hxxps://gofile[.]io/d/P2qmVv

Analysis

max time kernel
433s
max time network
437s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/P2qmVv

Score

9^/10

pyinstaller upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 2 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	MinecraftClient.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	MinecraftClient.exe

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1700	MinecraftClient.exe
2968	MinecraftClient.exe

Loads dropped DLL 64 IoCs

pid	Process
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe
2968	MinecraftClient.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2968-3198-0x00007FF806D10000-0x00007FF8072F9000-memory.dmp	upx
behavioral1/memory/2968-3199-0x00007FF81A0F0000-0x00007FF81A113000-memory.dmp	upx
behavioral1/memory/2968-3200-0x00007FF819F50000-0x00007FF819F7D000-memory.dmp	upx
behavioral1/memory/2968-3201-0x00007FF81E1A0000-0x00007FF81E1AF000-memory.dmp	upx
behavioral1/memory/2968-3202-0x00007FF81A090000-0x00007FF81A0A9000-memory.dmp	upx
behavioral1/memory/2968-3203-0x00007FF806990000-0x00007FF806D08000-memory.dmp	upx
behavioral1/memory/2968-3204-0x00007FF819F30000-0x00007FF819F44000-memory.dmp	upx
behavioral1/memory/2968-3205-0x00007FF819D40000-0x00007FF819D59000-memory.dmp	upx
behavioral1/memory/2968-3206-0x00007FF81E0E0000-0x00007FF81E0ED000-memory.dmp	upx
behavioral1/memory/2968-3207-0x00007FF807C50000-0x00007FF807D08000-memory.dmp	upx
behavioral1/memory/2968-3209-0x00007FF819460000-0x00007FF819486000-memory.dmp	upx
behavioral1/memory/2968-3211-0x00007FF819B10000-0x00007FF819B3E000-memory.dmp	upx
behavioral1/memory/2968-3208-0x00007FF81AA80000-0x00007FF81AA8D000-memory.dmp	upx
behavioral1/memory/2968-3210-0x00007FF807B30000-0x00007FF807C4C000-memory.dmp	upx
behavioral1/memory/2968-3212-0x00007FF81A3C0000-0x00007FF81A3CB000-memory.dmp	upx
behavioral1/memory/2968-3213-0x00007FF819420000-0x00007FF819458000-memory.dmp	upx
behavioral1/memory/2968-3214-0x00007FF819D30000-0x00007FF819D3B000-memory.dmp	upx
behavioral1/memory/2968-3215-0x00007FF819C00000-0x00007FF819C0C000-memory.dmp	upx
behavioral1/memory/2968-3216-0x00007FF819BF0000-0x00007FF819BFB000-memory.dmp	upx
behavioral1/memory/2968-3220-0x00007FF819940000-0x00007FF81994C000-memory.dmp	upx
behavioral1/memory/2968-3222-0x00007FF819410000-0x00007FF81941E000-memory.dmp	upx
behavioral1/memory/2968-3221-0x00007FF819930000-0x00007FF81993C000-memory.dmp	upx
behavioral1/memory/2968-3223-0x00007FF8193D0000-0x00007FF8193DC000-memory.dmp	upx
behavioral1/memory/2968-3219-0x00007FF819AF0000-0x00007FF819AFB000-memory.dmp	upx
behavioral1/memory/2968-3217-0x00007FF819B00000-0x00007FF819B0C000-memory.dmp	upx
behavioral1/memory/2968-3226-0x00007FF819300000-0x00007FF81930B000-memory.dmp	upx
behavioral1/memory/2968-3228-0x00007FF8177A0000-0x00007FF8177AC000-memory.dmp	upx
behavioral1/memory/2968-3227-0x00007FF8177B0000-0x00007FF8177BC000-memory.dmp	upx
behavioral1/memory/2968-3229-0x00007FF817790000-0x00007FF81779D000-memory.dmp	upx
behavioral1/memory/2968-3230-0x00007FF814A80000-0x00007FF814A92000-memory.dmp	upx
behavioral1/memory/2968-3231-0x00007FF815BA0000-0x00007FF815BAC000-memory.dmp	upx
behavioral1/memory/2968-3232-0x00007FF814140000-0x00007FF814152000-memory.dmp	upx
behavioral1/memory/2968-3233-0x00007FF810570000-0x00007FF810592000-memory.dmp	upx
behavioral1/memory/2968-3234-0x00007FF808CD0000-0x00007FF808CE9000-memory.dmp	upx
behavioral1/memory/2968-3235-0x00007FF808960000-0x00007FF8089AA000-memory.dmp	upx
behavioral1/memory/2968-3236-0x00007FF808C90000-0x00007FF808CAE000-memory.dmp	upx
behavioral1/memory/2968-3237-0x00007FF807A70000-0x00007FF807A9E000-memory.dmp	upx
behavioral1/memory/2968-3240-0x00007FF814A60000-0x00007FF814A75000-memory.dmp	upx
behavioral1/memory/2968-3238-0x00007FF81A060000-0x00007FF81A06B000-memory.dmp	upx
behavioral1/memory/2968-3239-0x00007FF819350000-0x00007FF81935B000-memory.dmp	upx
behavioral1/memory/2968-3241-0x00007FF814120000-0x00007FF814134000-memory.dmp	upx
behavioral1/memory/2968-3242-0x00007FF80B140000-0x00007FF80B157000-memory.dmp	upx
behavioral1/memory/2968-3243-0x00007FF808CB0000-0x00007FF808CC1000-memory.dmp	upx
behavioral1/memory/2968-3244-0x00007FF807AD0000-0x00007FF807B2D000-memory.dmp	upx
behavioral1/memory/2968-3245-0x00007FF807AA0000-0x00007FF807AC9000-memory.dmp	upx
behavioral1/memory/2968-3246-0x00007FF806D10000-0x00007FF8072F9000-memory.dmp	upx
behavioral1/memory/2968-3247-0x00007FF806960000-0x00007FF806983000-memory.dmp	upx
behavioral1/memory/2968-3249-0x00007FF808940000-0x00007FF808958000-memory.dmp	upx
behavioral1/memory/2968-3250-0x00007FF812E00000-0x00007FF812E0B000-memory.dmp	upx
behavioral1/memory/2968-3251-0x00007FF810C20000-0x00007FF810C2B000-memory.dmp	upx
behavioral1/memory/2968-3248-0x00007FF8067E0000-0x00007FF806957000-memory.dmp	upx
behavioral1/memory/2968-3252-0x00007FF807A60000-0x00007FF807A6B000-memory.dmp	upx
behavioral1/memory/2968-3253-0x00007FF8067D0000-0x00007FF8067DC000-memory.dmp	upx
behavioral1/memory/2968-3255-0x00007FF8067B0000-0x00007FF8067BC000-memory.dmp	upx
behavioral1/memory/2968-3256-0x00007FF8067A0000-0x00007FF8067AC000-memory.dmp	upx
behavioral1/memory/2968-3254-0x00007FF8067C0000-0x00007FF8067CB000-memory.dmp	upx
behavioral1/memory/2968-3257-0x00007FF806790000-0x00007FF80679E000-memory.dmp	upx
behavioral1/memory/2968-3261-0x00007FF806770000-0x00007FF80677B000-memory.dmp	upx
behavioral1/memory/2968-3260-0x00007FF806780000-0x00007FF80678C000-memory.dmp	upx
behavioral1/memory/2968-3262-0x00007FF806760000-0x00007FF80676B000-memory.dmp	upx
behavioral1/memory/2968-3263-0x00007FF806750000-0x00007FF80675C000-memory.dmp	upx
behavioral1/memory/2968-3264-0x00007FF806740000-0x00007FF80674C000-memory.dmp	upx
behavioral1/memory/2968-3265-0x00007FF806730000-0x00007FF80673D000-memory.dmp	upx
behavioral1/memory/2968-3266-0x00007FF806710000-0x00007FF806722000-memory.dmp	upx

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\symbols\dll\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\dll\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\dll\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\symbols\dll\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\symbols\dll\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\dll\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\symbols\dll\msedge.dll.pdb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\dll\msedge.dll.pdb	msedge.exe

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0009000000023271-91.dat	pyinstaller

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000a5b9367cbd68da0193e8e1e2cb68da013f61033ede69da0114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3045580317-3728985860-206385570-1000\{704920DE-7643-4EF8-88CA-E196DF5E5B18}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 181887.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
1732	msedge.exe
1732	msedge.exe
3376	identity_helper.exe
3376	identity_helper.exe
5088	msedge.exe
5088	msedge.exe
1036	msedge.exe
1036	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
4288	msedge.exe
4288	msedge.exe
1196	msedge.exe
1196	msedge.exe
4712	msedge.exe
4712	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
1036	msedge.exe
1036	msedge.exe
3136	msedge.exe
3136	msedge.exe
3380	msedge.exe
3380	msedge.exe
4508	identity_helper.exe
4508	identity_helper.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs

pid	Process
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2968	MinecraftClient.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4288	msedge.exe
4712	msedge.exe
3380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 3316	1732	msedge.exe	87
PID 1732 wrote to memory of 3316	1732	msedge.exe	87
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 4208	1732	msedge.exe	88
PID 1732 wrote to memory of 2900	1732	msedge.exe	89
PID 1732 wrote to memory of 2900	1732	msedge.exe	89
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90
PID 1732 wrote to memory of 3320	1732	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/P2qmVv
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80abb46f8,0x7ff80abb4708,0x7ff80abb4718
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6568 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7724 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2100,6249647690460806491,11797942592001666102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7548 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7ff80abb46f8,0x7ff80abb4708,0x7ff80abb4718
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3024 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7424 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  - Drops file in Program Files directory
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  - Drops file in Program Files directory
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6536 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17054141635512766529,4054309689367254055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 /prefetch:2
  2⤵
  PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2812

C:\Users\Admin\Downloads\MinecraftClient.exe
"C:\Users\Admin\Downloads\MinecraftClient.exe" C:\Users\Admin\Downloads\Pi7_Tool_log.png.crdownload
1⤵
- Executes dropped EXE
PID:1700
- C:\Users\Admin\Downloads\MinecraftClient.exe
  "C:\Users\Admin\Downloads\MinecraftClient.exe" C:\Users\Admin\Downloads\Pi7_Tool_log.png.crdownload
  2⤵
  - Enumerates VirtualBox DLL files
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1144
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\MinecraftClient\""
    3⤵
    PID:2580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x240 0x308
1⤵
PID:1604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

Filesize
284B

MD5
0fc798d1ccd16b1e52c6573e62f33b2c

SHA1
f8db474bbf6d18f9b610dc428cf6e8b5387d790c

SHA256
85afef50162fa8369a455818c596cfb80d28ba578ea6208462162cc0b13b1161

SHA512
1219894f9f4ca1c979fa0ade8ebdb0f1be4fe7444b7d82cc5e25ee780ff9ece95725aedf107244cb06efb564a3f49728beb1d4362ad569b3c7abb092de8a8760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\395b06da-eada-4906-b33b-3902a712fa25.dmp

Filesize
6.5MB

MD5
a6a18c4aa5a14a312b8bf1f6d90705f6

SHA1
330e00e1df42a5d1fb16d06a6cea65e40043b67b

SHA256
5cdc354911d054f6e47088e2f990f9de7dadaad9a8c329943a2998a980167c8d

SHA512
c92346057552563b3fade101bb996065b4fc4d9798c8012eb28a9160b5ba3230dfa14a71ce93c6d8e3a03ebe5677fb64debe3e7fbd7f6d8b111a640f2b5aa3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\3fe1c5ab-6433-4d96-8390-5d2ffc820862.dmp

Filesize
3.9MB

MD5
332e69f622f87e5d1c077914e06aba4d

SHA1
33ecb77c2c6a9a88b121ea0eecad99349d7a2e74

SHA256
99aa3986309f48e43e59e4cc312ddab3c699ffb34ae34f16dd4fa6c0c9244c6c

SHA512
b7174efd84bfd61e0754cd2390fcb3b454af090f1bd8682ca7a509d5f80e3a1c05074a1b3824e123d8307c85a0a8005a82166da9689219c2131fd9886435b114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9b0132fc-0dbd-408b-b2ce-26a6df4c9056.dmp

Filesize
3.8MB

MD5
9d4b761c1f73f7a69a116b1bafd9c062

SHA1
5e1e203f8516cdf239a861b824c9d0374b9b66c1

SHA256
34d777ee3d7d05197a418d1ead07f5b2c2fc82601b71917036d6b5ccf4276aad

SHA512
906bf55ec8c0cdd958adfd79570ad22339e5acc725b0992afbdd52b6f3c73ef568af1a29c1f49a96e692f311ebffc4924d779e80f00796d4687fcfafba119a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b13a880a-0406-49c1-8fa8-2668316bc36c.dmp

Filesize
2.2MB

MD5
e185fab26ed01663bbc5b83eda6d61fa

SHA1
bbf4a182d33486f7c28c109b58fa0075c96e7429

SHA256
292545989b64335cfd0227caf76907a5019d6fc4f0ea37e5a9a8fe80f82d3b72

SHA512
4c2551416e6ddd1044881ffb92569ef04ab380d198db691c945cef88d08820b5510a6470a4d4e23bb403b93bbfa6dba82cab44d9547f64aad8defa1a5c2b871b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b13a880a-0406-49c1-8fa8-2668316bc36c.dmp

Filesize
4.8MB

MD5
0490688ee6eec8665e5f1316c3882714

SHA1
2fc8afcdcfb5d5490aa19120708cc7465e695ff7

SHA256
43b4599cc7233d0dc2433700815d2a881de82c43aabd330e1ebc4669d078cc6a

SHA512
f157b168746f54a96cef6f0cf9ae80d9e5e9564a0cc1dbcf880d19b69b66a581cafe0d29349ae4b5b097df871150aada838f548e9d0cf73bc780aa07327801a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b44882ecf2c1a5cda21df1a7d8c18d1

SHA1
1cee7d197c5c6dd76fae5f3f615b3f83a31e0945

SHA256
55b077d2851d8a943772a3877bd97cf0cbb344d33856ed02ac97db20dc17091f

SHA512
fc740ff06e4f7c606c2663ac8d5273b6f8376bf9ff7dec4f86e2c4f8c5254f7f9d988c317a9a9e9abccc77fbcc08c97831f22f373c5daea6b89220cd68ad6506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
44f49bc4f26447a0ecf938d654e10cf0

SHA1
74d747170059d552fc769ca3193f39dcf8a3b312

SHA256
941c177478aa08ae087bc9c79e1c4341452f105b3e15c976fa86defc05bb04b6

SHA512
396a61726820e59254352429f099e82d282b597fcfd9d99f2267377b2dfb9a8553ce9f99f814720ff19007e895701918572960835e1d834f9defc23e5c53187f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2131d987180206d38c7d1091cfc35c42

SHA1
87cfc20e4b398b39cbb00c1b8761f6963b5bd891

SHA256
100d88982083113846befd7817e40bbfb3bde7ca6558e12f198f153866b55779

SHA512
60f877dcfda31d458c9aac5ead10d5184fad7d099f02bfe127d22fb8d13f426e347f8581fd55e22af7d04fc47cfd0f41e83e55fc95fba966b264d3e1728b2fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9542be53930a34b87de9e709c60d33b7

SHA1
efe273d069d28e28c421eca38c7e39d1a7c7dc85

SHA256
e04866b94c53178dfb73d242bf4298edfa0a047ff90ae487d0dcf25e3d3d26a8

SHA512
721d4047a849348a35e29fdb3769247599104ca2ebbcbfc13a523d2f7574c9eee24a9e7b0d5e4d7e4bc2ce370bd2cb0443d724c6101ef984edb950c8c93c6dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
17b73cc8a5adf1382f0e6e57427efdb5

SHA1
0217e5c5de7217b5a76dac9e273477a354b1e73d

SHA256
3442a148e73b7181d715c86c24eb0232c8d3a49d0f942444462af541b53e4c36

SHA512
80e61d233de8eadbfa0f3d971123db92cab2e0e1508e86c8cbfb37cadde72957ed57a037429595a1951257f0d48fea634ecb13c74cf4373e4ade89336b27c180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
30KB

MD5
48adb85ef97903293a5861889eab859d

SHA1
baf83fe28bcc18ac1b369908454752a5f0bc05dc

SHA256
f11dad2f08f59e9e88599d69c4fd4969822527812703b45152fae7931d9d8812

SHA512
dfcf666ba7656752371ae48e7ba46806a070f5fc612f9e8687ce5e97effe3f6597180ecf7f5befeb1e2951e71f0b7a200f7abad222270c7be6c4210cff282a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
1.1MB

MD5
d307ce6ce114ea2d363c2e709df6f9c3

SHA1
e8173b7467489dbcc7fa23bd6dc2557a70624ac6

SHA256
ddc9046c4d6ff62e0859e12f84c4c2e7e154fbbb230dd415a788e132dba831df

SHA512
6e10b866683259c13aa5f956d50450866bf1e9f6401edbfaf9cc1388a1b6d83fb27f92fdfb3fd01de431dfd6c967f1e6c253f776ba2d3e87268fb88ac908be11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
105KB

MD5
24cab279a1b1479cd2848b4cf4db97d8

SHA1
c59c889167dfa25ea85e0ab5b93db29270cd9a3a

SHA256
2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51

SHA512
d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
155KB

MD5
65b00bec774c969842aceb3199fbe254

SHA1
bd464411b9578497f081a5f8b6c04180b6ee0f0a

SHA256
d604e67e9d16b6b3d2f10687a36ec00597c48288fa60bfa957bd3ca78eadceda

SHA512
0c89ad2ca25ecd9058e42ed477bf6cd1512859c7ac63701206a82f2591b2878acc7f9354b6a23245fd186ca9b3c809cf7700c0e3e43f469c37580d8531d3beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
109KB

MD5
bb3fc9718561b34e8ab4e7b60bf19da6

SHA1
61c958bedf93d543622351633d91ad9dda838723

SHA256
d6ea500b6752094a4c340d4f5ed01afdca1925006077560d9a3f56054cd8d141

SHA512
97da30e9a0d14e6f9151539b77b2216e0f6b6cc4742f075077f9ff92f46f8b97e82f020c562625261eaa01bcf810ce81c0b7b71340ac566aef1bef5a07dac63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
19KB

MD5
a48299725e99a78fb42a0e3385fa81b0

SHA1
53a2251c7bdfc9426338c7c564f8fa90f9700dd9

SHA256
ad588d9c81d8a1cd51d806c685bb6adb083cff2db3e381388154d8f92b4b9d84

SHA512
9938fcc2979700351ada5e876677dd14b9fee7ea6c29cf5e6d1e28bb875e0f6df63ffcbe15a07041a7ef3aca69735128f2311f11d45b90c927a9239a37f029aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
22KB

MD5
14734a8bb0bbf70e4c2baa3d73adc7ec

SHA1
b3a16d617c95fd8da1af3215867abdd80a23a708

SHA256
56ad32c2be9235dfe4a5653351f1121c4373fb48147d91bbb9397b65d5bf0bb5

SHA512
aaed10d4b91749bda93e69b4188c93d4fc89cc9e05b4ea5bdd8363cea53a3d1904f0080f23826edf35f18fe4bdd51a86c04a5a43b7e5f5aaf1568ed17e3a0d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
19KB

MD5
48d1c18e85fcfea27ea3cc03af096856

SHA1
8ef1ad9c6117ca85f4c6fade480b7a046a26cf65

SHA256
d197821560bb140fad520ef7939c2210ab062fbdc78890c52be2b90412b033a3

SHA512
5b900d8eb0f0a185cd637ee16bea8e3458a53f5b300e1133d8274962f596036d90546aedac9044fd4ed9a646db5ff4fb6e255d328998b3c4cc9f32ed5b475848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
19KB

MD5
e8e1b67e56882e70fc8d88b621057ae9

SHA1
3e37e70351a9730f885cf47a949c1ffe293d57c3

SHA256
e2418d9a547e6d5a7cb32b3d07fa54c569c4b45542fa61f7d7d4cad20e589488

SHA512
dc90484976c653c43023138ea566d6bfda3cb736cdb21c0dcf69b131956929f5be8920d62c7b0be9bdf460f54c2270d13e1d56f28699da37edf73b26bd2a1460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

Filesize
14KB

MD5
6f3e2a95e9ee07624364789f4c391987

SHA1
7520ae2d3a66bb77004ce89f94bef782078c0c3f

SHA256
22bbaa126f90e10fa86949a790858281384efc8482a4c5565e8a6ee4f46fd16e

SHA512
edcf04f8b8911167ad4de90cc5bf6e048353191868ad25c551cb73ee65da2f2adf858227f534c3dd2349c4a460a56910e18a2f15dec0c6fe5947a2868fb58cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26535df81b2a57bd_0

Filesize
1KB

MD5
a712f5ae7c6bc209f2676f7752294e44

SHA1
6fceade79bc24f42f64543d532f08d95e029761d

SHA256
39079330673034bcb5819796c27b2895b0f23c3c95be867658c0dc4d2fcee563

SHA512
e360c4a28665ef703649b20f02d5b07d15321b665791ce93ae506db45a610eec43566263bc2f74850920d43145481930e6879b25b31f215fcd34d33b08f5ea86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
e0d7018c8f779f94027627588f5daf64

SHA1
63b9df5b1a9de0ccf909ce169ffb99db345da4b8

SHA256
27576dcd9815072e463a3a9f43e8195e3d1f06b2439b497d343745410507cb55

SHA512
c3b58a3ff259b98f9478336f5e09f3f4cdb8a62907c54d391bf916d6103b89ce3667da656946c59d01e2071e159f3a528bca8927e513eaac4dc8df6608e03d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0

Filesize
5KB

MD5
d8c75a4d814ba054933854a22ca05323

SHA1
8ea2e0e3fe331691f509cd9309207b0ba72a28a0

SHA256
a4294059742a95c72d75738215de33eb27674b0976e360c1f53dd787b08118de

SHA512
7186ce2ce5b0965fa02414cdab9b1fb6f3ed06d323b6875f0f62cfb31272ad7b26c0b5c7655bb5ce1387ade176c24cfdfd8d428df2af198dbbad0f3fb39d5af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
5KB

MD5
2fe08579f9bf7844b753d5d7cb2bdd66

SHA1
2d0b26bc7838aba315f872e5650dd6ec124cb3f6

SHA256
5a46244fe88e41c27ec127b53c2024a1ba7ce3cf0d3ce48604bc2f312e437f89

SHA512
5d3088a907fedb1922ad482551bd12c5396430ef6d17f85cca8fd1ae66cab643e7e981df0b8a994b1092e09f6d0e4e3ec1d8824d33043aae9cc4fa1504a35636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a0b1b072b7d02285979c115e694d6e28

SHA1
491d2f0f1fa386ffc4a0963207404e74e03cdc9f

SHA256
3d2c4a14d6b929a0ac4d8299e3f9450bc63a941396c7751fe2aa74f8fe598623

SHA512
338c419f8bf21e9fe2acbc74eff7d9eb91161b298513062f166ef03ed110cf6cdf46ee6f679ecfc6887930909ba9415e707496bd5c4a597092df0c4723d3de4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
cf9a3ce3aeb299fb5f37729d1c6b52ca

SHA1
14b866ea44cda5d8caa3cb4ae8bea2b9e0d19040

SHA256
cf1270e025bf357b990f67bf67ba7861339cd271ebd6b929541b6628261acfec

SHA512
8ce16912c49134a8b4ca903b5cb4158d2665ac6e2bd39957e991d9db05907c43b2d934ce927a336094ef56046072c5e44a360ab85e0b6f24e69a0886bb256374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3ca45f82427206b068a3920452ea916d

SHA1
c2649ab44b49551813771ef722b1619cce925972

SHA256
180e3e321db09cf948861c297f322480cd0330c1afe72336f8f51e5f14a7c402

SHA512
7c47a3c7255260c4d533a7fc261c2ebcd19aeb5469b65ef86dd141352d21a34af4ebe2e448ba1772d77059d3ac410c0b8751ee45b7f6e93c1f744305f405213f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8badedc232d24191f3398c7cfebcec52

SHA1
8ffc501292f789e04ac782ae2b795eca9ec642eb

SHA256
0ccb7d18bf75a90bfadf36bbcaf76bc4610d1cdd362c208822a35f3c497a6465

SHA512
2f7de966082eec4627487ea97db4001e9f4a558db050299a5610a23893b5b32263b0d8c1651f189e4d67d1da1c2b308c6ae61d653cc5f3a727c5d797321a3c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
32KB

MD5
226ab109d31a14abc0793c8c1fee6bab

SHA1
7b01eff92505f263aae949ac67fe38c332b7bb6f

SHA256
f7fcfe2f1bd9aa69443e673647e188a9353399b2f765f9a4c8fae2c46dff5238

SHA512
93a83bf9e18e41ce308483156aa9fea0abb175f564034d79cb2636b38b4e394d55bed86feddc40566388f448863cb81c6bdaa0cdf4c172fd594a068630f4af77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
be289287fcd8f3369aafa6e9c7199447

SHA1
4ef00d3b42347316c895c7211c1303e969059b20

SHA256
ad5d564d2fee8790d5fe5121983c600cf4b7bd26d92d5b7b43011adedc6b6b77

SHA512
09cbbf2023cee61272fdba0549c9a30ffe090daf93f3f8fb330aa66a948ac501d1cc9decd2b6d9c5da666cef858a0a6f5042ab7f6375fc73198e06ead71d4018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fcfa98a09d55e1797612ad80489217c7

SHA1
b5064d21f2fa38e32592de90a7ab62dbff121b8c

SHA256
9d2e30cb34bcd4e088e7af55e3d2fea6e21ae3941837484188debbde2a649f53

SHA512
91d4c7abb28cca232e345bac6d1fc18e90bfcec74c15b9d6034c2c2c7b40ddeb41690147ffb9416ba13a8f3f93668b065e75c4e202dec300a8b0dff5835ddd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b188d7a6264a71eb87bc34710cbf7aaf

SHA1
f65519c353550173d253f1210e3a6dfb32963c88

SHA256
41eefe6881b118dd8f3d3207ed6f46714ae32345b5ef5f07032cff415b25099b

SHA512
78ffeca8190bb83a615bb9103aa59da7293cb5f51a2d5a839f9edae98d9acc0098ab3a04bfefadc3fcf173ea24c529e570cfe0b1e9a9c2b62048e50e80290f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
0fd09891979e2026971527dc95bf3eda

SHA1
629a28dfe9181667e8057c9edcc7faa5e7adc87f

SHA256
dc5b8fe0ccd36c494fd47d097de3573feea2b21da483ab168357f356824bb282

SHA512
b0e3b5f67b097e6d41aa47105681727f89f4cb919a1829ae86d42ddd0ad96e8b643328973b43a8a084cb00f78cb3cd7beb28dfec1ab55e8b6fa50cda72f72e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30481dae9c4932e1f96b37c4f98d8a06

SHA1
6e280d72d45f6a2875aa8ceb0dae5a4b8b751b80

SHA256
c73db5bcd5f57c609293e862f8ce57d5d1a862433bf91c9758d49619b7fd954a

SHA512
6af993dfe37ac66d1632e737b93307ca5b4035a379d06d548a0ddb5148afcf02f567176321e280ad728e1f927982e8bec54df0026a76173d56760ef4e8922283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75df47dfca910eec2706b0bae037714c

SHA1
9dc4aa1ad71bcbe22691a1a05ea53ba883ffb1a9

SHA256
c37ae21ba113fd137620b6f46d583b1913af98ebed1d41159088a1a9d41e1adb

SHA512
dbe61f78d226e19ef208e313acc83602902d309c7f0127d35d60114628d819880f0db975d2c1a1480c27a212370e474b221336f0c00df1d0e307d1872e467dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d260eae53c6f22da4f5929b35d9080be

SHA1
5a6361f92150724a1407bfdec3d5287b1178b823

SHA256
f773d7160d58c3da6bc08ea4c64dd14e86d52e1bb6b79af4fbaaafe89ee2a61a

SHA512
65b580afa84c4be3f5f563586684c2dddb3732a9170c181be2d784d87e4fec15be64f208184bb3fb4146f779b8471d581b33b4f100fbdd719ca27fea3718ae91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
32e2d27309f34a0dbf4b5e631998904d

SHA1
32033bd43c8e7aeb3d82f4deb6aa0b176d56a210

SHA256
04e5fd7d4f8dbc766ff16426701d58f202577031bd6bc5ee8bf480a56475897c

SHA512
b4f98253d5938c6d3f251fe179118ffcdad8e828b0c7cb19c31995c21ea73d3b4ad59b4b6ea6f878fd06bb2c4cf75a583ded21394b6edd94cc4d7f659cd127df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a86aa51480b36898ec2d7a62da245789

SHA1
9056cafabd3d8b856e1b7dbef7d0f0bb06d66832

SHA256
be6498b5fe5e0a2bca7f71213e5dab19fd83d111827aa342d93100396550e089

SHA512
5122bc8a734127d712c5587bf3be2767529e5e8b79213dae3c0a7fa3a147dd6e34094f5acff281d345cf2212dcb3c31a2ad5ab67fe94b55449fb97b11dc43eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3a1df8ffc985e0d6e9bacd0b8f1e703a

SHA1
8fbd154774c39ff01b008f0e343d94c3703541fc

SHA256
928a467fdee9db1934bfba9e00dc323d4ab4684c6b79a8fde7ada0eedeb94a3d

SHA512
3701502ff0ea613ae05c200a906c9dfaca64b99dfd0dd3a32dbbbd46e531d107be56d709c1742ba4ae76f068ac76d338bc584d669280443803999e15daa610a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d35becf8476c3f91fea752f6d0ef8bd1

SHA1
2105a87febc1316db5842c2f242fbc717f55a6f7

SHA256
329cb1a569fb68b8d04a905b7cf58ffa3f0f2ac46ea640d1bae5d4bc9a21dcb2

SHA512
df244aa1b7cd3742f1354ba017bc27dfb67a8b47d38ef3383b11e4613438d698f977a14f1ca9a7bcd2df861b162c82ab5ecf1d91fdcee264c19295fce4cb38f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
106cac75bdc7af80f649095cf82e6200

SHA1
17b17cbe83e422c8284267c7d4b468c34dd45522

SHA256
2feff902f75f1946fb78a935f9842d9bc810ee0779a07c606e8b5bae8a896e41

SHA512
e2e8786904dfbd9a41eabb395453211071e81984ad7f01604dc97733c5931e34f09f5d068228e932b28f9ed2446e4fe3fd7a3fa2bcbbf509a4fad47269946249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34a46a7992344d4ca752310966ec7c4c

SHA1
91ab62fc957923d84a241febaca7d13c50cda245

SHA256
e33cbe4ccde30750da96947a87aca9a611a1fdee00e010a0cb8a98b67b363e44

SHA512
6048880e0734a31a0f1a3d2cec9bee96b814344d52d4e2492a325bc1433d1973f69a8d11fe7f9d8b538179215a8540873373c8f7cf767d97ad9afbdb8cb67018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
814f45e6e82e909753fbcf6e19028570

SHA1
67dcaec9c9a763b7b35e7286b738cf9ec5444901

SHA256
0bb47cf93a8f8331edacaff271e2a0cd56edddae792f2945c7c45405265831ec

SHA512
f8ca588d5aa3bf2993b52392fc27989dd211de025539e45903e3aaaa4f6bdd5ef256f5632b20ee06bb5720a3c018bf18e1cd4e47908474ca00eadc5a494bcc11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bc797dc4cad144b4a0f748b19604437e

SHA1
980ee32ae972bb28222a44fc37dd12a9da2f7f45

SHA256
2667e9aa6b1774ce72f6865165d0c42028f3c9e046f498e6ce96528d229a7838

SHA512
a0adb005ae1a04987f3853da5efede1ebb494d43fa1f13b7e3e2b6c49c372e7990e20e5c7c430215145aa2588fb0ff191b925bbf1c830710f98cc906f5c5673d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
29a6bb609fc4f0dc874b75c593616dad

SHA1
49ad380976aa852d9b1640501edfd067df69a086

SHA256
deed545651a01224ddd49f9cda38039bcc3e8928a63daccc46fa715432f06fc2

SHA512
a263f8c834dfe2611bad2051f737471f86fadc7f786adb18a37e750df3e6115043f682ec8ad7b1e9d971761ab584764324744b816f072e1fcf0ee22d26b33732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
642e7031c5b0e5490e8ebf8f74676b04

SHA1
b57bd280856a37d424b7386a19a818c6f4cd87c0

SHA256
beafa7c2689fddda956cdd63c5bc5405f630f309aaed66d5f2d877078d0793ac

SHA512
f6cc7d1cc1c5b58c3353b6eb42e242aa6bcd13be3fa5b37c0dd43bbc9ce179393fc121c4452b9e8c6a6546d33d84511cbc449a3e9dcb16d7e8ca5a707a65ad85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d542769097a7df52e30f2ff785171c49

SHA1
3244090c86ef3cd43b7fc1491bb5ac47e15a1c8d

SHA256
db8444e981a14fa6d6334c2ea3be4971a3b08f3aa804b58bddabd0f17bb575c9

SHA512
c6be9aef83fb4281a110eaa17ff493845a6c86f79ce1f8c5cfc138fd96090cbe7303a13874ff07d55ce525016ab8b9be03dc5c1c6887cf075b01cae13f311e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59677a.TMP

Filesize
48B

MD5
eee62d214aafc61e90f8f24fc9be492e

SHA1
ba97b25d1fe85a20566049a640b11a41ba7ee184

SHA256
c8136a3282ac34b7305fbbd5b150e44cbb9749a9ef99c724907d9558bf6d1976

SHA512
d45d34ec80122339393d3579e02254434a1506085e91962d87e3af22d42487f00ed4426c6847fbd8c1dccc79c71ff5d71c191fec73f68c3ffb856344b144a7f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
350f5293a00bc736e76ed8458f084c8a

SHA1
8f2a09eb6c41ffcab19cf5af87a6841af4740131

SHA256
8ff9f3bd5347a63f97c5445d36a83c41ed8ad298eb7594966c58551d01b58349

SHA512
c04f82c45d13546068dc51c46a015e0153dcd88d8a59557eb67149b530e79905cde957aeb181a8525dea15ffe06f05440c21ff8e1c0eb53f90445c784db23a3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
434e32dd1d31ae06ab2bfb335cf49554

SHA1
87a935df307b0bd07bc301fc8cd53c6a2967727b

SHA256
fc5953d0a06454a904cbd1658aae118ad6a3802455017549939323df65aa80cb

SHA512
4d92af7588bc99bb4e551422a596937ba50fa2e831a49349343d8e5271f5739843d44d0f8477e66ce0b4dfe01104ae024f8f0e1f4633ba893250add642e62603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9163a1cba313fdc25bc24f4510bcd60

SHA1
21deeb1d1d4f600738e649b98ddd1f50025527a8

SHA256
deebc12fcd55775dda344c31fb37926f8de599a2d4b04e89466c9998aea83069

SHA512
914de4ec0457e2c12d7e6583eddb13dfd303b6bafffbe597fb32eaf48041adb931c7b9c0296463931b29ec2e13025ac62d8ed0be057e3bd12971665fc055eda9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40b34b9bd6714c1aaa58b15bb7a32ff4

SHA1
22e11f26b36c554d07191af7526cc49b1f6ae6ff

SHA256
9c71239f0709e757ee216c41cf9f72ec2945bec708645e10df4ab31c8aace39b

SHA512
05da1cc7b67b8a75cf332df8772c1570894ddac5e7b76888d10d9ac4f8a2c27f76c34164d7229d203d6b9558af1d41bf9746ed8be7bee4ec69dbdf5f74a4d729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f274a387fb2a6e286bd14f5694ef252

SHA1
ccd1ed74c146442c21412bf224aeb331baaf6511

SHA256
801e473b51f77f72c2978396c7d82932f123bfc8529385f180c7d63de837af97

SHA512
11429cc6d8eaa2829736ac3cefac90f3a7800e46d58d42c3f0087741bacd258fa9252b79c9b33ad3cdababd408e1dd19f7b525f6e85a434da4aa42b406d57cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7b4234d648662edd1cbb8a43d76f2d8

SHA1
b9d195c1dcca8c0de891a67338bddb08588b489e

SHA256
bebde0aeaef0c7509963f4daad4d7887979f8d39d4e6622c3d9039fbeb95fa0c

SHA512
4cb2d84ac2040d5a8c6d2afdbd328ae10e5784c7cf33c21679397b938af114cfbb2cf3bf052233b9319c3b3a15373bb50e1c32aea34478bf83d07a5aa5e746d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40d25f0fc03658c0f0fcb3b09d677b9b

SHA1
14ced352a9078db9c66b14385b0d135f4b43b163

SHA256
687a442df1c60e4f072a02e8cd2c2eaba428acc4ab89b43daff0873fd08a1f5a

SHA512
68d135e17d69c49ed6f14c20c7436b946f432319b5b064cbfda1b742d316d6354690537a9ead8665b8703b806e3b0c0a5c0a2d8d5af4a8c94edffa3f93ce221e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4fb6d0664fb6db2099412e2483c1f6aa

SHA1
d4957e6ef1e49c1882d1d3b94841161df7571ec5

SHA256
0bd3718099501c6c2d36bc3bd643bfcfdd32239ddec54add1387984fe82ab071

SHA512
6c775ccdb1a680ab7b40d91620cf9cd20017d12057ca4d4cd4a491b0db45230918038a2d7ff43525faf370dc24894212a00b8c3673f7f1d2c3b505d7f252b491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5859b4.TMP

Filesize
538B

MD5
b73dfc91ff1d5e4fc155e83b1d707d50

SHA1
89b84677ee23d4c5b8aa5ebe0c79bf08e07d0aa2

SHA256
4b5e4524df8ff44f26ea00f861e8d2f2cb5f7fd872926f2ddc4ddd32bf94084a

SHA512
2fd72b0525d6c7d25c7f432763797454f837aa6aeb46e64cf1c3b738d09e2bdffc1ef0c04e3606f6e4229e74bdd498ba14b0f2c2f3dcb4a353affa0d67e755cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
cb933ffc18e3f7ada9e71a894cc41720

SHA1
9a6895634cdc23e5e02b51f805d3dd45f3c41d85

SHA256
6ccbf933fdf1d3aa0ba618b3b72184c352f428ee3f253f616dd175d0eacede17

SHA512
4e936c787652f813a519da0db21363bc2d17a0370d6ccb398abddcc8f14a2c98336270722d5f2765f490be422daa0818159ba4c035621ba9f19704591c3e5738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0df031c0ab2c1694b99353898b0d91e

SHA1
4739f234627357133d5a8c5a125f0b4a573f5f32

SHA256
c1df400b2680a1db8e88a0522e9e0382a41e7d9f0e05e2ff3c6e53bc7f96fa7c

SHA512
cb14e85cbe57e2d654ad2e13b7093d6276d4f72b94bf457264de984062c99bf4037a3f5549c57c763e7a9d7b56cf495ab1e875037b53e9648b8f972164a0ede9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
50f63940b7b0cc52730bdc5295c855f8

SHA1
5eeb020806d1fa6ee5d024241cc5b675708ad0e6

SHA256
63a742c3f876d0a5599aa49f0f0cfa7c58e2996e79f8a3bc4ab2730496f5e3a7

SHA512
a7f939d6e7d6e09fd6bad5547e405502b05a94bfad724da92786e4793b2ee05dcce7637a16be3d3ce3eb1747a0bd81fef273823d7082cea0e15abb1bdc25c85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
25266665d8ca3e6e9ebdcab0d5139b55

SHA1
15ad4bf02c2b4fd5267f7e6552c2865ee68f3094

SHA256
1462b36f370fbfccd636a2a02958f46f7682896b9820ecde8bb22e3e5bdfc8f5

SHA512
645b64c2c1ff0ce2146b8a7864419d1b9ce7b15b6f461fa02e3e5350c69b28d7c0250ad143457627f5d056ca7c6e1747914d3f554c6d7d50db82a0d9ba3b7fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dd65e3a66c587c368ec3c639bc1695bc

SHA1
7ce19ba3d3452761c92dadc2429f1b5715f0fe05

SHA256
1dad51bb350f8126fab8370d633601b00cd7ea6e9ba8da0520c9a9a277ff99a0

SHA512
6ed15262cd3de69e2526aeb2267778cef7572a3b8d31747e741b29dc3e6142a80a67671d97a58d7618ffd56eaca6bb1c9c1e1572732b153bb3585090f32e4ed6

Download Submit
C:\Users\Admin\Downloads\7672fc3a-b9c8-4a46-beb0-6c769b689295.tmp

Filesize
423KB

MD5
c62683703b54b883bc2d746531f83a0c

SHA1
5c057c0a2760f0a8b79fe4c1f176facfcce73f75

SHA256
43200cfab5514eaeca89c62da709b225d49f06bd965a4a885f57b2b3d7a55191

SHA512
082c4f2a06b2766429d213a8e05174236376f66d27b414ab37c1c32ff6754958a2e7b8a8130342760d8e39ee5197220977bfc2c6f0e2bc16c4af49008ea2515d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 181887.crdownload

Filesize
24.8MB

MD5
72047fad94c7d264b29a9224a31d994a

SHA1
8aecb72d965b12ff34bf8635229ba28a5baff329

SHA256
2d32d55cb954f5952f3e8558a9d1627b2fe7c3411d0b03af3a7f2f0ee3e42e13

SHA512
17bddcd7539dd6ab4b437a53328883b096008494cb267441835c63e1e0c2217d0fb0b8a393b4077099d3548b116baf8df09fd64b47a3d3c5cdeff18b2774b190

Download Submit
memory/2968-3209-0x00007FF819460000-0x00007FF819486000-memory.dmp

Filesize
152KB

Download
memory/2968-3240-0x00007FF814A60000-0x00007FF814A75000-memory.dmp

Filesize
84KB

Download
memory/2968-3202-0x00007FF81A090000-0x00007FF81A0A9000-memory.dmp

Filesize
100KB

Download
memory/2968-3203-0x00007FF806990000-0x00007FF806D08000-memory.dmp

Filesize
3.5MB

Download
memory/2968-3204-0x00007FF819F30000-0x00007FF819F44000-memory.dmp

Filesize
80KB

Download
memory/2968-3205-0x00007FF819D40000-0x00007FF819D59000-memory.dmp

Filesize
100KB

Download
memory/2968-3206-0x00007FF81E0E0000-0x00007FF81E0ED000-memory.dmp

Filesize
52KB

Download
memory/2968-3207-0x00007FF807C50000-0x00007FF807D08000-memory.dmp

Filesize
736KB

Download
memory/2968-3200-0x00007FF819F50000-0x00007FF819F7D000-memory.dmp

Filesize
180KB

Download
memory/2968-3211-0x00007FF819B10000-0x00007FF819B3E000-memory.dmp

Filesize
184KB

Download
memory/2968-3208-0x00007FF81AA80000-0x00007FF81AA8D000-memory.dmp

Filesize
52KB

Download
memory/2968-3210-0x00007FF807B30000-0x00007FF807C4C000-memory.dmp

Filesize
1.1MB

Download
memory/2968-3212-0x00007FF81A3C0000-0x00007FF81A3CB000-memory.dmp

Filesize
44KB

Download
memory/2968-3213-0x00007FF819420000-0x00007FF819458000-memory.dmp

Filesize
224KB

Download
memory/2968-3214-0x00007FF819D30000-0x00007FF819D3B000-memory.dmp

Filesize
44KB

Download
memory/2968-3215-0x00007FF819C00000-0x00007FF819C0C000-memory.dmp

Filesize
48KB

Download
memory/2968-3216-0x00007FF819BF0000-0x00007FF819BFB000-memory.dmp

Filesize
44KB

Download
memory/2968-3220-0x00007FF819940000-0x00007FF81994C000-memory.dmp

Filesize
48KB

Download
memory/2968-3222-0x00007FF819410000-0x00007FF81941E000-memory.dmp

Filesize
56KB

Download
memory/2968-3221-0x00007FF819930000-0x00007FF81993C000-memory.dmp

Filesize
48KB

Download
memory/2968-3223-0x00007FF8193D0000-0x00007FF8193DC000-memory.dmp

Filesize
48KB

Download
memory/2968-3219-0x00007FF819AF0000-0x00007FF819AFB000-memory.dmp

Filesize
44KB

Download
memory/2968-3217-0x00007FF819B00000-0x00007FF819B0C000-memory.dmp

Filesize
48KB

Download
memory/2968-3226-0x00007FF819300000-0x00007FF81930B000-memory.dmp

Filesize
44KB

Download
memory/2968-3228-0x00007FF8177A0000-0x00007FF8177AC000-memory.dmp

Filesize
48KB

Download
memory/2968-3227-0x00007FF8177B0000-0x00007FF8177BC000-memory.dmp

Filesize
48KB

Download
memory/2968-3229-0x00007FF817790000-0x00007FF81779D000-memory.dmp

Filesize
52KB

Download
memory/2968-3230-0x00007FF814A80000-0x00007FF814A92000-memory.dmp

Filesize
72KB

Download
memory/2968-3231-0x00007FF815BA0000-0x00007FF815BAC000-memory.dmp

Filesize
48KB

Download
memory/2968-3232-0x00007FF814140000-0x00007FF814152000-memory.dmp

Filesize
72KB

Download
memory/2968-3233-0x00007FF810570000-0x00007FF810592000-memory.dmp

Filesize
136KB

Download
memory/2968-3234-0x00007FF808CD0000-0x00007FF808CE9000-memory.dmp

Filesize
100KB

Download
memory/2968-3235-0x00007FF808960000-0x00007FF8089AA000-memory.dmp

Filesize
296KB

Download
memory/2968-3236-0x00007FF808C90000-0x00007FF808CAE000-memory.dmp

Filesize
120KB

Download
memory/2968-3237-0x00007FF807A70000-0x00007FF807A9E000-memory.dmp

Filesize
184KB

Download
memory/2968-3201-0x00007FF81E1A0000-0x00007FF81E1AF000-memory.dmp

Filesize
60KB

Download
memory/2968-3238-0x00007FF81A060000-0x00007FF81A06B000-memory.dmp

Filesize
44KB

Download
memory/2968-3239-0x00007FF819350000-0x00007FF81935B000-memory.dmp

Filesize
44KB

Download
memory/2968-3241-0x00007FF814120000-0x00007FF814134000-memory.dmp

Filesize
80KB

Download
memory/2968-3242-0x00007FF80B140000-0x00007FF80B157000-memory.dmp

Filesize
92KB

Download
memory/2968-3243-0x00007FF808CB0000-0x00007FF808CC1000-memory.dmp

Filesize
68KB

Download
memory/2968-3244-0x00007FF807AD0000-0x00007FF807B2D000-memory.dmp

Filesize
372KB

Download
memory/2968-3245-0x00007FF807AA0000-0x00007FF807AC9000-memory.dmp

Filesize
164KB

Download
memory/2968-3246-0x00007FF806D10000-0x00007FF8072F9000-memory.dmp

Filesize
5.9MB

Download
memory/2968-3247-0x00007FF806960000-0x00007FF806983000-memory.dmp

Filesize
140KB

Download
memory/2968-3249-0x00007FF808940000-0x00007FF808958000-memory.dmp

Filesize
96KB

Download
memory/2968-3250-0x00007FF812E00000-0x00007FF812E0B000-memory.dmp

Filesize
44KB

Download
memory/2968-3251-0x00007FF810C20000-0x00007FF810C2B000-memory.dmp

Filesize
44KB

Download
memory/2968-3248-0x00007FF8067E0000-0x00007FF806957000-memory.dmp

Filesize
1.5MB

Download
memory/2968-3252-0x00007FF807A60000-0x00007FF807A6B000-memory.dmp

Filesize
44KB

Download
memory/2968-3253-0x00007FF8067D0000-0x00007FF8067DC000-memory.dmp

Filesize
48KB

Download
memory/2968-3255-0x00007FF8067B0000-0x00007FF8067BC000-memory.dmp

Filesize
48KB

Download
memory/2968-3256-0x00007FF8067A0000-0x00007FF8067AC000-memory.dmp

Filesize
48KB

Download
memory/2968-3254-0x00007FF8067C0000-0x00007FF8067CB000-memory.dmp

Filesize
44KB

Download
memory/2968-3257-0x00007FF806790000-0x00007FF80679E000-memory.dmp

Filesize
56KB

Download
memory/2968-3261-0x00007FF806770000-0x00007FF80677B000-memory.dmp

Filesize
44KB

Download
memory/2968-3260-0x00007FF806780000-0x00007FF80678C000-memory.dmp

Filesize
48KB

Download
memory/2968-3262-0x00007FF806760000-0x00007FF80676B000-memory.dmp

Filesize
44KB

Download
memory/2968-3263-0x00007FF806750000-0x00007FF80675C000-memory.dmp

Filesize
48KB

Download
memory/2968-3264-0x00007FF806740000-0x00007FF80674C000-memory.dmp

Filesize
48KB

Download
memory/2968-3265-0x00007FF806730000-0x00007FF80673D000-memory.dmp

Filesize
52KB

Download
memory/2968-3266-0x00007FF806710000-0x00007FF806722000-memory.dmp

Filesize
72KB

Download
memory/2968-3199-0x00007FF81A0F0000-0x00007FF81A113000-memory.dmp

Filesize
140KB

Download
memory/2968-3198-0x00007FF806D10000-0x00007FF8072F9000-memory.dmp

Filesize
5.9MB

Download
memory/2968-3403-0x00007FF806D10000-0x00007FF8072F9000-memory.dmp

Filesize
5.9MB

Download
memory/2968-3404-0x00007FF81A0F0000-0x00007FF81A113000-memory.dmp

Filesize
140KB

Download
memory/2968-3442-0x00007FF808960000-0x00007FF8089AA000-memory.dmp

Filesize
296KB

Download
memory/2968-3447-0x00007FF807A70000-0x00007FF807A9E000-memory.dmp

Filesize
184KB

Download
memory/2968-3450-0x00007FF808940000-0x00007FF808958000-memory.dmp

Filesize
96KB

Download