hxxps://github[.]com/cryptwareapps/Malware-Database/blob/main/Malware/Trojan/MEMZ[.]exe

Resubmissions

01/06/2023, 10:02

230601-l23axsea9s 8

01/06/2023, 10:02

230601-l2xqfaea8z 1

01/06/2023, 10:00

230601-l1xdaadf35 1

01/06/2023, 09:57

230601-ly19fsdf23 8

Analysis

max time kernel
415s
max time network
491s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2023, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/cryptwareapps/Malware-Database/blob/main/Malware/Trojan/MEMZ.exe

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
4204	MEMZ.exe
4196	MEMZ.exe
3728	MEMZ.exe
3780	MEMZ.exe
1440	MEMZ.exe
2148	MEMZ.exe
2856	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4dccc0c3-c6a9-40dd-9324-4d9c0a34943e.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230601100256.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	explorer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 936511.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2532	powershell.exe
2532	powershell.exe
4500	msedge.exe
4500	msedge.exe
3188	msedge.exe
3188	msedge.exe
5016	identity_helper.exe
5016	identity_helper.exe
376	msedge.exe
376	msedge.exe
4196	MEMZ.exe
4196	MEMZ.exe
4196	MEMZ.exe
4196	MEMZ.exe
4196	MEMZ.exe
4196	MEMZ.exe
4196	MEMZ.exe
4196	MEMZ.exe
3728	MEMZ.exe
3728	MEMZ.exe
4196	MEMZ.exe
2148	MEMZ.exe
4196	MEMZ.exe
2148	MEMZ.exe
1440	MEMZ.exe
1440	MEMZ.exe
3780	MEMZ.exe
3780	MEMZ.exe
3728	MEMZ.exe
3728	MEMZ.exe
1440	MEMZ.exe
4196	MEMZ.exe
1440	MEMZ.exe
4196	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
1440	MEMZ.exe
3728	MEMZ.exe
3728	MEMZ.exe
3780	MEMZ.exe
3780	MEMZ.exe
1440	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
4196	MEMZ.exe
4196	MEMZ.exe
3728	MEMZ.exe
3728	MEMZ.exe
3780	MEMZ.exe
3780	MEMZ.exe
3728	MEMZ.exe
4196	MEMZ.exe
4196	MEMZ.exe
3728	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
1440	MEMZ.exe
1440	MEMZ.exe
3780	MEMZ.exe
3780	MEMZ.exe
3780	MEMZ.exe
3780	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3768	mmc.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeDebugPrivilege	2532	powershell.exe
Token: SeDebugPrivilege	224	taskmgr.exe
Token: SeSystemProfilePrivilege	224	taskmgr.exe
Token: SeCreateGlobalPrivilege	224	taskmgr.exe
Token: 33	224	taskmgr.exe
Token: SeIncBasePriorityPrivilege	224	taskmgr.exe
Token: 33	2472	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2472	AUDIODG.EXE
Token: 33	3768	mmc.exe
Token: SeIncBasePriorityPrivilege	3768	mmc.exe
Token: 33	3768	mmc.exe
Token: SeIncBasePriorityPrivilege	3768	mmc.exe
Token: 33	3768	mmc.exe
Token: SeIncBasePriorityPrivilege	3768	mmc.exe
Token: SeDebugPrivilege	4984	taskmgr.exe
Token: SeSystemProfilePrivilege	4984	taskmgr.exe
Token: SeCreateGlobalPrivilege	4984	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
4204	MEMZ.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
3560	msedge.exe
3560	msedge.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
4204	MEMZ.exe
4196	MEMZ.exe
3728	MEMZ.exe
3780	MEMZ.exe
1440	MEMZ.exe
2148	MEMZ.exe
2856	MEMZ.exe
2856	MEMZ.exe
2856	MEMZ.exe
432	mmc.exe
3768	mmc.exe
3768	mmc.exe
2856	MEMZ.exe
2856	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 4560	3188	msedge.exe	87
PID 3188 wrote to memory of 4560	3188	msedge.exe	87
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 1756	3188	msedge.exe	89
PID 3188 wrote to memory of 4500	3188	msedge.exe	88
PID 3188 wrote to memory of 4500	3188	msedge.exe	88
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90
PID 3188 wrote to memory of 428	3188	msedge.exe	90

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://github.com/cryptwareapps/Malware-Database/blob/main/Malware/Trojan/MEMZ.exe
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://github.com/cryptwareapps/Malware-Database/blob/main/Malware/Trojan/MEMZ.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff703c35460,0x7ff703c35470,0x7ff703c35480
    3⤵
    PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,14840843198622270675,6599644116546697344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:376
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:4204
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4196
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3728
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3780
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1440
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2148
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:4160
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      Modifies registry class
      PID:428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:3560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:4704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
        5⤵
        
        PID:1696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        5⤵
        
        PID:4980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
        5⤵
        
        PID:2008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
        5⤵
        
        PID:1804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
        5⤵
        
        PID:940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
        5⤵
        
        PID:3192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
        5⤵
        
        PID:1496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
        5⤵
        
        PID:3764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
        5⤵
        
        PID:3124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
        5⤵
        
        PID:4916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
        5⤵
        
        PID:3184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
        5⤵
        
        PID:4288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
        5⤵
        
        PID:3896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
        5⤵
        
        PID:5544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
        5⤵
        
        PID:5564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1
        5⤵
        
        PID:3496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
        5⤵
        
        PID:5476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
        5⤵
        
        PID:5272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
        5⤵
        
        PID:3812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
        5⤵
        
        PID:6020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
        5⤵
        
        PID:6064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:2
        5⤵
        
        PID:2324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
        5⤵
        
        PID:5352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
        5⤵
        
        PID:5824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
        5⤵
        
        PID:3244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
        5⤵
        
        PID:5248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
        5⤵
        
        PID:5676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
        5⤵
        
        PID:2612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
        5⤵
        
        PID:4652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,768776159146373817,6455128474839295250,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
        5⤵
        
        PID:4804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      PID:5440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:5452
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      Modifies registry class
      PID:5956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:3972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:5308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:4260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xac,0x128,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:3764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:5936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:5900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:5184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:5536
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:432
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:3768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
      4⤵
      PID:3264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:1700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:2532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:5700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:5720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:6036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:2180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,10040099511168666036,4114865454609100665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
        5⤵
        
        PID:5876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,10040099511168666036,4114865454609100665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
        5⤵
        
        PID:5136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,10040099511168666036,4114865454609100665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
        5⤵
        
        PID:2800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,10040099511168666036,4114865454609100665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
        5⤵
        
        PID:5212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,10040099511168666036,4114865454609100665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
        5⤵
        
        PID:3840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,10040099511168666036,4114865454609100665,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
        5⤵
        
        PID:5772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,10040099511168666036,4114865454609100665,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
        5⤵
        
        PID:5164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,10040099511168666036,4114865454609100665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
        5⤵
        
        PID:5264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,10040099511168666036,4114865454609100665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
        5⤵
        
        PID:5872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:4352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:4436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        5⤵
        
        PID:4636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        5⤵
        
        PID:220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3096 /prefetch:8
        5⤵
        
        PID:5880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
        5⤵
        
        PID:4228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
        5⤵
        
        PID:5588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
        5⤵
        
        PID:1276
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
        5⤵
        
        PID:2948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
        5⤵
        
        PID:1856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
        5⤵
        
        PID:5608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
        5⤵
        
        PID:5428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
        5⤵
        
        PID:5596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
        5⤵
        
        PID:928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
        5⤵
        
        PID:5148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
        5⤵
        
        PID:1496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
        5⤵
        
        PID:772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
        5⤵
        
        PID:4884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15735443619242898307,9885752902275733655,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
        5⤵
        
        PID:4264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:3008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:3240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd77ee46f8,0x7ffd77ee4708,0x7ffd77ee4718
        5⤵
        
        PID:5684
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:3344
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:3020
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        
        PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:932

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e8 0x3e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2472

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5156

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b305a2310ec0bd38e61164bdd848bab

SHA1
0f18ab182668638d992dd76b0ccfc8f7e9e1a70e

SHA256
3d77d6ad0594809d93b0353e7bd0a0dee3a5a39292f2ff5a27496decca75fcf2

SHA512
6bb6e7e89254f78dca0c1295bbd8736aacf1a0c4c8b1b61dd49a9fd7bf6b126af8c1685e5c151e33452e81991147e91c483f33a3d912143cc1bec94934a43043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65ddd3de96a222268e4f5876dc3680bb

SHA1
cbd25f71e06e5c36aadcdc26ac2ab5712aa317a7

SHA256
9da165b33e89b957f4c0782b902e81261ab922d4255402c6b5ba924bd20d60e1

SHA512
588f23384b64d85e0689833994af61cd3bcbeaf734f03262915b91ebdf5766803b68bb928f135715fddff82679b200ba01eda34148add2f7f8f3a79a280f9c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c885006baaf70831294f88e3c034bbb8

SHA1
3b7bf920163ebf097a4b121656ee9d6b94eece1a

SHA256
500d5b83a44fbb294fa5f27e14d3cd7618325bd85152bfaa6c98ac5899d31237

SHA512
e5fba595b6381299f4c106fe13c4e75c03a313b59e476841f875a80c9a314ef73749a7a9ecaec957487d7bf15b02a20c1757b566eee4b501095a39d64139f2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c885006baaf70831294f88e3c034bbb8

SHA1
3b7bf920163ebf097a4b121656ee9d6b94eece1a

SHA256
500d5b83a44fbb294fa5f27e14d3cd7618325bd85152bfaa6c98ac5899d31237

SHA512
e5fba595b6381299f4c106fe13c4e75c03a313b59e476841f875a80c9a314ef73749a7a9ecaec957487d7bf15b02a20c1757b566eee4b501095a39d64139f2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
97aa9e434b3de00dd7989d39210acc76

SHA1
b19accfe029a4608451417b4c8d070d0d1f1d97e

SHA256
65fbe96bf8dd62d86cbd879729798d17ef307c1f182b02ef9b6a10e747a4a48f

SHA512
4e0459c9b077072a03bd5445cf75b158b2496ad10f90efd6b4cc901b44cd6b2031f02eefb00042a9d10ba4ccba807419b7fc2827cd30bded7be356191648facc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9f630309-c58a-4169-b951-8f808228c4cd.tmp

Filesize
1KB

MD5
9dac6215e934b32dce83343f30db43b7

SHA1
f8078b40d3d1dfa684389720214a089528103ec5

SHA256
ffdb01fa74de567f36cd6906c0d4d60774caabcd5663dcc74e227da3a8339b10

SHA512
8206c5f8ea46062d799c947a9036217c8d59466a726bea71e5f6fc92c86c9023196e38b511e762ac35049faaeaee9ed28781247e4c6aec0eab16740ada6db7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
162KB

MD5
44ec03cb3248c903b67751ea27df310a

SHA1
c57e9cf90caf30457e9d57db750b8a0eb8856770

SHA256
d4de4a836d11828dd561db1eb8d7fd48a7e0ce9afd8645e2eabb19a1267b6894

SHA512
657e8958d97eab524224bbd8903e0bd7d0c2640805f77da7546060164fe03f7b6ece99a005ef44e41b7233a2e24ffc63430b2fe3c87f61a1b26e0d7c7e52c365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\182219e0e256bdec_0

Filesize
288B

MD5
460eff46d961031219f5ec499e49ad30

SHA1
98b7d2b83ef15b38e71fa7803947c72beffb8882

SHA256
88f0909c8c8fc4e63dcf674d8eb88574306542acc3826335ecac45faad6abddd

SHA512
bf09176a8c1400ef1add2060fec7573c26d9608adfda17ff69457948c9adf25e037f9b444642a3f8a15c03e553cec386173d5609eb1c9f15c489e2cf22ec9f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e08d5f6cbe1314f_0

Filesize
338KB

MD5
69596a8efef121dc10115194ce17b000

SHA1
703551281eabb7df5f94394b0b62f3d52e62ba8f

SHA256
23982b932940e2894ada5b7f80ffa3f89ae58410adecf320d7fe95bad7214787

SHA512
e82103bc4f285350bc94939b46437b371f0375efaad08cfb4ced7c3cc4019acbb299dc295f1523e636feaf73bfcd6b337b7ea68bf760d0a534a4976ed9f37b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
7dad811f95c33b457b7fcf8b0aafec42

SHA1
b3f8ea6beed14008cbe488895068d3783d5c97b1

SHA256
3d64f8fa8022af042273a43ce7a51d24251d417bcce4bc9bd30b5f16ba5486f0

SHA512
279d24034c9e661c8f0b7959e033dd04947e3d25a1848847811e42e82ccc21a3781aeb86a87ef2753880a98992ee0d91209c6224e91e0fb1c62b095e1388571d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
364ce42bba16fac54fe65255f7d72901

SHA1
55c546779682f4c0246ebe43cfddc7f1b990b09a

SHA256
b203f16693cdccd7bd5482541772768e6d36ccf924e0f636f64568036fd78d58

SHA512
6167885be2c165ef08a318ccb750189b89581ed46a5b6d930ffe2606bab614acf28a35decf2beeb3819ff9f1c6e7e4e863d4b73c7fddc06656ecdcaf7c25d892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4c12887f7892ca8a9f90f16184f9fd8b

SHA1
c2ea7ad860f6b94c17de928d586c3ae815f54282

SHA256
b731760e565007562d59a73ff5919c68270b5050c2940ea68f94b65a1b38bb02

SHA512
606a9b616f74fce70aed32e9db5b4f068bfe3c523e1ed9c017d0c3d2726eb886f5414459dc8eac30a17d4d8887b72752018133c2400bbb9be5cc2f6b7182ed53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f0b17628cbfd9c5b55f6573b7f68d4dc

SHA1
fa999561d01e31752eb2e502b5a2fb4e5f61643c

SHA256
10d943d696dfe9686f954c6ec3b6a524f3994f715e4542924d15411995ddf93c

SHA512
2f0ab29e6572d18e4d322bebfaf2e97ee646722890bbce5f406f0a731cd46dfb6c9432e1f67a49e2a11c4289c3d3b521ebeb6aa38db299870a77882898886ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
62e796ceda8d3a7d5fccff87336d7d56

SHA1
0c1fb1e58042a930795784ec84500dc98fa7a21e

SHA256
f32be974aae5c3b868cc8df9598bbc0e196902df4f42faf66e797cf38b042167

SHA512
581ba92d68942176b835aca267143c6122f789a1655bfc7433a5db7d278ee329209ba3c028d7af939a57728786c9b4b5416583111f3301bdc559f30560071273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4c8bf84fc2f45e3f1fd02245c1c6ed3a

SHA1
58bb20954f1ce80f8ed9fd114e7002841e1cb0aa

SHA256
9e919e16380b7c5dcfc1b156a7bdec9a84cec91362e391c3a4855b52ee81bb69

SHA512
39142e598e530f606dc0f9bf6f6cd9bfeffff1407dc1ab8170bc7a30ee673585a3d53170e8ff52811008073c4af7ed25be8c8bd5b3068f73089321a6f228e9b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dabe069439a35f8b7d39ce9455a41290

SHA1
fd8eb7ce46a88e0a34817a099fdb68f18b5b27dc

SHA256
d4c5c02884dded1954dd311e5303d4630a1111a61c164841c717eb7f8a6969a5

SHA512
ca510d463f4109f96fb7faff6f87ebea051db98080118ed32a46836e0ff24e1cca40c09eb0ee6f0b54407329d141175db342accc2f50b11b0248fb64d7532679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
58d0dc1efd8ea1632b875ef299144813

SHA1
0fa72390cc373099217b8fb2589af11e9cfd8fb7

SHA256
e1c5dc5b92155f8fc58f0f27c874e8d52dea9a5f870621e218c3e4f22450255e

SHA512
28971d5d4a71d5b011ee9a9021acf940cf9371044b1ceae23fa9852c72ca70ddba71c8826e2e8a124c7c45ffae481df18d7248297f2e94400458407ee16af289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
49d16a0fcbf66a427185d266b76fac11

SHA1
123255807cf0b27324496ba05d31b4c1a9b55d69

SHA256
41f9ecd12ac233b9ab68d1b5b68ce2a37dc4817b637f23e4ba0aa6dc9e9edf47

SHA512
bf3d57444480ad8783ef03fdb7ef89d02ce66511d24680db836531ee70d5d771769941126bde93f52dd6b5ee725e15edf94de0676631b4ccbbd5f429a05f1dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
74ea23597b9e878ec65f4f93548f6810

SHA1
cdad91c5b4827cabc649131b9b7daab9857b1378

SHA256
56d4c00c01c2a45d2a2dc484d45c1dda347e278988e0eebcbd1f01c1beb8cef5

SHA512
f3911981fb559d1fd1cd193bc5b20a954c837e6df8055601cf55b6b4a42be28d1288247dd59a5c315ddea3f75baea7978f1131f4143a306802bb0d4d003bd592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
edb1c0aadc0c1a0842b101cc12bb028a

SHA1
05d1072f7367f048095d1ac267661b71b7fc0fc8

SHA256
1b3a11e83726fd970e4d656f8dc02a0ad8f677cda1f13105e1ff23010d8d9299

SHA512
509d57fb725d430cfba269bc9999d9a04c7f586f1ea7271bb52a03e02943a5f7fff8169c00f15963afcff3d9e2bc356bc77c1243d5d2481ca15b2820368d01bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
5f7794c08c69268a9f8cd92b9ace7580

SHA1
6d71cd65c73250626fcd6f43ba641a8298d11fe7

SHA256
d6cbf86e59855e6318a3b538ef69036078d0cf57773fa46e552a799e56197739

SHA512
9ebc765afae966fc32506d02415d0e1d12a2660e7acf6e6b41d2e6ad3cd5ec5330f5c4f4f9c29ce62b1eeb1f2009cbc6df87667b9704b9d0733f2f8a1df93134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
ae2c6aedd3122360c5b6badd6c1b34b2

SHA1
b82d68c69014c6450a46d2c12937f7b9cec493b6

SHA256
91781603ee455a7ed64ff62258a42c06fccd0b27e29f2ed4ba1bc65cea16589d

SHA512
30894edad272805ad5a48f5469b864e34aea15458337e6116b09ade0623762320ff1a03f6ad0fec6fd5068ed14ad89ccdfd10e207b16cf9e2eb1f3b290dd5487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
1f43eed5d322a3ecfbc79fc03a61002f

SHA1
5066f7feacb5a30c839df5a1d299b9c2c5423a8c

SHA256
0d8a4898d5c4c7df99d3550e4f47c9d8ac5b040cdc25c68f97d2f421725db5d1

SHA512
2133838edf254b0239cbda559339f216f8f90d02f2b80bea046f2444688dc570df787cd858df8c699bbdcaa44b53f75c970db79a2b60cb98e792ee38256d4293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
a5b287210c40eba484851070a542489b

SHA1
d4676a2419fd2ab73e5002a15dfb9d9006303ec4

SHA256
52b14145d253f1c02f891b6d792fe6d3f0f1d2cd5a61d88ec1e65e62fcad7bda

SHA512
3c5549e32646728243839708c1f3a03bd6949e2205630db840fbc46cde570411eee52582ce4a872866b0ddc2fcab3d18d21b618e7ef2c5a45791117fc1cfc6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\552b9a2d-906d-4018-bc20-9ecb2a4001df.tmp

Filesize
25KB

MD5
e0485c0d743883df435265f51f5934ef

SHA1
2be1dca331fcbce9e08f7c58abc23a49988590bf

SHA256
cc284f9755742791d39cfcaf4435a39c727fd8469bbaa647809f3b710cda3cd3

SHA512
b518d0774e6ce8cab200d741be0cda0cb3905fece843bd769e0b64c437a903e204b5dc0fc6544b425d86861969a58f7f2aa589eea8584ab60b056183c1b551ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
21KB

MD5
c3561184b42c7ed4e165c325756dd9a4

SHA1
9d1a208132b437703cf73cb91f2332f9aa591d6d

SHA256
23636fd3ba53b3c93259e9afa004edba87f110200da2f925b1629a620a9a9445

SHA512
c98a7efd3564d321e2a04b24d41765f1de96dab6541420434ea0ec35160a93efe983f195c8701a1f649f345acf13352f853dd5ab05cc726e64495cf328f9a580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
973ab5dd7dd41da21bd3997efd7f87fe

SHA1
5b92034dd40da4dbaf3930a8e1cf9825cf348cfe

SHA256
e56554b9bc616ba7abf8f3667d730fe998c4bc4bbc6f3472e20c2d2321c6c096

SHA512
fdd3e5280dd3e60013f6f2dd0913dfe50db5b04d2f561daf0694e61ff59c959a37b5bd4f1af1136ed893732155bc0177435a19b061e7cfd66ddc651d9163a04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Filesize
48KB

MD5
5418be36d59ccb50b8341a5f7dfc5b7e

SHA1
c31fe168bbe024962fa94118067ede3d89d02f1f

SHA256
bb8ffb2f491af110c82e70a17ebfd94ab4e64716a8866c11f219ba4848b5cd2c

SHA512
182d338e068d7705c2e3b68f9bf702867549e3e930921e699448568bd980aa9f30810824109fe05cde5ffe2a3c556ffcf69ef030c72777245ef217d476356f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
ea437fa6bead36284d492302c0faf05a

SHA1
6700ee4800616b58c47fa78fa1eb96703ba0889c

SHA256
1472502ddb23b512dd55ac84b40e4682bd99edd1077864bdcec080cd8fc4e83b

SHA512
2255cb2dfcaa0a377bbe6d550f22ab9c406702219f57483aff80ab4d00670f0794d23148364e674f3293c075b1ea4d37ce090dbe1564cdb1d7094bd4c8ab4b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b7ca1f4c9f8885c34a1e51b894c6830e

SHA1
ff8eba000f733a12dc58ecdf82b5c2e1655b2e91

SHA256
61ea46f09048f0c0ebf65de502cee3a1617bb2b2fd113457a19d1616d77ded11

SHA512
f86104dacd48666786671af5f222073ae5da7b7acfcc75e740750e095d0d8bcf3e8af99f523ab7d05f2ad181c98648a03c177823ab5c308e021a306622ca678b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
5c42a8ae2d05fd6bad6ab645ff484dc8

SHA1
558843aa6b6d3dc51fccc0cea178a9b2dbda3489

SHA256
e19b9650501d8dcd8b7f4f220a18a23881fae9da538bf065339b4f72ddad991c

SHA512
926b6934fa4289aa2fccc19baf2408e4fcb49f1c1313f505e13de62c8141a413a93993a259e85cdb13cdc963328d0aabf131b7a534b32e5e54749fea39092c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
348d1528cd9149cac17bdca800fb9f1e

SHA1
b5a81037aa31a85bfec0f9d55204ff3b12cc7f7a

SHA256
4909052a70082089ff4079b79489e6e5073db6f0d34a8bce9e2427ee2404990d

SHA512
f966416165a3a6f29fe13b864e99a74d43a49fa091351c055fc6296c5f058dbbaa7e0b4d7d5d618f6517d39a4ac5ba9f337ff67b45ad3ea120a6c188a04b6efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f6c405c322fdc92df231cec7aad8dfb1

SHA1
b6bc1dd72712e4b9387fc18d780ff268bccb5e60

SHA256
14e89fe47449cddaf0aa24225ade9b8ccb491eeabc897be4b4a3aa25fe03cc6d

SHA512
38a7b6c4c0e6feca396623a257bc9f7b7f94a127333b27b37040419f03b57d0cacfb6229359058890521330bb0121dbd4d146657c10bbf6ba8cf3fd68ee5827e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
7b2253a6fa7b6c941784b92704186809

SHA1
eef99141df17a30e851e15a88373ad50438a1180

SHA256
602fb72bf192a45033d30ad0518344b2f7c173894ff70934259944aab1bf7c88

SHA512
0772930a8d2aaa2f1d2bc65f93de20f65c26145f18ac567f15714a467c203726bade5252a906f40231bda84ce1f663d517a062528de0b0f94df8da358a5892b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
43a0f970e3e53a54b915c8f5d6b1cb82

SHA1
9dcb14bf5da56ebf2c0259a30e05498188b574a5

SHA256
8ba64cedf685aeb2bcb865199bec892ab79be6fea7d404d2febac6e87048c656

SHA512
bb6ca59ceb5dd9dd2078560d2d5d50f9da55dcdde75a7fabea41900c2b552dc543241b4f1a53439a1c0ca7566710ad7d139b7c589fe49766b9fd82eca01384db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ddc2ed5506d45f1267b683357f9dfdf6

SHA1
4cda4fdf6e1099dd94e2b4f17045e18eea4e21af

SHA256
54b8922b963a8d49f812d7b5dbe4f41bed3f82f0a2600e7b363fcd1b153d936b

SHA512
f36692325844b05136d1d0bb5eff5e865f1e0b035a0f9dd1536381fecf5deff07720b2bae7ab2c928bba2b8271c8e9faa892e77468d2138ed6fbb52770f79cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
87c5919998c68fd97aa2d3050dba2745

SHA1
a9d05e3bec59121c6dcb57924e2ed13358971dbd

SHA256
e2394e4fa3a4ca7f3934f812c231348c7899978aa69fbc62e2e84ac264dea9db

SHA512
9c487723b79bc3e6b6c17cdaeb73468bbda2ff8bce712fbd2787d4c5a31fcf8b06d34293b28370d26d114b575bc36824b787e3e03895faf137689d04f9bc3180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a97d3e1a7e32c3af28b10c010753bc7f

SHA1
a13b86f8f9a1410ad4d6260c0d2dfaa14867ca49

SHA256
1808c6acc888a80cf65274b1766891e3c470b84ee7fbf22b043c9f8550e45114

SHA512
738e25fd8c4ccf724c4bb53541c55b950b6135faf906db0447d1c83a0c8eb4b1564d9d51a5245b58fe5ee88c9c9de0929cf3af3c511b7b112a1c8784ba891c46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f5f2598c14eeefefb6e9a782f118e08

SHA1
5d68711fd872fa03b985ffb23577b85a9c4823f3

SHA256
8b03100302f7015187732b2452fdb9cd8fddb497a599e346eb4973d640302e7f

SHA512
4acfdf1b9265e42b91922dc971ecb44f5ae1bce6843c88f0c776ddcbe53cb69aa9a8710b6890792eade62590d6e3b8c017ad9c0c6c9f76698ca45e32543f7b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
98f2e98b1ec52400e2fbfed25fdcad3c

SHA1
8765f9f4f511226949bc97461b3fa1d65a87a90d

SHA256
af91e70122f0b68ebdc15d20f06e7d5963578487dfe07aca3efa67d80f333337

SHA512
5a4eeec2b3d73b9dc8783a725095e909ecedc60d13739b90b488ccf4980aba1251a6b4161fd3a4d782fed8a9d97e5e0bccd97afad8f402f6cfada0098544960d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ceb93d5f1153219e9b851a79ce373c63

SHA1
7341579931f9f9b55565834d65ae24f6140d6204

SHA256
ef2818d3743efa11c232296c1a73ee36ed9c34ef77d00f999631e3c028dbb275

SHA512
056cdb62622a296a8b5addddcca93b633432c062a89466386e695288da2fc0f2a2263eeb93551291f829e23787d5fd11e461c63012eb6226d754bf7ba9b89644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
282a6f5d3c9bf1c43845f0d4a5c6ee07

SHA1
766fc385b56be5eda072434da029f6565107e1a2

SHA256
74497c8e9affb8917012ce6b9ee3c85425a93e20177407aa0c341ba667b58897

SHA512
fde5344e9e5d9c22dcbed0633a4232443d58b1ef5cf0f32043de86866179a93dddd3fcc3c41fa0aab5538564eb5ebbb8bca110e97a7a61d9f2cdf1f3b4be9079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b385f6cde61e0a3e3f4cfc851cf0a4b3

SHA1
563fb0573056f7a1c104fbcf8358aeb3aae73959

SHA256
8b8a17e31760e1fc906963031f41044ca862bc2af6fea1aed24458b30efb70b3

SHA512
b31a30edcd868919c2a64a4921a5adc16675b625d086bef7ea8c2f51454f0e717cd47ff2d29fa851f8c0667a0b146afc7649294f97287cf8b9288158c60cb9a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8006b95e0b144cc2edff1acda6f718d1

SHA1
c6ed2ab271b26333859543fa9d63b6040dff575e

SHA256
246a44d63d6246b7ea7e73f2a1964ac8a995103a486aacb2beb898156db46758

SHA512
3286654e4c51f5bc9ebea4e7ff7b9335ac188f2ee74d5c3a722ec0093785af77efc50636b35134bcb6227ea5e06f183ec9693691d37fc5a9a933691c7f0f156e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3bb79166ff276eb5d05219e0be2bea42

SHA1
8e47bab0d2dac28d075dbbfdab54ef057dbb91e2

SHA256
3b12b55359ee6f164c438e8accfa9060bc0f067f6a73fcc9c2e4f9abc220aa7e

SHA512
013571d20b275bf92950ac62a288bdc1eba97d2ffae74c499c9a1867f05205611b9043983f2f66d29da48f1645db5bf1ee848fc3d58b11a25eac6599f6ee7dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a6e6243da1282e22d3a5086f1477ad1

SHA1
4eda155f4dbb42367d50eaaf6a47dd8aef4ddde5

SHA256
474746633beefdb3ca2ef0fb131c6a2d5507f8ca63500cc7b849b94bbade6603

SHA512
0b78a36954695cb4aa2a49bfe988b27627b4129ae5c6a0c306d8932066e481311e9311ed4a29f67b91eafa86cdd38bc30bf733f3f04054422200443045dc6f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f3ad2471660ce3cb0f93ce30560ac3e9

SHA1
de92f0a6c8d11a03bab9299bf59336daef455155

SHA256
33272f044a5c0e039b71f13afbb404da1895b0e0fd978d38a2078817a748a46e

SHA512
220621dcf60de0f298bb23240683cc39f8dfa310b5da3022e327b7323a85acebe08532cfffe24069de75430c9c35877f825d0b8123b34ba0945f9e6526f9216a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50ac63c0bb739d2573be3395b1dc9694

SHA1
2d51bc8a4aefd848549e7e82bc35c6e1f7d51f3b

SHA256
cc313ead588b78b677d3a1cab39733a2f86291c12c738a142c57a42ace93f126

SHA512
583eb0c82802383c950e25638ee2b6df22fdb4a922aeec53cf2681d05fdb870fe3950c18902dcea1c5d6af6a468d1aff277c4cc110e9ec9a5cda36cabadc5567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
68bd83b6a4914d1045fa0a2822eb4cf4

SHA1
86f8e8d150b7f8268b3f242847502fd336a8ab3c

SHA256
d29d97127704cbe46c8dee2b305f66bfab827471facecb19769d3de41445576e

SHA512
bb8e5adae6ee4c97e3e2a00a9e7f6ce3708356b61d337286163e8c87444d2035779815f4916e0a4e10fcfa042948b1cf8d1b6c918f0f90a71ab15f2316d2e56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
69f10fe619e5ea05569d5ecf40be4872

SHA1
73712e4cf4131eef50982aa678de38417f689c3b

SHA256
b07ab5a1dea6553ed850f0beca2c8425fe108a3002c75cb59b5ac8890a74b9d8

SHA512
c53f7700d0fce403a794936d17ce83bff58d1b2edbc898a7a39f5f2d6fae8641a89dcd354407f5bac134d03340fc54c3350e2f75c98728530eebce5003192ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a82eb27dff93676a91cf3c1372c35d6f

SHA1
c0ebef9a8b2aed6fb71b349f1b220c13ac045f03

SHA256
267391098dfe7d90ea58b75fa642c511f03f502b30968953928fb1bd808aed07

SHA512
fb13c95751f1b75a2677856c236042c81c7808ce35823c9cd3cf01e8b23ebc0b854af6d20146094465eb7f77f93da81c8ce934c729848ad928bf01fafd5b3eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db72db69bcce3e2cf75cbeeb0cc22c56

SHA1
d5a6dbaa264bf91809712bdd5323baed86e11c1d

SHA256
99662c6088bc8989ba31455ffe8371d69ea755ee7bdc8caecfd22d620e60eb64

SHA512
89a4ce94827f507bf4cee102a2438a5bc5efe7784f513b5afdf6d949fb6f88818f3238d066532b3760e3e2072dd34d2bd1e1da3fc2e8fc6d76d8f8ded38aa3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db72db69bcce3e2cf75cbeeb0cc22c56

SHA1
d5a6dbaa264bf91809712bdd5323baed86e11c1d

SHA256
99662c6088bc8989ba31455ffe8371d69ea755ee7bdc8caecfd22d620e60eb64

SHA512
89a4ce94827f507bf4cee102a2438a5bc5efe7784f513b5afdf6d949fb6f88818f3238d066532b3760e3e2072dd34d2bd1e1da3fc2e8fc6d76d8f8ded38aa3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
416f1415d9a6d5787c527ba600019d50

SHA1
07df003e6b3133c44089865083fbfd2e713ea1b6

SHA256
2b104a1fa4890cf35ed95b3cb1ee14bb99811d8b6dae7402f09dcc2ed8add8ad

SHA512
d5e784dc0df0f66d7e9ad80b60bdcb86310fcf283f7c05e3c92f5c14882bf43eac43142b908ca6d2a66d84b538c493db922e766ba3038fd7e661d592ae781b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ed4b67ac2174f699a25a394726aee46

SHA1
6458fdb0f232508b3bf80022ed95efdd58a234b4

SHA256
5bf5141934fdc25c9c062b0b77c48e1835c8fdec27287260f13ac5224f2a297b

SHA512
954f5181add5ab268a347e4025e83d6c77bda6ae89a1792b47ef2d58a84b428762de6d7b0f4172943e41d6a40b80cac640f25187da07d1893087e39679e8c79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76d84a2c03cc9ab4dd003b6cfdc27682

SHA1
67cf488466dea5f8be07b182c265891fdb818671

SHA256
b2700a11e3b092585cc0ff0f433a08fb3d3642a59ad762517ed8e6edf9877b74

SHA512
e3177bb97765ff1e99ce42ccd05e193d8bfad1a9c8df55bf44b0fcc44e872fc1292a12a02b97030c1b6662d362dd63601702156e6f798447fc7969b67dfe648c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8aae5d6000a51c162a7499b768cbd36d

SHA1
28c53732cd8fa36a2d375af4aa6033ccda203e56

SHA256
7cfb6b4563dcf5d0042ed2f3cd4533d26a1438db06aa35a77420de2322dbf2b8

SHA512
128a6e6223947f72cbebee31fb50d5a338815dac1cf6e27e1037e59c5132724886731ab54198b8cc3bc5f5bca6ac261319e5b9e79cbc8c2df2de670085990427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a6ba2d8513dea23c67f02587716b564

SHA1
0348888f513e8d3f1585f46242adfbeaf8563fa0

SHA256
4006f33dab83d4674a2f5ccf8d725da9f60dfc04efca62c6c0218735dd9e73d8

SHA512
9df45e20e198f56356e2b3051f3e8a740aad00bb1493cb7109fd887054db80290f472771b61a6060f54859774054c79b880f6e0421809ce23b8c5bd63c9dbb29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6cbab80d90ff4bb60f2a8cba9a27b230

SHA1
befabbe2cfe057dfe68431c53f8ab522057b3ef9

SHA256
b38f23366dbe21c7ecda671bcd3cc03f33b41d0f4f57c06e1dc9124fab2607f1

SHA512
ef2f19bd244ae62b449f0e33762fe1244336e9a625f7565d54b82a98497cc727242cfb452e5b6fcff8f9d21deb5b4628f50edb3c49da9a97f08354f277a8143b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b82bd80ac1d422513e0e8cb508eff9a4

SHA1
7fedd82301ec843ba67c5b8ca7fb6dd523fb4727

SHA256
9538157a8cadc1e6b749aafadc2b4abc7cef42ef33e02687179495baaa6da668

SHA512
7f1cacdedf1d456cfeb42386c10803695a6f504c76ab0356fb639d014ea2ac2069f1a53a86f2e5a0c1f110c34e293460d03e14ee9913f2205a6fe8ac486529f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74ba7c2e23dc989252025e945deea7d5

SHA1
3abd67abb9fd67951d4c0566dadb42332d307f94

SHA256
843c51c6a282392c392dbf2e3925d7be544491608314e0e1f0ee7b251f5d73b7

SHA512
728f5fe290739acab8c9388b6cb963c9d5cf4ce611bd6c0b8a4d2a313e2a864c524be3229a258d5642f09451eec809a73cdc541af77d84bc65b695c969b26f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
20ce9faf7bf4dfc4296347d6427a96a6

SHA1
3dc083ea1d6db8d4a92d51f6f989f6eeedcb6520

SHA256
4618703f669fda44d23a77dc391f6ba597e1bac1e3f2f2cca1f3e7441a24aca8

SHA512
9e69197de9969add54e151408aa573a30dd673f3e98420b923e93e8e1555f56ef969d37a57f878e75c003ae4782817ecf0d10bd0c602f36361077ea03a254bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
909cba557f2a6729e4c0ef63b6b36ed4

SHA1
c2bb1a22754e691596953835992e8846b243bcd5

SHA256
eee7870a12de5df059c7ee92fe44917cd8fabb24ae2407bfaca0ba9768df2160

SHA512
b11388161d38b95496dee7522882f82baed6aa8534d243d96a95ad9d01f77fecead9756f2fd7dbc01a0ddf7f1b184d04d58aa47cb4e9acb3d16f34d12f2220f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
945dc19d27eae064a025fba5c627b4b2

SHA1
2a49253adbcb1696bd12e973f8830eb8a41d9bcc

SHA256
99b6168866ab08089da33a7aa6fef7ac31324c387e9ede764ac81be9b29d3cfd

SHA512
db69c33c2180d6aa45dd93e79a9062dbf4720064efc2f9feb0128feef264faaec28d632e988b1b8b168283704e5650de942abb12f391a17ff30eb9eb106d730e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
69b72d0a4a2f9cbec95b3201ca02ae2f

SHA1
fcc44ae63c9b0280a10408551a41843f8de72b21

SHA256
996c85ab362c1d17a2a6992e03fdc8a0c0372f81f8fad93970823519973c7b9c

SHA512
08d70d28f1e8d9e539a2c0fbac667a8447ea85ea7b08679139abbbbb1b6250d944468b128ed6b386782f41ca03020e3a82491acb1fe101b09635d606b1a298be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13330087464852042

Filesize
7KB

MD5
8e4b950f970a2a49b0fa9a7a534d9f14

SHA1
fc5c29be4a36a8a66fe3c159b898432f06661d99

SHA256
85175811d62f2aafe3ccc51690724375be6a439c7e3ad3d19f14ace49a2dd1a8

SHA512
3f438327fdbf76ec655995e5862e2681d141da4b4ee522e355171e90cec434a42735c37f9625fa07c059cf4d79854f0b731ce97454020138378efb66efa3b492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a396bca82df05a85f811b0f1a5150af9

SHA1
fa0c9f48c719cf40757211e1326a9db7d0e64091

SHA256
54014e621060b43b1399d7231330a6dde96779e762b15da92a112c1b9d7f36ae

SHA512
3315d4ae13fe6bcf3232c050d1e8bcb243b2fa614b77ac9601d1833d4b79debb32d247fb252d4848443b9ee6c2179d7ae2843911d88565770aa5e278a2a4b813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
16c75fcc5572a9e7c923e200e67a03fb

SHA1
a073571d4d2df9de0f17326a4fa043eb9b22e329

SHA256
2d16312d9b3cdd70b005725d481a34db1aab2e1becf400cd0e9406b82e3312fb

SHA512
22085c47ea27150e0997b40f23663867ec869f095bc3faf3b0f750030ac9a2f0b5b90691c15de726ce2d869c0247f33518219fb2622bfb975a2c3c5f90a1a5bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
62c0843e41b6eb60e86e2fb614cf67c5

SHA1
18fae56a9a8a57c4432c1c2cfbeafc60d037a5e0

SHA256
3ce5212c7ae9ead12891c0655fa8cf6ceeae3bc889c8aa8840b750d36dab6dd2

SHA512
3ff7f20bfec9623e978016c38d8361771af19fce798d0e310e0bf42ac81511f141fb8b345d94d4011a31f30e028c4ec26eddf223677e19ced929ebc04c606d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
03a3fce8963422cd623b6f82c2cf91f0

SHA1
b6a4813fafd5503b1bcc3c4df364985078347e8e

SHA256
8c6395890170fe81fa42d0c6dfdd92b3d085601ea60c653a4c4cf42359990022

SHA512
567a903188796a9703e8041267e9acd39fc77cd13a6b0d5cf403a39b57b442b0131689563f139415bb07b166f7a854e0c5cc7acf51dbc94b33a32d3a9c0b2841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a374.TMP

Filesize
706B

MD5
59b35014d0a719f2f949ca13cdef7a3e

SHA1
1fdbc89d863413efe3dbf07a6248ae949984265c

SHA256
d7b0096bd669cd3a0b6d2566fac9ff664b6ff71b746fecd881547f29a9630b8e

SHA512
b34bc2c0bc85df81978fd5eb9669b95ece0ad1f8672b73ee836ec622dc6aecf300ed77e2995088873c97def5d972b38da5063df312f8cde6fa929b0411d37a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
412ad6017447f2e1be638ed23d051b99

SHA1
de8f95688aa9fe65c0c9fa2583309d5604d3c368

SHA256
2636f237df916673010f66ad9b695017e08a76d693b8a8c603a19db2ed75e4b9

SHA512
c701cb6e13161dcb2beba6386acd2ac2f2b3293a1d74781937462e4c618e6cdc9ae84ff3a27c2c3606ac5a5614b4c7d7edb13542df5b1258a74645090b8e0b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
5e7390f7f610a82f4935408f0e6d0c96

SHA1
0436aeddd50075b9b462b5767ec755ff40aa7e43

SHA256
4b5cfc3c76297b532f37aa9ac7c3d929573f5aae5d52baa79319833d0818e4d2

SHA512
296f7506c4ae94968e981862ed41144688dc47e33d0c7b6a884bcbdc4e0f09bf4b98f1bf83f8ec35327f555ed0b5ad2041da522f6b634e824765e6a01695fc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f97b0a26-3730-4059-a979-0e8d44e44455.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
9a87cc69b27f006497eb0e0c242a3c7f

SHA1
ecb32ef4dad2658327ef014161fda7ee96a46215

SHA256
f66615bdf50cbbe38ce9369d3b404b09baee1e9fa4f189051eb6591833a36d05

SHA512
2b1eb4ea8350c5b60c5e6c769a763f62963ecde98edc974eb5551a2420176fad2c07150c3dd4d51af9613383353b4828e014439e45c44b7fcc40004528d7df08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8f86197579f1afdd3238ea2dd43294e2

SHA1
88c3659ccc88955db8c5fc23195bfb1ed11ca08f

SHA256
bdac21a2b0f73d3c117da6cb43d25e355e38825565973bec2967863b15d7f711

SHA512
47e88bc1cdfdd29b8c5080e034843d6f7d6554b332921c11620bd9c2ae673ceccac01cf0ba49fe17a53c88ad958aba458e59126924c1249aa8b06176acf9b487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1085316e1607a7ee42038dc4ee5d986f

SHA1
25961b8f4883621d894daf69f2652fa36cde5fee

SHA256
6f290b501de4489dcd3ac2475651a8e8b9cc1d7bbfc301a3ea06b73c27d25c25

SHA512
a4f4bf053f5cfc33266ec4094906ee07200b301b7a1bcc9bfdbf73203a00c288d19a18c9edcc5c30ad0e755a7fa6d41fdb5178170e41bc7ee1c6d3cd329e3ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
3b67c45b331d835fe5088903440311ae

SHA1
a966c8db3ded3fb0c14f59b788951547e4c4d07f

SHA256
63c83733e7a34baa79daa7114be56ac4a91a9aad5e50c5f90ff8aa553f0141e8

SHA512
73fa9850d87a930ad18d2e04db68cd9513e8d4e46c098da1fa001c60c3b14f9edb8a37e01db95aa454e9b7340f9c8ea4516d4c11f52b30c8401cbb534cc681b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
95e2fd221916da07082edc4692eb16e3

SHA1
ce38987e2315ba2e5d51665922dced0e39f3a345

SHA256
5df3df08b99f45e864abcca30099af72b6d238f5afbc8a4359ac5b7cd6458a0a

SHA512
1bec241307e6337188d25cdc4ebd336a6c52065298fdfe5db2eb1a53f43bb42e73e8c6582e091bd712c3e37bf650052630bcf4909e5de912b18faf1c8b9058d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
14KB

MD5
75fdc89484cd04fb84cc08688df7f9f2

SHA1
0a57ceae8d95c49339af3b72e7ad4c8f39ffdfa5

SHA256
5ac5801a212987116f6ed853b0d75645fdad2edadd26577652b36360ec79f4c0

SHA512
2b0ea5b6bc57fa9b5f919a04c023c0d2affed7acbe48f2d130056c9b8ce575791ca227122a42e38f03a9106b8e6694012a30ad4aa778433bffdbe4a7cfc7f8a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
29bfa5e42a2bf602265f361c6c5058b9

SHA1
a31507f9d9127733bd38e5693acf13ab766feda9

SHA256
af1e346c80b9ab32ac3086e8375ee86f6c5d94adce2413ab2aea0a33d8d95f31

SHA512
763124f02192d7c2dca774d62bd32fdaf94872c0f224fcc2b1d65de3111be374837b78155b46a9d418e3510029557ac1ff1b50ef5a5763c2743de404db9b86e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
14KB

MD5
1bf7b611bdae2764a11a165c249f37e0

SHA1
2ad35cd926ea3daf95076f7839baf7aa3450b992

SHA256
b78dde4631ff8dfa119063399bb47e640e56a591c54d3b5e4cf2741710fbd089

SHA512
941f652ed57cbb01d0e8ae352d4d9caa9582b8007f9d85e3557a18455b589e891816cf6b532ee3224a0a833b09134d1721e2539e58a82e9c3ff42af57da79507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
8b38f990fe1b633a2fd5e521979efc2b

SHA1
2dee197873c3ce769dafdb38fbc9fb60836cda5a

SHA256
316c23a257547dc7ba2c5302889451566c6565b1ded4ce4de1070b37aabf0d1f

SHA512
eeffbda5a288ba82c40672573481d0551f1147c3d6650870a52a7d43fe6f9757a52206e3db3d2ef3e17b1f8a37fca9ca5f19b0dbcc839af11eeaca853c99cd70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
95e2fd221916da07082edc4692eb16e3

SHA1
ce38987e2315ba2e5d51665922dced0e39f3a345

SHA256
5df3df08b99f45e864abcca30099af72b6d238f5afbc8a4359ac5b7cd6458a0a

SHA512
1bec241307e6337188d25cdc4ebd336a6c52065298fdfe5db2eb1a53f43bb42e73e8c6582e091bd712c3e37bf650052630bcf4909e5de912b18faf1c8b9058d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
8d4d1525039c0df582eb0c6e38fbd846

SHA1
69b35567a4ccdaaaff3a6d83178a525deb22be04

SHA256
de5a3eee280cedf5b7e6fa6efeaed5cf3750545ce5b2c0bbae782b00741f77c9

SHA512
f1e791c125cea92e99189191abc33405a454ecfbdbc2fae53c755ca80d302aa9cab890f8efe8d9c19e2ce1de2279fd3ab9568cba957df1fb3303c9766c1f7f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4243e62261cf6f8732c634235b706a92

SHA1
58dc79ffc8cffec80f0dc2b83b5f06ae486f6d7b

SHA256
2daf67019b0e4e4ad1823e74ffbbaa74b9aef04a1ebd4b3cc730838b43581627

SHA512
839c42578c89a8065421b8af35fe4819da787612297f503ee4a9bfa3363fa753a387a347ec1fcbddc01bbf8e0b90621f7898fc102a9c05e9a98fc8246b1bbf86

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jze0xmti.nfx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
0195b2f66cf4c775f2aba24513225638

SHA1
65903a3cf719f9dcf9717b1f05ea4240f9e26c26

SHA256
d3fee2acb203d339856368dff5c5149e6b862a6fe6cdc7379ce984a6124d87c6

SHA512
c0d54d47d02b64c40f0860db4b9e0e1d6f2f0bd283087d509f409f2847e5581bafbd7be54a94ea8297e83ab8df8fa9eebc71e6503ec4b17fc7a004d50c1c366d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
b015f7f220f3ed5399ff5df1169637a9

SHA1
85699f9c9e988095fd1e5527810831ba2364bc51

SHA256
a0039b42317468de26a1c6cd1b50d2a77619e9045397eacbcdacf9d1e4561dab

SHA512
8aceff183eadb75528c52d3c18a282c132a18149ea863cee9175dcb2df6ef718fc4fe3a4891e2963e754e8ea51753cd3ab21b3f9c5ab7db49d7d831d5a2eaa3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
4b0b5ae3e7dcb7a6b4fae239d078cc23

SHA1
2ce32cf04dc72894ae89f045d5395e7126b1bfe3

SHA256
80a161c0f2a2863b3568d08f1a274184e2c8bf51707b68db0ec5c77aebde21fd

SHA512
f701619cb65222753c42ca72799048e93d799828cb5d15ee38446ca7fa629eb0fa049453d9afd0b0cdb6702261c12dae44b700cbd3889867f7760bf95f4cb5c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
df77e5bb13461c0a88db80a3a1a96ca3

SHA1
36aa9165d470185f0f7f36a737bf13a130b7b77a

SHA256
0f37428bef80cfbb85bec3e7da7c8a75154a71cba5330758f25cab8b21a62923

SHA512
74edf0cff5a4df6b8ca918f63e0079659d3af9e2428d3bd8153093226a9a58cbab8ac489ee4bf3d06f610707300aa2cb60f068386c88287fd63f257c3f6abe53

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
ae9e800d3dff7606d368c2f7b233bdfa

SHA1
b815bf7199d11c5257eb941d253ba97826c3c701

SHA256
7e0689592eb3b1044d47eb64ab12082f655c5014bc3415c9443d1f6fc4e3277f

SHA512
131a6fee48a013702a292c402eac04d298abc74e8b9ac745404349ff762ce0d4d35997046560b9741f7b56d3dafbc8081b3f481d8995744cd4b6e8c17c8a69ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
f8f784d048e320b18dae01be7ec6ab48

SHA1
f87e4ebd0c4e724caba9cddc2760e33ebb9b64e9

SHA256
68df4cdee601b54156900257b26c1d71d7347069b5989cd7a54c8dfe76473b44

SHA512
24d915248a94249a66314c567a373c3535861efbb023f581c308997134dd5c2117d9fe07b899d6ef79a5d985d7f7846da12dc5891ff21719d9d46fe8cc4c7f5d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a16efb27776f110ab2ff27fd5473e6d6

SHA1
24720be2dd0ac7af8d27abe7d9d2d3d5f1dd3ce6

SHA256
894a940e0e670d9c1c5e7804932dd91cf85bfd2c4e4b486c6a76622e95536c37

SHA512
68723ab3d2fe7832842c0d902b15a37f8ea4603fc1e6d3f265a8a4b8042a2854713c4ff588d3c7b447a32a2ad82bbd3069c02b568fca0d112f1d811f75cb3975

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
380KB

MD5
38805a88f5ff8cdc821b99d609cac84c

SHA1
02dc55bd3940dfe3d13d8977012e4fff13697e53

SHA256
ca94e6bc80ef29d3b7ec8174784df9a9a5e2668c11f1cfdd90093258cb1e47ee

SHA512
2ee8913942a686849127f9278aa106da4a73dd53fa1df112eeb257e8d411afb4687b8e6db41907080ad2a05c16bfa2a1ce25cc7ef0fbb1963c9cf2436b208280

Download Submit
C:\vcredist2010_x64.log.html

Filesize
86KB

MD5
c7478aa42de4274ed29ce9a5548675d4

SHA1
68ab1b4f7fcb2c39507040a3a508f2a92ee7fe15

SHA256
752ea3fc386ebef0ec379b1d4d84d07af6a2fed9b75455c14ee050dfd1ef3e02

SHA512
5cf43e6bee4575c51fdebab7e6ed367388d97fe5f13061ace4e175795bdc4d24e202b356b0e5dfbf444524262c325e41ec4cc2cdb5239964c7b1f3e7e83f05e3

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
395KB

MD5
05b0b9c3663d0108349d07e5b70198db

SHA1
e6cd6528809473b2dfadabcd1175ce39055b1f82

SHA256
ad86280c5e24ba3ee4453e45b501d4c7f47436822de043982bd80d052566904c

SHA512
5f309d0361f6a7e91766f5ead8ef6d8b5bf9ccc87c0a9d028d12c1d3f6705ffcca1740fde8b83b13d991f977829d8cf181a9b8151df384c895529e89f28e02f4

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
833a4cce73d3a9b1eb6dee06907142a8

SHA1
69d9beeda37e9d459bbeef4f3bca8ff8bddab5f3

SHA256
1430a423a92a1efe16a738409e5e32feba6b6fd607bd225039b23fe53544a7dc

SHA512
12951c34a3c71a4e40cda297e3fe942fe2fc959958ea5b139991ee3ee5aa30717e9fc5e2f0f8e3f2df4f2b36028e295fba62223f1c7be4138512160d6b5ea378

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
168KB

MD5
9a7864e4feb3861346c437f4aeb16455

SHA1
9914d46c165a6ffa466c5ed5408eb40229e3a8ab

SHA256
b31e4b4690b81d3bfeefc2165c085219fccf31243201f47cfc68e1cb779c4814

SHA512
f5d5a032e6a95a559b08a54977c81bd96a9d5d2be9ffa3ec467d76fb51b8534446f78f8dc9438d172a08aef58d20aa465e85c83d36869813432d632e407d715e

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
195KB

MD5
3f0269c2f458ac6baab6ea3c0250bf6e

SHA1
24de54a3644098fabeba04d1705d246dada60824

SHA256
dc6c611c5f679c0b632f1c9ab09a422d217fb1ff86b1242dcbc3a2b9ef3ec321

SHA512
d82713c48f243948acd633dd0a200a69cebca252b894038faa0c83add8494564c5f9450734ffa18c5cf3d7806937c292fefb0071bb1ee624d9e4a1684d7d4283

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
171KB

MD5
d9290ce80de7f7b762b9d69d2ec982f3

SHA1
bd072e4573bd7bacdb54c02163a758f03ed26a03

SHA256
6defb72b935f54c0da3840929d8a043f31859c1e455404e671183e3b1f97ce94

SHA512
98623f481272c9d2e77f5d07604662c7aa8755a511d738f264795c8e1a6e686119d0b8f1d5970c12b5ce5949ebc1e911796022a823d8d83f6b164be50805a90a

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
208KB

MD5
115965c87b5a5bb85445b43a8e60394f

SHA1
5b66a11406d2606f03da70ba53998012ead49333

SHA256
631219f6e57813a1d512426d2db1e3559b06d71036e494577575f30328da0ec2

SHA512
519b159b15b383218e9d6ce9e3b65f685a4afa9ef67d8cd8d3ac018b683467d23f0c88cee56b7fc3ac7dddf20e492c245b772126fdb389ddf635d91aa6167715

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
170KB

MD5
80dfff59a151f4af1475d7fc8e83f571

SHA1
30753283f3ab1c34796715967e9c43bc87771396

SHA256
4ab7e5c8b4f8b4dc99c01d4cf955d5ba9d1943eae4289903093d6359f700b299

SHA512
29f8eb525970a4a743cd4c6639d000fd112d7241fcdf06a7e1946ad9b289cfa36c83061d99dde0376ce450c444b41326af741a61548bbfba534ee6f9461d7f63

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
191KB

MD5
12a2dc09e650872ea22200f552f5d8c2

SHA1
631419fa27537b4c7bdb435220f64a921a92e2a3

SHA256
1e023d1b81d41f369cdf3effee820813c1a4e9144e0cd8b518e0ff90d5687dea

SHA512
a0dac00a83b1c68afe3222ff9978002c39507bb5b78105fa08edbbf77bca89bccbee252e1873fd0ac2d89c0036dc70a176d23e6808946367b668c7edf23376a8

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
188d7ef5d625947dccbd778d5e0bf08c

SHA1
bdad4335fefecdd490798dea04024ecad14fec11

SHA256
1a798564b1eccd1e2d81708c318fdfd44239f3b4fa15dec39d9cd74fd56a8a6e

SHA512
44c22d93788407e659671a797d964ecbb01bedb6a3b50a7da07677d1d889356fbf7954d39f4a8d9bc29482b67295178a106344a18ecce17a3b98790641aa8ac6

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
198KB

MD5
cc94c2752a5fbb913b1e32a5635184c1

SHA1
c025e63fce46152d6467869c090ddbf9497f3edf

SHA256
c7dfcb89195098137c7f8af65d8c80b70b717363377f4b4c032c7d89b8ee402d

SHA512
bc4beb8c8cfa92adeea754e8ca6113409b17e193e8e05b238a4e83dd0f137e1995fdcdb59d189f916e18996b7d7b5684da569a539709ba65533c72b5dfa742a0

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
123KB

MD5
2e83fe4a597559ad7a48512d9db3473c

SHA1
5eaf72d72c3ab63802a02c32693e683f2cb23c20

SHA256
a03db08fe1192faa7c80fe4ba5bbdf57a5bce962978d9d1aeeaca37fb9500ab9

SHA512
fe8a33ea665356c17ec4759b12b65fb79284cc0d0a188d897ebcbc7b27393604bca7df981841e5d2e032bad00907e41c9d0e8c130a68b8e8cb8bf29e9557f54e

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
129KB

MD5
c7c98f5acd76f1134a3369f34ceab9bb

SHA1
4a809fdf83a1fb7c55afc7bbb5fba187a1c04760

SHA256
a232b1d978d9b4a73be9a7a0d56f935eacb8e892c4cdb6ca1a40b0dafdbe528f

SHA512
d49b6ffb35cc628ad3d3c9c506c5def9bf335020b809faf494a0455bd06695148ab1e609554b88866c9661c1e167a013aba01ae469ed62f67309c6b45608927e

Download Submit
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log

Filesize
123KB

MD5
7e90e7a7e4e822b251272f800fb84591

SHA1
264ec11a1dfe0f9f15fd11a9192de68eeae0ad28

SHA256
1edc6624e4e5d5e85243205b215d6edd2dbf0421d74dcb83262100aa28199b98

SHA512
72f7e8055a71ab0cc34aabeaa81737de8b9f526fbc850148929134b55f51aad51247cd1b69e797e6a382fa4f4fd86ef7101397f3b40f6e76e5b66818dc1b147b

Download Submit
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log

Filesize
135KB

MD5
672156c9aa592e557550f1bb28a91b2b

SHA1
f76863b41b091722f5bf6c08a54eebf62ad25618

SHA256
01f4db5b212207c751c49d5e1d513decbc882eb8820d38812e68b660ffcd983b

SHA512
61942ad222a2f2bc50f861d02648703c7a744bd8058ea99f2c5a34509e288545265b6f036e69f97af0d1c7e94a8579d33bc269d88cc9498fde1c8b7d9d935afe

Download Submit
memory/224-816-0x0000021E90990000-0x0000021E90991000-memory.dmp

Filesize
4KB

Download
memory/224-821-0x0000021E90990000-0x0000021E90991000-memory.dmp

Filesize
4KB

Download
memory/224-822-0x0000021E90990000-0x0000021E90991000-memory.dmp

Filesize
4KB

Download
memory/224-815-0x0000021E90990000-0x0000021E90991000-memory.dmp

Filesize
4KB

Download
memory/224-817-0x0000021E90990000-0x0000021E90991000-memory.dmp

Filesize
4KB

Download
memory/224-823-0x0000021E90990000-0x0000021E90991000-memory.dmp

Filesize
4KB

Download
memory/224-825-0x0000021E90990000-0x0000021E90991000-memory.dmp

Filesize
4KB

Download
memory/224-827-0x0000021E90990000-0x0000021E90991000-memory.dmp

Filesize
4KB

Download
memory/224-826-0x0000021E90990000-0x0000021E90991000-memory.dmp

Filesize
4KB

Download
memory/224-824-0x0000021E90990000-0x0000021E90991000-memory.dmp

Filesize
4KB

Download
memory/2532-145-0x0000018BBF610000-0x0000018BBF620000-memory.dmp

Filesize
64KB

Download
memory/2532-143-0x0000018BBF610000-0x0000018BBF620000-memory.dmp

Filesize
64KB

Download
memory/2532-144-0x0000018BBF610000-0x0000018BBF620000-memory.dmp

Filesize
64KB

Download
memory/2532-133-0x0000018BA7140000-0x0000018BA7162000-memory.dmp

Filesize
136KB

Download
memory/4984-1518-0x0000017EA3FC0000-0x0000017EA3FC1000-memory.dmp

Filesize
4KB

Download
memory/4984-1522-0x0000017EA3FC0000-0x0000017EA3FC1000-memory.dmp

Filesize
4KB

Download
memory/4984-1519-0x0000017EA3FC0000-0x0000017EA3FC1000-memory.dmp

Filesize
4KB

Download
memory/4984-1523-0x0000017EA3FC0000-0x0000017EA3FC1000-memory.dmp

Filesize
4KB

Download
memory/4984-1515-0x0000017EA3FC0000-0x0000017EA3FC1000-memory.dmp

Filesize
4KB

Download
memory/4984-1514-0x0000017EA3FC0000-0x0000017EA3FC1000-memory.dmp

Filesize
4KB

Download
memory/4984-1516-0x0000017EA3FC0000-0x0000017EA3FC1000-memory.dmp

Filesize
4KB

Download
memory/4984-1521-0x0000017EA3FC0000-0x0000017EA3FC1000-memory.dmp

Filesize
4KB

Download
memory/4984-1520-0x0000017EA3FC0000-0x0000017EA3FC1000-memory.dmp

Filesize
4KB

Download