\Windows\System32\PresentationHost.exe" "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\xaml\onenote\CaptureUIStyles.xaml"
3⤵
PID:3984

C:\Windows\System32\PresentationHost.exe
"C:\Windows\System32\PresentationHost.exe" "C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\ProgressControl.xaml"
3⤵
PID:4680

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
3⤵
PID:6388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\contrast-white\Error.svg
3⤵
PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:6588

C:\Windows\System32\PresentationHost.exe
"C:\Windows\System32\PresentationHost.exe" "C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\TextEntry.xaml"
3⤵
PID:7012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppUpdate.svg
3⤵
PID:5508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:3700

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\MSFT_PackageManagementSource.strings.psd1"
3⤵
PID:5972

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeGreaterThan.ps1"
3⤵
PID:60

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\PesterState.ps1"
3⤵
PID:5660

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ShouldNotBeNullOrEmpty.snippets.ps1xml
3⤵
PID:6648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\editpdf.svg
3⤵
PID:6748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_filetype_psd.svg
3⤵
PID:6932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_closereview_18.svg
3⤵
PID:6804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-disabled_32.svg
3⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:6232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-hover_32.svg
3⤵
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_link_18.svg
3⤵
PID:6876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reportabuse-default_18.svg
3⤵
PID:6968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0x11c,0x120,0x118,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:7200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_removeme-default_18.svg
3⤵
PID:6944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_auditreport_18.svg
3⤵
PID:7460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:7544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-focus_32.svg
3⤵
PID:7592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:7608

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\ui-strings.js"
3⤵
PID:7864

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\ui-strings.js"
3⤵
PID:7980

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\ui-strings.js"
3⤵
PID:8040

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fi-fi\ui-strings.js"
3⤵
PID:8116

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\ui-strings.js"
3⤵
PID:5904

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\ui-strings.js"
3⤵
PID:5164

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\css\main-selector.css
3⤵
PID:6844

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\ui-strings.js"
3⤵
PID:7620

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\ui-strings.js"
3⤵
PID:7716

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\ui-strings.js"
3⤵
PID:5864

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\ui-strings.js"
3⤵
PID:8016

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\ui-strings.js"
3⤵
PID:8036

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-si\ui-strings.js"
3⤵
PID:5748

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\ui-strings.js"
3⤵
PID:4108

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nb-no\ui-strings.js"
3⤵
PID:6900

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\uk-ua\ui-strings.js"
3⤵
PID:5532

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\editpdf-tool-view.js"
3⤵
PID:3068

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-cn\ui-strings.js"
3⤵
PID:6656

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-tw\ui-strings.js"
3⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\s_empty_folder_state.svg
3⤵
PID:7952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:8180

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ar-ae\ui-strings.js"
3⤵
PID:5332

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\es-es\ui-strings.js"
3⤵
PID:7928

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fi-fi\ui-strings.js"
3⤵
PID:8124

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\uk-ua\ui-strings.js"
3⤵
PID:5936

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fi-fi\ui-strings.js"
3⤵
PID:720

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ja-jp\ui-strings.js"
3⤵
PID:5728

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nb-no\ui-strings.js"
3⤵
PID:8264

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ro-ro\ui-strings.js"
3⤵
PID:8368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\PlayStore_icon.svg
3⤵
PID:8608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:8620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\vi_get.svg
3⤵
PID:8680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:8700

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hu-hu\ui-strings.js"
3⤵
PID:8876

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pl-pl\ui-strings.js"
3⤵
PID:9004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\s_thumbnailview_18.svg
3⤵
PID:9088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:9100

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js"
3⤵
PID:9172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg
3⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
4⤵
PID:8632

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ro-ro\ui-strings.js"
3⤵
PID:4024

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5824 -s 2400
3⤵
- Program crash
PID:9192

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\ui-strings.js"
3⤵
PID:9212

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3636

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5208

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1452

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4824

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5344

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2780

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2152

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4408

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4812

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5896

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4176

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1784

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://java.com/
1⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
2⤵
PID:5584

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4724

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4424

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:520

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:5796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4776

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5376

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6044

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6256

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6332

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6596

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6736

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6796

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:6948

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6584

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6544

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6996

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1240

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1424

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6744

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4616

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1424

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
2⤵
PID:3788

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6760

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1380

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6692

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:336

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4652

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd487146f8,0x7ffd48714708,0x7ffd48714718
1⤵
PID:5896

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 412 -p 5824 -ip 5824
1⤵
PID:8912

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
51f45e5218334be28303f404044f02fe

SHA1
e3d06720fe7b29f437ad82962be07fcc3ccea390

SHA256
377de9a936f9de7a5d62b07e657e72e87b83ebb4c706b1b3e7b16fb725b0399c

SHA512
52fdacecffc82d87fe1227933da14fe7e9a13ecf4f37f61360c03c259461e8601c2e7d6a484afa41e7591fe17522f99c2b2b40be215e0a540f3dc39892689733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
51f45e5218334be28303f404044f02fe

SHA1
e3d06720fe7b29f437ad82962be07fcc3ccea390

SHA256
377de9a936f9de7a5d62b07e657e72e87b83ebb4c706b1b3e7b16fb725b0399c

SHA512
52fdacecffc82d87fe1227933da14fe7e9a13ecf4f37f61360c03c259461e8601c2e7d6a484afa41e7591fe17522f99c2b2b40be215e0a540f3dc39892689733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
51f45e5218334be28303f404044f02fe

SHA1
e3d06720fe7b29f437ad82962be07fcc3ccea390

SHA256
377de9a936f9de7a5d62b07e657e72e87b83ebb4c706b1b3e7b16fb725b0399c

SHA512
52fdacecffc82d87fe1227933da14fe7e9a13ecf4f37f61360c03c259461e8601c2e7d6a484afa41e7591fe17522f99c2b2b40be215e0a540f3dc39892689733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b334cb75c59fe0ca7feb04daed78db15

SHA1
da8f6cb930cdd36d0bc11af2d24dc78dc6293ae2

SHA256
33058cdf7383eb0ff91b7db2afb430b404fb6991b964171a6042b2e8c9028ff5

SHA512
a1459eb53540d665eea9fbda778801446d25ac77d3fecea41690c7d28ab27031147c227e8799086e4d68e9d2171b5df851d974673d7c1364456c13cff1f902d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b334cb75c59fe0ca7feb04daed78db15

SHA1
da8f6cb930cdd36d0bc11af2d24dc78dc6293ae2

SHA256
33058cdf7383eb0ff91b7db2afb430b404fb6991b964171a6042b2e8c9028ff5

SHA512
a1459eb53540d665eea9fbda778801446d25ac77d3fecea41690c7d28ab27031147c227e8799086e4d68e9d2171b5df851d974673d7c1364456c13cff1f902d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1566d2c2969e09d0e9c93f69ba6744a0

SHA1
da6f30e516b4534cfedf28fccc880859f6c596f9

SHA256
61aece15125ce934e570cce78b6c67c22baea08be77321e587b94910100d274c

SHA512
f41da96ef4edd9f35d15e35149c90cd059bda063b713672a407e309edc0c2318bd973fbbeabdd3a9ef0fe8f854f3734767c06fbbe737882bf257b000e84701a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1566d2c2969e09d0e9c93f69ba6744a0

SHA1
da6f30e516b4534cfedf28fccc880859f6c596f9

SHA256
61aece15125ce934e570cce78b6c67c22baea08be77321e587b94910100d274c

SHA512
f41da96ef4edd9f35d15e35149c90cd059bda063b713672a407e309edc0c2318bd973fbbeabdd3a9ef0fe8f854f3734767c06fbbe737882bf257b000e84701a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1566d2c2969e09d0e9c93f69ba6744a0

SHA1
da6f30e516b4534cfedf28fccc880859f6c596f9

SHA256
61aece15125ce934e570cce78b6c67c22baea08be77321e587b94910100d274c

SHA512
f41da96ef4edd9f35d15e35149c90cd059bda063b713672a407e309edc0c2318bd973fbbeabdd3a9ef0fe8f854f3734767c06fbbe737882bf257b000e84701a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1566d2c2969e09d0e9c93f69ba6744a0

SHA1
da6f30e516b4534cfedf28fccc880859f6c596f9

SHA256
61aece15125ce934e570cce78b6c67c22baea08be77321e587b94910100d274c

SHA512
f41da96ef4edd9f35d15e35149c90cd059bda063b713672a407e309edc0c2318bd973fbbeabdd3a9ef0fe8f854f3734767c06fbbe737882bf257b000e84701a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
Filesize
49KB

MD5
8991c3ec80ec8fbc41382a55679e3911

SHA1
8cc8cee91d671038acd9e3ae611517d6801b0909

SHA256
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800

SHA512
4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
103KB

MD5
390b197742c776039f0f34713bb3c2e8

SHA1
81c0472457abbf6daa9f254961ce2c5c6e2c72f3

SHA256
e8438a5cef8ec2c619c6861418d924abc07c542818a229d65d9ec90fffe2de9b

SHA512
41af1b39a681d1e6308c5b95e689783d4f0293ca477afe2c9e10fac888dd57e34caa9dcae3d974f409537cf526f72586b6fb9b603c4493476ff266bf9ed4d8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
133KB

MD5
fc69ea3f308391b79c168c66d731643c

SHA1
a2ba6c820cb70378363649cefcc60a5844422107

SHA256
9d488f5ba56b7c750fa12056762c83f1a6de7d77fb85c378029d251f90c8bd4e

SHA512
9a3b1759bfd28041cf843cc8a55cbe0f2b93c4a8169342beaa0764fa0e836b98e2171b544235ffef613b4ac2169a9760310168351bff193aafebed95c2c46dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
244KB

MD5
bc209edbf1ad3eec9802e328fb85922c

SHA1
32a2e0c3f4727789d846bd32826bde88a729a6f4

SHA256
cf353acf48b575b52e887e14e75db06bb148bee82b909aa761c8ff1294f0ee2b

SHA512
83506fa87955fcc9f72b5b94995bb51d840b4e560d16383d6c0a5eb70428cc7444fef15eba67f84afa711c0b9d9af4f9f735835e4eca8b99c3968ca9ce8b3ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
25KB

MD5
8da88e02511b2c5426b0a4f5950d401e

SHA1
fed82bceece728ead76f94bcefbcb2aef60e880c

SHA256
0a5842c3ea6dde516e278b493af3ce60ea430a9538712cd0071dd74caf246595

SHA512
4117fe3c7961db48f1eeefb920fb449f0db7f2d510a043d01a29ce7882f2cc02e8ae60f93bfee38f631d373848e1c050f71ca391aee4fb6eba9bc5e1ca94af6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
Filesize
22KB

MD5
9004c13a0ab16120972d6aa8e557df37

SHA1
40139fe61786aeeb1b4dd1337af94b69c32627f3

SHA256
a6757b470a38710fbfe08c70f37502eb708d202b293871385b94cd3dd45b7e32

SHA512
7e393169f608dfeb35eece3a8a9feec25c3996c862282a2c66a9b1804d6bb0ce8ef13bec2b7357b094d3ca6c4933b328cded49947adbfd929ac04633a0f560cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
29KB

MD5
0dd4d2874c37a232e8189a1e7c3704e8

SHA1
358deee7e845c461c2774061ebdc56d3ab824c4a

SHA256
860becd7930cc3a8db90a5b30af52d0456d5386cb7d01132ea7c8142c85b3354

SHA512
baf6435eb1e5c749a06befb3456b85bfecb6507cb2769ff96c0f5395a85e880a76006ea426c9d7cb71a4695eb0af12edc96b20fb02f2b91af71a1adce7c1ed52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
06aedaee3a9614f7f2940d734a043059

SHA1
315233be542e013659c85f66df1660d95617b55d

SHA256
dbc8cdf4c0e4d89cc1c30c0ca6d7806896819d95289391b5b350222c96a161f4

SHA512
83dc332d086c9755aab131d84a115aa132f41bd697e5b29660538e059c81260169a41a666d9d734190342d878f5f07a7761fe8b205e8cc74071135176147287f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
f0b1abaffd4d6db37e0ea8047bf15bd7

SHA1
4096a264ce1b8f1a0a7abc9d541012a1a8253f89

SHA256
a3c6bfdba94ee400f7c946fc50159631ad3f4e70300f19e88fb9e5360410f25e

SHA512
a0af663901cfb5993e3db0c4532e6121441d4e62d65c1d5d274a99ab7d16f13d6c281fc0e6b5e9d6be053f5490258e601cd9e21f35a04232a3b740e0fbeac3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
6ac1597c69e90dee508e90c0bd01f844

SHA1
3f15f9990d06bd6064c5911edf6d4199a4576d23

SHA256
fcd999f84342e9a71c5ba0f225db935ded2feccbf086fad0b7a9f13de4f60d17

SHA512
b159d160c4e54789f928f04c64ea90664212f2f4bfac8ee3482d886f763154a1f2c7155ba574f6c9caace736a743600f6c2c161bdf3dc777ccaf3ce5c82fd8a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
7a445584d160bb31008a4d6111303f3d

SHA1
a3d2f7babdc12664b2c789b72016885b1646934a

SHA256
2dc23fff28b23bed9c1fbb119d6f8a92851240f3fcf61aaaf50a498359ba0afa

SHA512
bb0addbcc2dfac70709c5444beec01965951da217419989ba92b7c76af9903094b70822119cc4fe27272eb2fe20cac5e7ea4770036c5751bd51fbca04975ec11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
7a445584d160bb31008a4d6111303f3d

SHA1
a3d2f7babdc12664b2c789b72016885b1646934a

SHA256
2dc23fff28b23bed9c1fbb119d6f8a92851240f3fcf61aaaf50a498359ba0afa

SHA512
bb0addbcc2dfac70709c5444beec01965951da217419989ba92b7c76af9903094b70822119cc4fe27272eb2fe20cac5e7ea4770036c5751bd51fbca04975ec11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
6ac1597c69e90dee508e90c0bd01f844

SHA1
3f15f9990d06bd6064c5911edf6d4199a4576d23

SHA256
fcd999f84342e9a71c5ba0f225db935ded2feccbf086fad0b7a9f13de4f60d17

SHA512
b159d160c4e54789f928f04c64ea90664212f2f4bfac8ee3482d886f763154a1f2c7155ba574f6c9caace736a743600f6c2c161bdf3dc777ccaf3ce5c82fd8a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
cfee074818d189bcbc630fc432da80a4

SHA1
52b057bdae7c5e136e8c7f85679f7b272327eb88

SHA256
dd064fec90af9d7139451a44a82e7098118dde5f8d9e450feb9444d3c1c2e046

SHA512
6a7dcb4cc2fd7a3b35195d37b683a3c26087e20cfa0c20a5073d633db5be27d4c4731899bd686e977dcde047bd842ad65e3034f042040ab707bcf635cd41c4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
bd3f0138fe0056728b5d328e5c4499e4

SHA1
241b55b6633922338603c3eb34da3c291bbad10e

SHA256
7aa394b4cd4d7f3efaaea983a0d156e581911a5ed51fccde54b8a4e1ed4b283a

SHA512
f0bc12ea7fb6a68c2ee8e211a1f6d6c7dc53e585715bcf968a6ec31000e1eab478efcbae5bb18036226bec81b2c3687e4c44d6db13e9e1300a2f84801383ef83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
405e47a248ad42f17c8be5d1cfd734bc

SHA1
68e1f521af8fbd34c8b55f0c091861e5baea7367

SHA256
ba669d4380cb0cef9e4634c8493105fe0a0c40665f10a08ad042365a7498ea75

SHA512
89a223407bf4db4388644187701d6e98460c2d23ba85bb96b217fce987335cbaf37e5205634f5a829096a6166ea93d68029d894b3222b7a1439648b655add8b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
bb611d7ae6605774f2c25fce8d282fcd

SHA1
add4313ff8dc421e883df33587ac5944ffa2b3ef

SHA256
d6142de8790c7a0ba1945811f460d3a3fd99c54360b3bbd75264210f8ff8358d

SHA512
92df659e2152cfb2219e5e1701e5542719aa2758e1ac3a53f9320844a3b50f87798ba37f018c874005d7929d655e1e352876f41302daa0edc3dd280d4b24f042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
2KB

MD5
9cf9874aeef5cf2b93b64bb5ac28c47a

SHA1
62791099b68207e9529ac8ea68a8bb083516d991

SHA256
7a25dbc9fd8e2cf4ba839ed1413c67c5ad79631675298cb89f5a8f1924c1d651

SHA512
e7393bc624d93169f82b5ddad9961c7d5ee967cd527220a980796937788379d8ddc035db4678b2cd44fb68fb0a71f8aac64bebda8c685dc515afc525111131b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
8KB

MD5
162c478598e8a187b0064b59f55a1602

SHA1
e702ce31bae9307a7dc4c579e6fc6e106be2c359

SHA256
3f48862d0f9cac59ff90b04d7d01f189a7266c97890dfa7c0fa1ed0b11237384

SHA512
b610d5fc0e50c09c4d8a5849695b51d5bd00ba90afb05a946583ee998f3ee09fe3ab846a31e614e9814f0bbcff75c678b6b83869490a318af0be1211ba6b8d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
20b64ca3fb8c5662ae2a0ab86b8f26cd

SHA1
edd7b6e263dca611b6eed8cb1e513cfb53e3462c

SHA256
937d0def08509f780ce220e089e6521fe829d675741cf5763459e81e2aca57df

SHA512
ebbf9ee78efc54b3a992c71795853eb643af8652aae50fe69ab141eb70dbca684f72ce4ce2d00acbcaa2fa70c4278577cbaff0799a47537268a2dfc6869d7769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
b34a6cf283435574c87dfc7d406a217b

SHA1
831cc72f974c417336fb08dfc3a6f85923505152

SHA256
a6902d73754e31f3eac5c52eef28b47974198e8a5db70f9a0dff9d0a6ebf915f

SHA512
b37c33e0f596203a5c380bc64455e7c567f4f34c749f9c8b3f3a15e1f8d53a199cc50aa2f2ef7edf242ca291623eaf88f19193d1731494901a96b143efc9f27c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5221cae408fc804250919ecb0464b2d6

SHA1
f6341cec34d54e1c3bb6cb63f45c07c92ae0849a

SHA256
bd94b682b03e0a4c0b9b323914497b16e8d4406ef3fac357e5a8c68e7f5e28cd

SHA512
cc269ec700b74f5c7538901266723965ae6e9b6494b680cebe8b2c373a01274dd3fb8b3be46cff6b8144a36c1344786b6e73b41a97118dac753a74e4d16ec209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
928B

MD5
4aa8e328a87b34c2ef20f3ab6da2991d

SHA1
493d3cc4c178d78d240b6c1294e3bec6bd5f4b02

SHA256
008ec48805182cd9eeb419759760e49fd08604cc4c00c9ea9bb31ffde679759d

SHA512
e407b0288366092b29ea587f5f299c2c65136bdf4f85a8cb315f353f180546273f05cbde351581d85f1fd2609a1efd8e6b1c2d96f1c751dfa678079b7b31f6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
62e995637c3b3b75fa78d8bd2ef3cab4

SHA1
9b6f56b53841c5e8cfd89691f18df8e970fc6f9a

SHA256
234eee60a09867c2661fd5df2d8734d2d999d221cd2f9f9d12f589a91aa2336c

SHA512
014cdeebab546b7a2ecc01a1c9fdf34846cdd2cf23c3cdc78680ab7d175b3bd0ed13ca363135fcb3a022eb375b82713ac0f1f2246ada57b7d477f86d0c05ac7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
8ffd5e16a45b70e7fba8c65f0c7d772a

SHA1
b8a570d2440792e841be9a4baa8e346ec7f53895

SHA256
4b31ae5ac18a31a81f21caf29f0dc2e051128ab9bd59b27081bebd37c40e06cc

SHA512
8634e072350e4b34b580a411ba9e04173a679daff26223e7212a3787adb896b04dd385f9716c89bb63db3d2642d70540142164f8019989edd31badb5b1a99bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
0a99a17bd28344291b4785f218bf1913

SHA1
ae0a9153d6ad9c452829a9c544d272bd3edda6ee

SHA256
e61a08a2dc1ad830f088d0d469426faf39bc99f06050a7cb7c9009d68c29ac03

SHA512
1270b2b2cd9583ac6b433b490e0767e9134354756a28f8f5e0edff3cff98046ae62e01e66c50de5650e1e29d9f40e565db8a5e4f1a00a4358b1d43ff23f49583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
cb4af74cf1e0aae2fd4ef2c89dc5935d

SHA1
9d7b7dcb92e16c79d168e9e28b35bc9181800581

SHA256
64f17bef8a2962705b3a955243681c3525d86bac6e6a50787e149aa2e443354c

SHA512
2ea4d00c605a7ee46eea81616c3b85308043f2a038d83b12a283c9a76c375c7a108214df6fe6ef171749292ddd59c19578edd94b9e97ed251dd3ab6b6f5690e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
93b7e56c6a13d628ac81487da580fd69

SHA1
bcd5e082151120d702a70a27f9f5056df7314b1b

SHA256
4cb0856e3e077ddcf54754bef878dda69c039b88ddf27d6d0031f700c393c81d

SHA512
cf8f883d996ee6070010ee729dbc537cd824d8bccc3220a498d2823208890d1f8b333c88920a91f4308d64b20dc13409ebc85ee39976f77faf2672545cf24e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2268ff99c5f30184f77297850c8626ba

SHA1
3f80dccebd11a574da0d1cd6155cf35f0c5a9c74

SHA256
777c848bf03e58f967db65cc32aac5d64bd223f94252e576993d8185920bddba

SHA512
30eadfa7992885004d9fd544d17dae1e03e1fc8bf5a60bc6986742fb2b56d64f8dc9fdf7d9092e019affbaac43115e899047f37eb5f15d9a24112f8710c2fbfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
95e13fc491cc958ea8ea4f9c3e7e7cb3

SHA1
02d56b3bc80149e489a48d014294a0e2f298a0f4

SHA256
3326fc081225e409eb2803efa5598a22441a9eebf05b15e91f194917cafd4d9e

SHA512
23c23e6ed51b314b010ac0fb116f17d977925ddae922d0a71bab7557bc2ad63cd8f4ce8827ad87cc8de2cf175a573fa75d1ad1bf8eebd009ea93d25743f1b766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
0db217e1e70291b559f6c5c645ed2c44

SHA1
41189989e980965bd6dc57298efdb3d218876e3d

SHA256
848ff045aa2da660d8d7ecf477dc5a0c8a5b48c281ef893096f01a65ae8cbcb7

SHA512
b653a5363820147aa724a76ff26d23aeda858ca5d9728e41139702349e477e7d51b03533550fea67df97e4dedde3db084bb5603ec410e20679c424ec0d67f7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
b5d042531df83fd11e6ff6bfa53ed126

SHA1
5c1b16b885e31a36cdfec0b801fe61fa6e5d7419

SHA256
51b38a82423e74a1c2635d328a557dd4ed47024aeffd7645ba2224ad24282a2e

SHA512
406bc46d85aed037dfd0f86c1486d355ba670a948dd35c285fcb60866c2fe097d41bbb10443295a8429988903a4cf3ce4d11f3d09267ec3c596254d5114ff9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
4293ebe9859ea61f94367b0b41a3aabc

SHA1
5151aa61708d258f156c49ab55eb2da5bc619c01

SHA256
b6355297bd2e5743f2dc416877efdd1a8cdd1bdd0f4b04757003a8fbe21fedd4

SHA512
1963ea2c724fe75d527646e75092c4e1ebe5c44129e8bc3f8f65c689dca005e063fd1cbe0336357c9aa457262cbd7757117ebf1e3d0514605e8d5705698ada2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
1530284fe27075e878a337809e4675fc

SHA1
0a84c783aa73ad8609b8deed43f1c3cc478454fc

SHA256
3f764cb7325ea185e2cce77ddea63decdfecf25d3c7ff75756769f64c932023c

SHA512
ab61ff3523bf010b149844f6444247f085fd734e904349146f8e94d9eb156003014783859d961b08d29fe690e8cafedf24567b893ba52c5643bc901a83e87af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c985b28fdffcc697a45d07b728b29b31

SHA1
924c048c06477f534eefc34ef3ab10980afe1729

SHA256
5b0a7f5648fee09c7ba0c5c26ced676970aff4596ab340916894cc2e62eac660

SHA512
bfd8b4569fffc65c38b56b84718a86c36a378c23444922e422d8b9aa6f1a81922bc9a04bcbfd1720b07ee1a45b7ec8957112e3bbd79056a103dd413fcaa92899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c9ab803dc200524da0bd21f0db93ce1d

SHA1
1257e8194ce878770212dace60bad8bdc15a3fc4

SHA256
42f5e195e5f6fc7726fdeec6ad3b9cd3bbb2299629521acaf63f769271a95f60

SHA512
b74f006092cdf7598b9ad5077d29577cae53ea2972b4087f804f7c1736e0e92753d0014e1436f78b754f37ac3c394d9223eb495cc197324cfb67d8ab33983418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
087f410a10371210d6af6013ffcdabac

SHA1
209ed37974d49d9b63aa964d94e922b4d64a1536

SHA256
a7526a41a4a9d616ec7f2b0ebd95cb1184b7bfc621b66908065de3ffa3676d28

SHA512
4688da160c82245e8a1dd4f2cf4025b51132c3c14e14c5706b6eb3b6601fe43e55f525dd9c8df7bfa1c7cca27971a16ce28c2129cae72d9532cabf43514d0c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7da76970f06647f047e117eff70a1e33

SHA1
cae1b4f7fd7c8655534695773125427ca1b39c24

SHA256
fb52eb171555f69bca180aac8f8e2557b0428853fab672e8fae6e32fd91e69c0

SHA512
2437e2d1d9ed1d89e26519facee2c0ec8db257c51f6b383b713e3585f415d541f01222fd0de34e92591bfee3f5b37ddeaeac4e1caa219abc332dd36ac67542da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
da196d57bb82a6dcb58ae8a6f7db179f

SHA1
4e0869bb285024aab54ead32d7d04db818a7312f

SHA256
d4354197cb1a51769fa5934e09b5c5ac342da7789d76f6a5a98b6a8789ba29ef

SHA512
33cadb0adc03634f2b47a8d5311c95b38c1fd8c19729c57f1190f32e330102f7b86dc2d375334b146290db4a16528cf6369e0e07f493f338796187933ad8be68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d5729fcb7b32cf6547096a173f5b48b5

SHA1
802c7cedb4c257f8d5de326358c4c6d8da4fe148

SHA256
6d75a2b37c2c192c34b4503cef88676d8fd20c0db3e436fa384ed48fab91956a

SHA512
f8802d01d30bb8bbad02048692241151be9e2db357502eecbaa64576359b579bd2b0b8a9be702ccffd5c6fcf62acaa20fcef9a0d89e8816daa8c01936d05c659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
296c4be16907e30caa976383a2972f83

SHA1
e58badf3c766c3c7c519e3dcb383a9a8c57e4038

SHA256
085c18b3337841ac641f4a8f2462b298054920858aec21e151e2c64edf77ad40

SHA512
f5746b43e4eacdd991660a6912bcc9590a9cbaa79f9b3e6be1280ebb6348e645ee5fa0362b3644c0698f91585b341a138f314e2942f23c9d7eda4ba84aa4b48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
296c4be16907e30caa976383a2972f83

SHA1
e58badf3c766c3c7c519e3dcb383a9a8c57e4038

SHA256
085c18b3337841ac641f4a8f2462b298054920858aec21e151e2c64edf77ad40

SHA512
f5746b43e4eacdd991660a6912bcc9590a9cbaa79f9b3e6be1280ebb6348e645ee5fa0362b3644c0698f91585b341a138f314e2942f23c9d7eda4ba84aa4b48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
dcc01ffb23804ccdc8621dc8b2a42c07

SHA1
1e7682baf53248c679f526edb30b142760b205b1

SHA256
693097d434a3f2afe5019d8e0cb49504b4316b205f2776c6c9b81965fe92f7d8

SHA512
14e009a86b12f6205b866fbff8b9242989073d250d9500b86ae146627b9adc8fc43c533b5af5676bca9bcc1b5c342e9e17eec0cd20db8a537b9a677779afe88d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
279B

MD5
8c0392cb27a131925ee90b6dc83ad56c

SHA1
51d656324e62a56a6df3417281d47624664b471f

SHA256
c16ee842c24f7817867c43e8b0c3aceb885836e41c783b1bab9f5dbad02ca2e4

SHA512
acec23a82daf0cd213cc4a2803429c04a0285cea0cbfbb3d2eef475f79796625c67f952f36ca5daaa3e522dcfa477b4a65c2fc5b8278ee00a1b353e2ba33084a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324848326541560
Filesize
10KB

MD5
b3944aaad21b5a82c64874f3291e3019

SHA1
0ebf90feccd94c43bd6cf0fae1711bc023d7551d

SHA256
1c61c37eee5f01647a9509a1098d90cce5e49d5aeb159434e1069f197c317c1a

SHA512
401293eae648ef9e4a8a99e70d39ff5e73e837f97f47e4cb77fcf3e4c6412339245e36a30a786c979bd4be76d29d0123c72bc8602fa71f6145f53dd4be4645a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
184B

MD5
91df230ea7c5f2b8e93fce0ff4de49fc

SHA1
e393e2ca51798351b9c60274230e808f0aed00a0

SHA256
b4bbf4f23662a00a60c2cb3515e621a1aa01bef8873bd47234f188f0ae8e3bc5

SHA512
5cfa4038016c722d9bfe29295e36459b0703a2ad6c9e41b71f9ff912de810c10003a0ac0e28cc3ae16d1b1bd2f277aa275191aa27dcce5b9b45babbecae36435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
173ae8a7e071dc9e733d399f051a1a01

SHA1
dce134b5548b9b692cda0cf1bde1f464d1b5bda5

SHA256
ffa325468a1b9bc8bd709663acebda054df0ac2f9f1999a876141742d539bbc7

SHA512
c377b96522106a0963d47f826ff6d0b9b54b3b42385cedf53c54053d33affcd289ed0177954837bd42b172d66a54ad98391efcc071278d1414522b6d1d90f31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
5d4a610e11d6c9fd103c92260389c71d

SHA1
55d44f590c2ef5acdc6fd409465632412d34d2c5

SHA256
c05002a686be6b81b0a3feb6d9a51b7e8bf6f050c57b2647cc3640a5ec00e4f0

SHA512
8fc3c72489a0aaa72b5ea1018a547b24cf496f9292599f0bad2dea91419ee939f1e9b8c106cebd1316292efeb4f56a0ff47073714303e7ec85040d1b1c642be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
520b6d82e1df758c1321ed64dc8adce5

SHA1
59c20e596d3383881c1e11d0fa636f6f8b1c6962

SHA256
6b35970548e88496f095d47f9e506dc53930ba2888da77290ec37fc095ca3684

SHA512
47001a1e7d828dc0d95af1d7555c02af1d799c563487358047e5b2c7d2e4b8ed2f675d8ee33e749db7f7aadcea5aa1576ff8b0f7beb0ceaf9319f663513c375f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
2eb71f9b8865e8aba6f4a3ef09f3d4d2

SHA1
d4bd4b4869c64685e78d67d3e6f2bd838580c4a8

SHA256
8eae6da8e50a86d98f1e7530bd281bc7388b0085e54c0714a83d99e0f3980683

SHA512
6836d163e2977448389998d0cde6af99701dec434c439964f85efc8d65ab2c26f043ef46468217f69de6bbd2d208cc0d9ed51887df0d2ca887d86de079d24361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0251981f673cab394caad5dfef79b5e5

SHA1
9f9d4cfcdde57896bb7b146318e2b8c6dc46a3f2

SHA256
5e89541468b3eaa8ffcba6c535efee666ac22041f1039d9c99b5765e080d41e3

SHA512
7dd76590f3389a9f283403eaf249c5ba676ccfe8e01ce639212a7b0295977d0008ba962fdb6fd5b1040d8c00b616fa86349ba010ad3a38bc641e7d70ff1bf6da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d947033b236b51bc250f79938599fdd2

SHA1
6d137e44f9cb3beab0835e6fff41b28e310ecf67

SHA256
27551585203c67391a287c21a9e99c3cba625dc992e06c003f30e18e8b7e3664

SHA512
7e7641393b3a43bfe4225332e99f90342aa9379d80c0e291a710c4ef6da4c3b1f48a7ee5dc9517fbf033734ebc4618f6dc5eaa40a8095f2b1459dd7ac5d390ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9d53b9bae8bc894e6d5619985e0be492

SHA1
4d3c67978698954e55054f8aae45305cf032f171

SHA256
1cbb9f7c40de069983bb4f2f00409a00ea4cac33d77126948365c4c27d58ef89

SHA512
922eb172e4e7bd28ab183484a9191b6edf6b03f1c58bf0e936e7c331649b993ab3e4cfbc492db807f3fb531465fcaca066da8e6ae7001fd2fd2e919fc39178dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe573c0f.TMP
Filesize
1KB

MD5
eeda6461aa3b2030721354bdc8bdf4cd

SHA1
1381c2daadf67f81761471df2dd007512a520c5a

SHA256
260049b13c1f34ec98227c6e4ac55940951703fb33b644cc8c6cc2fd53ee0c47

SHA512
e597e7993d8e77c67f32a7ef5e37b07a4902bd7a542bbc339f7ff99f412026251ca12615af0e5ea26830e49d4325149cd40be704ce13c8612d2a97fa1e39287e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
30ff5b79eb75f49988841da0fba97d28

SHA1
eff6cd4e7a159d388b0e9caa53680e498558245c

SHA256
1252f407590658712e1df7b5c0f37274e36a510ec2a94e6f77faa69aa7f432b1

SHA512
fd2f452d4f3edb15de86a202181c51a8e982b8685f7b02a9eb7086c98326da24290935b7b38b9600d02700259d0091798c49fea7eb35cfb9d10d34e9bed3cc07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
708ba0adaa3e327dc8653873de65f346

SHA1
b358f9a858e5e1d5e43ea22cdb9d2d1dbb024577

SHA256
b8069dc17b62cf852cdb39c0f9f1fc91ee6281d7a4d5a6fbed930c94f993ab20

SHA512
9917105c5b077dd47f28811e781196a7e404fcac2401d4c743643ce58bda86bdd261abee8891abe117d5df80dc5ec9e734ab5b6f40bfd35e68bc3bbc027c6eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
4KB

MD5
d9f84c8cf73422f2ca07d7e7462b9534

SHA1
cff6e092bf5bf1f3f47b7074847e204042a881ae

SHA256
5bf7b14dde109f722782628bbcf3011a23cd2416e7621a62b49ee0333cdec6c2

SHA512
1ea893c62d64304c35b9086e2c7e760716ea5ce220bafb76632670fcd2f97eca5c6693ff98004a861b190060c47c9d97ac92b41e3b1da1a4e8f89d9638548c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
1.2MB

MD5
af74b05dfa360c31b68109c066c19168

SHA1
2ff9338148ba64d4662a05ce2cbc4d5d8b0d47db

SHA256
06e0591647e22f01adeaa842212610bbd91bf52ccda19d821dc47b41ee324fda

SHA512
c8263929ca80c1615571019cd4a6cb4a84723710a039db55f0008bd7f9f37780872af42d0eb7fbba74e1926f00b858da82e520cbff21f6f5f7aeee5e25c121dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
299B

MD5
225527689e499ea33ad62da2a845b737

SHA1
b80ccff4ee3f4468e1e33209aba98989d362403b

SHA256
09a555e46fc349d052a4b9b8db9578065ce8ea574e3010dfd69b96b0ae96a34e

SHA512
50943cd6bf3b08f4c61723e7e8e49822c772e1427f095442a45241477b618ddf6e899fcbec0db4f8eeb57c834bdf02832b57f0f200332c89a54daf28ffcbc753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
5628ba0ecdb10eb05cba404d787816a3

SHA1
33c0a0aceabb90bee60d8229252b1bb7cb5e88db

SHA256
3f049c0dab74070d7fd5e6d993aa850054ae88501bae186016e56bd0510a9369

SHA512
bc271eb332e26d45322602eb61c44edc756d14707b6d439f88382605a0dcb1ce5eb96e8746525acb77735a7a6f5712998fc68d5ac7259e28e4272fec1eb5278a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
07ff27dd35258f3da39f318250a33597

SHA1
725e76f1f01fb99bcb9883a2bca3b214ce13ee74

SHA256
9b7dd07a90ade9e31752c2c00b0a622180068549e12d2033314db9cbdc329b49

SHA512
5dda511b1ca144caed06599b5362f1e460b5cdecf18898727c455525adf3f8110ef7641d1dd899fe36558d75a7c0baffc6cb5740b33a143779800e30a1945c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
50baabd1650cab0927e5e017a6275ba4

SHA1
eceea0b1feb5216bb0b9ddd1c5ef599fb70b9056

SHA256
ac860291b8df4dd876e6f180f7f83a11746308c5d47f635e163999d7210cf21f

SHA512
892f1baa5a7e95467a032ef18ad1a38142aae44b9291cd236e26447939a3467782b56a88554dc8c3adc2b6a9a85a190046e163e5c33197a3974967630398d18a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
535c04982177f17502e7e6a6e7a45ee3

SHA1
739d301e4b705f68a1d6d34ff22173ad8b0c3df1

SHA256
227584b52cd69af60605bb21f68f6f761fedc87167b2024358b4cc66502c224b

SHA512
a5f9837b44185f85a35b613cea072e8e20199a7c70075b10414c380368d6f40dbe96e13608ebf368cd6be0366d153d108a82c2bfb6e8fc54bfd589751c075ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
2a18f2408186841ad7b79d57dc5eeae3

SHA1
a40773abdb5d4d9fc162bec6f93fc1f0617af76c

SHA256
351dad33abaab8c36660d2b38b79881d40855ddf951fd0cf3ac407497dbb700a

SHA512
0fe03b97b968102b2fbc83f88b4c518aa13d01aaa8406e0f37367a19fd78cb174c4572d9cecf883bbf86833cb2680454feb23e9e583ecdabc46ef9bcb48cd456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
3d91a14779aa01230ecba872bf80bf71

SHA1
42ee3bf3cb5b07747f052c842363a556a6d46790

SHA256
9f4b9ceb74e09fd01e3593ab80ecac9b50da4cf7d5566decbae52c24fc89f778

SHA512
688a8180ae47b526f36f9d9e6e6bd5ba9c0f90851e1613cc2bd2a013bcba11d6f438c7edc9530c1514f153951758ca94c56cb2aaf6f2c58d64dc1129c9b62e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
3d91a14779aa01230ecba872bf80bf71

SHA1
42ee3bf3cb5b07747f052c842363a556a6d46790

SHA256
9f4b9ceb74e09fd01e3593ab80ecac9b50da4cf7d5566decbae52c24fc89f778

SHA512
688a8180ae47b526f36f9d9e6e6bd5ba9c0f90851e1613cc2bd2a013bcba11d6f438c7edc9530c1514f153951758ca94c56cb2aaf6f2c58d64dc1129c9b62e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
52b928a3de6c4e29e546521fd982c70b

SHA1
cd13b06d03c55c18ed1c2bad77d63c34327d3012

SHA256
b24b5a9bd341398c0913117dca154b9fbdfc64b88b3ccafa94e875bf9ed53e73

SHA512
a2e19440bc72a5d3b5dae607da36cadce55a84c746a742e3c3f728ce43c699396d464b55bdee4e3c1bdbcd9c3ff85bd967dffe2cd6bff5f731365e46d83d520d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
52b928a3de6c4e29e546521fd982c70b

SHA1
cd13b06d03c55c18ed1c2bad77d63c34327d3012

SHA256
b24b5a9bd341398c0913117dca154b9fbdfc64b88b3ccafa94e875bf9ed53e73

SHA512
a2e19440bc72a5d3b5dae607da36cadce55a84c746a742e3c3f728ce43c699396d464b55bdee4e3c1bdbcd9c3ff85bd967dffe2cd6bff5f731365e46d83d520d

Download Submit
C:\Users\Admin\AppData\Local\Temp\彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
Filesize
330KB

MD5
692361071bbbb3e9243d09dc190fedea

SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf

SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.exe
Filesize
330KB

MD5
692361071bbbb3e9243d09dc190fedea

SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf

SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\彝馴导璂骡囵弡醤蜗粧穔垶竧鄹漳耴.txt
Filesize
260B

MD5
7f5e7dfd384687fe4b90962c3dcf252c

SHA1
fa908d1af473c4c9488926fc453434e6562bc91b

SHA256
22e800669674960a15e05919beaf1a63a34d51448d3daae763170f1932908788

SHA512
703babade3c3364e551ec6bed0c5fbaf795569cf1a770467a72dfe6ae4069383981a422f8f215d82ff5299fd260e8d294fac81ec878f54bb703974bd9e803c3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_BA099F758BD043A3B3CC7F9B49EADF7E.dat
Filesize
940B

MD5
89eb972a8da6ae3ce51efa2f26e7f71e

SHA1
0ed317e979f327e64727c4bbf4280ca20b2154dd

SHA256
7e7ad54e0a42781c32a31a1e32c356022d7fe2ab41f0e9e915432e89266d8a7c

SHA512
f350188d181bb7a3341b6ae3322fbe5f3a977fc83d980c6a3c8f4d5abb9700b11d9e19e234f04688c2eeed7198e8d0d62b1d0be7861f6cdb9659c1509303520f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
df67c2cccb0b3e8baa0eb40ba245603e

SHA1
13fa26d86e6ca0bf289b783eabe7d0efbc64b7dc

SHA256
eff30afd0eb1cb81f687f5d9557fc30f0c6f0aaecddc6f42df2e53f532183d3d

SHA512
4de16a4076f1360ce4abe871d5196622c6fde3fb52071cbbc766e0908122cc0cdf090a6bc23a7582fa0b5f722a7a94f92e54ad497d23859e81350b5da7b27bd8

Download Submit
C:\Users\Admin\Downloads\Monoxide.zip
Filesize
200KB

MD5
e77bca3013a7cdd34871d734a294d60b

SHA1
697b1f62007b9b9fbe6f1e98aede0e5800a6a6f7

SHA256
0d1c5ead44e729aa9b25547bad1f128759d144b8ecdec25bb28d67d694a5b3e0

SHA512
d9ff6c0fdc7cc2378b3de99abce734b6248c8c91fe78cd6c68cd5e84c6400beb0c5192eb9aa28fd22f60744e8c26d29fa5b6dad79296a1c84f0d2275a30628e2

Download Submit
\??\pipe\LOCAL\crashpad_4532_SKMGVLGNHPECBARE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5608_VDIDYCXYFRLLQEWV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5656_EBGXCRGCHDEXYWQJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4580-1119-0x00007FFD25480000-0x00007FFD25490000-memory.dmp

Filesize
64KB

Download
memory/5268-1100-0x00000219CA5A0000-0x00000219CA726000-memory.dmp

Filesize
1.5MB

Download
memory/5268-982-0x00000219CA5A0000-0x00000219CA726000-memory.dmp

Filesize
1.5MB

Download
memory/5268-1086-0x00000219CA5A0000-0x00000219CA726000-memory.dmp

Filesize
1.5MB

Download
memory/6948-1030-0x000002814F1E0000-0x000002814F1E1000-memory.dmp

Filesize
4KB

Download
memory/6948-1076-0x000002814F080000-0x000002814F081000-memory.dmp

Filesize
4KB

Download
memory/6948-1075-0x000002814EF70000-0x000002814EF71000-memory.dmp

Filesize
4KB

Download
memory/6948-1069-0x000002814EF70000-0x000002814EF71000-memory.dmp

Filesize
4KB

Download
memory/6948-1067-0x000002814EF60000-0x000002814EF61000-memory.dmp

Filesize
4KB

Download
memory/6948-1055-0x000002814ED60000-0x000002814ED61000-memory.dmp

Filesize
4KB

Download
memory/6948-1052-0x000002814EE20000-0x000002814EE21000-memory.dmp

Filesize
4KB

Download
memory/6948-1049-0x000002814EE30000-0x000002814EE31000-memory.dmp

Filesize
4KB

Download
memory/6948-1047-0x000002814EE20000-0x000002814EE21000-memory.dmp

Filesize
4KB

Download
memory/6948-1046-0x000002814EE30000-0x000002814EE31000-memory.dmp

Filesize
4KB

Download
memory/6948-1045-0x000002814F210000-0x000002814F211000-memory.dmp

Filesize
4KB

Download
memory/6948-1044-0x000002814F210000-0x000002814F211000-memory.dmp

Filesize
4KB

Download
memory/6948-1043-0x000002814F210000-0x000002814F211000-memory.dmp

Filesize
4KB

Download
memory/6948-1039-0x000002814F210000-0x000002814F211000-memory.dmp

Filesize
4KB

Download
memory/6948-1038-0x000002814F210000-0x000002814F211000-memory.dmp

Filesize
4KB

Download
memory/6948-1037-0x000002814F210000-0x000002814F211000-memory.dmp

Filesize
4KB

Download
memory/6948-1036-0x000002814F210000-0x000002814F211000-memory.dmp

Filesize
4KB

Download
memory/6948-1035-0x000002814F210000-0x000002814F211000-memory.dmp

Filesize
4KB

Download
memory/6948-1034-0x000002814F210000-0x000002814F211000-memory.dmp

Filesize
4KB

Download
memory/6948-1033-0x000002814F210000-0x000002814F211000-memory.dmp

Filesize
4KB

Download
memory/6948-1013-0x0000028146C40000-0x0000028146C50000-memory.dmp

Filesize
64KB

Download
memory/6948-988-0x0000028146B40000-0x0000028146B50000-memory.dmp

Filesize
64KB

Download