hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

07/03/2024, 17:12

240307-vq9qasgd66 1

07/03/2024, 17:11

07/03/2024, 17:10

07/03/2024, 17:07

07/03/2024, 16:58

07/03/2024, 16:58

07/03/2024, 16:49

07/03/2024, 16:45

Analysis

max time kernel
494s
max time network
490s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

bootkit macro macro_on_action persistence

Malware Config

Signatures

Downloads MZ/PE file

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral1/files/0x00070000000232a8-233.dat	office_macro_on_action

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
4836	MEMZ.exe
1604	MEMZ.exe
4896	MEMZ.exe
4520	MEMZ.exe
5932	MEMZ.exe
2592	MEMZ.exe
3480	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
102	raw.githubusercontent.com
103	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	explorer.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\{294B07B0-0055-4259-96B6-2D11E65C674A}\8tr.exe:Zone.Identifier	WINWORD.EXE
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 645024.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 9 IoCs

pid	Process
5760	WINWORD.EXE
5760	WINWORD.EXE
5852	WINWORD.EXE
5616	WINWORD.EXE
5616	WINWORD.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE
3096	WINWORD.EXE
3096	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
1868	msedge.exe
1868	msedge.exe
2984	identity_helper.exe
2984	identity_helper.exe
5432	msedge.exe
5432	msedge.exe
5992	msedge.exe
5992	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
3844	msedge.exe
3844	msedge.exe
4896	MEMZ.exe
1604	MEMZ.exe
4896	MEMZ.exe
1604	MEMZ.exe
1604	MEMZ.exe
4896	MEMZ.exe
1604	MEMZ.exe
4896	MEMZ.exe
4896	MEMZ.exe
4896	MEMZ.exe
1604	MEMZ.exe
1604	MEMZ.exe
5932	MEMZ.exe
5932	MEMZ.exe
4520	MEMZ.exe
4520	MEMZ.exe
2592	MEMZ.exe
4520	MEMZ.exe
2592	MEMZ.exe
4520	MEMZ.exe
5932	MEMZ.exe
1604	MEMZ.exe
5932	MEMZ.exe
1604	MEMZ.exe
4896	MEMZ.exe
4896	MEMZ.exe
1604	MEMZ.exe
1604	MEMZ.exe
4896	MEMZ.exe
4896	MEMZ.exe
5932	MEMZ.exe
5932	MEMZ.exe
2592	MEMZ.exe
2592	MEMZ.exe
4520	MEMZ.exe
4520	MEMZ.exe
5932	MEMZ.exe
4896	MEMZ.exe
5932	MEMZ.exe
4896	MEMZ.exe
1604	MEMZ.exe
1604	MEMZ.exe
1604	MEMZ.exe
1604	MEMZ.exe
5932	MEMZ.exe
5932	MEMZ.exe
4896	MEMZ.exe
4896	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3972	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	4176	mmc.exe
Token: SeIncBasePriorityPrivilege	4176	mmc.exe
Token: 33	4176	mmc.exe
Token: SeIncBasePriorityPrivilege	4176	mmc.exe
Token: 33	4176	mmc.exe
Token: SeIncBasePriorityPrivilege	4176	mmc.exe
Token: 33	1472	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1472	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
5852	WINWORD.EXE
5852	WINWORD.EXE
5852	WINWORD.EXE
5852	WINWORD.EXE
5852	WINWORD.EXE
5852	WINWORD.EXE
5852	WINWORD.EXE
5852	WINWORD.EXE
5852	WINWORD.EXE
5852	WINWORD.EXE
5760	WINWORD.EXE
5760	WINWORD.EXE
4836	MEMZ.exe
1604	MEMZ.exe
4896	MEMZ.exe
4520	MEMZ.exe
5932	MEMZ.exe
2592	MEMZ.exe
3480	MEMZ.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
3972	OpenWith.exe
1896	mmc.exe
4176	mmc.exe
4176	mmc.exe
3972	OpenWith.exe
3972	OpenWith.exe
5616	WINWORD.EXE
5616	WINWORD.EXE
5616	WINWORD.EXE
5616	WINWORD.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 4488	1868	msedge.exe	87
PID 1868 wrote to memory of 4488	1868	msedge.exe	87
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4844	1868	msedge.exe	88
PID 1868 wrote to memory of 4348	1868	msedge.exe	89
PID 1868 wrote to memory of 4348	1868	msedge.exe	89
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90
PID 1868 wrote to memory of 1572	1868	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5432
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:5760
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3844
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4836
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1604
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4896
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4520
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5932
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2592
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetWindowsHookEx
    PID:3480
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:4376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
      4⤵
      PID:232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:776
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:3264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:5252
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      Modifies registry class
      PID:1188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:5232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:4508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:4504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:6068
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:2844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:4236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:2864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:2096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:5504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:5520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:2232
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:1900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:3904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:3884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:4848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:3400
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      Modifies registry class
      PID:5984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:5088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0da946f8,0x7ffb0da94708,0x7ffb0da94718
        5⤵
        
        PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1304 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa (1).doc" /o ""
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:4304
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9777555249426364625,6825134180631715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1680

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5852

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1472

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6124

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5616

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
c00a57a0fe5fc563031b1d2f45ff4454

SHA1
890f7892095928e70d8cc827fd4133403b857c4a

SHA256
e055ddae532d63dcde6a5c3036e9107b4a1acac722e29be471d9763662ea5f22

SHA512
4dfe71a6b318512c7607ca2e43ceb844d666bf4209334dbab3abd20bf53649d7fcb66ebdd8b52613ca7125fb334a1262c82a39f25f6f00473565c5ce24e3c324

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
6a380aadd20d94085f990680e82b12b1

SHA1
a252407e06ae8828767a270749013eb389ac6418

SHA256
41ce30ac5a0cb1aa2a93c55f5d180d371d0d8bd56761b0d1c53ffd92c27912d0

SHA512
97114e7bc39f26ada4bdcf22d6809f31e2729d553956ec6773e2a4a70f880c261b2055f616a56be363c0874c5121df935ba2ddd096a885c9e94c9b1ab177c89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3cda3a92-f5af-40e0-9b54-bc49b15c7ff3.tmp

Filesize
6KB

MD5
4ec95d7091d737ef605ab5619f51e118

SHA1
043d92d06df5a289f427c89f4c76126e60acc741

SHA256
979772e54f01c78c183f0f9cae6275101f382c849fa39cb3d0d458b6f41383e8

SHA512
8dc90028310712e7b960b53d4e97c63f7c0949843ebd228ca2e8c72301ffde4ce20a3ac2f20cab8d80c913fcadc6e6946d73dfe9a5b74027e019b1c391c282cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
40KB

MD5
4b68fdec8e89b3983ceb5190a2924003

SHA1
45588547dc335d87ea5768512b9f3fc72ffd84a3

SHA256
554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca

SHA512
b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\36bdbbe65fa3970e_0

Filesize
288B

MD5
335a45fe75b56e2319282129ddea4c15

SHA1
0d9dad9caefa6fb69cf4f94fc42e7bd83aca606e

SHA256
3a01d21a9eac4afeb5b32c88acbc2c5a80695cb81c8b8ee99a5acfb2cf499817

SHA512
add93798c8599cabf7f5f4d0dd3ebee855b31ba4c33612ee7d97870b7d76b2dfb5892832d3ad49f25a028da44e4358d7b89a701e5126324ec9106841f5cb48a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\531248ca63a70faa_0

Filesize
553KB

MD5
8ffbf17383ae87fc016f88ee8582cfc0

SHA1
bc2649b9ad99261ac3379e57da99e9de988dc75f

SHA256
07535ff109d2de81a113c5abbdf9a282abcca37e6c65cea268a094592014d00e

SHA512
e40452a11729ab5aaf916e6438d76395478fccb1ed6cbbc17d2ef07d477fc4bb15f5b46162b1068bcc7e019fce4cfe553d55838852002320b6e7d7ca584dc262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
363dc8e95508d0bc401ee92f88879d61

SHA1
0429b299ecf5871c5561a90c61e2df0443f272d8

SHA256
832da0449fc7be28982ae96b31345abef855f56d9bb472609167de3681204b2d

SHA512
55d3370ad6ac574f03682246b3b2386a82ec96040f8e84f53c350efcdaa6f5cbb8cee615eb495e2964deeeef5edd2ab772db2cbe928f796c594976c1c09a9613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf5c6f740c327a6f_0

Filesize
397KB

MD5
9e362594f579005424f7518b50966ce8

SHA1
5920beebe590ea4b4098aad4df8b189571eea0a0

SHA256
c43963edea18ef4fbee15f4bcc35281a1cbd074efbef1fc32440749843b35b3f

SHA512
74469195a250840d16b5e170c73f105584c647519c71eab3df5760ee4ad9ae77201ae388796b5464f152d88b8901237a9d6da686d7f7fc2ac9a1c454434d3ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5c39b9eddc5fd42_0

Filesize
18KB

MD5
71dab2caf73e3569d6da87f52886ee4b

SHA1
396a5c97267369a4e0543fe17b68130f62e4a062

SHA256
298a997d54720a68395859541ed7a3b95ad0ce7231de8b9238550285277b9d80

SHA512
9ac1b53d7f858ae7e06f352404b60598523af5a9c9ea3fa4c39c1abcf329e62e12ae030e01a9f760425f0ed25b9270f872c7f27d724621e7f3e47b142b314402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7a08b154cd3ba1a48ef91fa95b37c1dc

SHA1
1c239d3439edaff2f045242e0db0c59263884969

SHA256
557e6f6abfd0acb279274a8a2a5a0df17ddc96e87cc19374f933daac18456630

SHA512
5d5ab9a9236e7b5c652f020faabd103e9548bffcb1c9466c464130160e32fe3a49dedefac7785ee063400afee8fe163ecc36d287fbfacf591538fd1d03fdf5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
823dfcd59bee0218c09f22bc56496bf9

SHA1
3401d075e4a5d441e56ab4271de47dbd213d7c9a

SHA256
c35b260dbe9fea9a90ac2d31e5433638591bb328a07e20e0a4a143e0ef62d99e

SHA512
782e5bad34fc753a1e82523e6f2929df5073f55c4bc0a576807c79ee16899d2daa5e9cca478b373481dc04bdfbab389e3f78e5f2d977329e294356a182af5dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
71b9270b875dae46301948ec683034d8

SHA1
e7e194468daed31c5646e654a68ac8b020f0f234

SHA256
a30cdcffa1bf2fb2c1b6734e10daa8c4ddc717a27b86ccb67bbe875fe5a6d7b6

SHA512
856ae7bd9973ce865048083fe6febb545665d7395b020851e4116f7d5e8e3abf9ab9f4df02df2f06d8303c34185fb773655515457c93b48f6940a85128965544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
eced2440bfd722835ebad6f6713bf11d

SHA1
249e2ee24734cf6b23b826d02a78aff934e0624f

SHA256
cdfd76fef1289ef5290d1bfea1081731110c0f113198976cc71292be0fe3d913

SHA512
28fbdc5d30e3a4b4c6524d0e6b16b59953af204ef80903f6b659335b48fce42a2b5594f6ef6f1818e76b25ec2b192800149ec142a2df1140f9fdc9104d91a200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4314f983d80e81b6b2a6ed9d92a12426

SHA1
988b6a840fe1193baf50ad228913af134b6e40fe

SHA256
f59463f14d7b8718924511d32fdc4697da036781a233933343e251ac6a41804d

SHA512
8a5d1d38e0e32d85be7a18957eba218849e72dbd112a9c5f51b27217723faeec90fa5396d5982a870e4d4a220f2db23a40a6626addf32616d0e5e4b8e7630d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3e10bdd7663c9bf00a4661e5b2ab3ff1

SHA1
72bc47a1dab69bde78842a06e6dd21a9ef5aaafc

SHA256
16f1cb4a35831dac775eb36d9de293603503d345f82e928f16bbe9f417593734

SHA512
97c9b0118ff84c10c7e30e88ec0353e284f8fefb4c93ff83b1df2a02dbdf954d3b75d1766b33751f5d32f426d42bf6bf416b993adebd889d6a1db5547ca05c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b1b5469d34f5f2230bd940cea1c216c0

SHA1
b3cb41aabcd03448d63bc14cfd1f3ef9d39bbda1

SHA256
589a0d3adf0edfe92a70951d2d7399dd3278f2b2c95a0ad0906a9058362b0a91

SHA512
ee9815346766aa5bad1e1dc4f08df0788ab07673e9093aba06fbac23b4b326a033cc13ee8e4897acecfce78a54d80dacbc9f3497056f694427161aa3c8b36b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5584bc6ff4205f36b26a6f9cd676770d

SHA1
cd07f3ab560a9ed04bd6eac2d8b1c449ba154273

SHA256
64ffd000cc90a7468a5479d55490012b90f0dbd895eec868a42ad54a83d9e4b5

SHA512
4c51ff858cd49a0045d3e2e6c87cabb2a9a73d732020e64b7c35c55921d099895af45882b55f6679fdf03300fa53ed77f82ab55d3517e4ac3f1d6ce5c36f4dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\996be389-5c5f-4d07-9e2a-59c94cc30a9f.tmp

Filesize
25KB

MD5
e0485c0d743883df435265f51f5934ef

SHA1
2be1dca331fcbce9e08f7c58abc23a49988590bf

SHA256
cc284f9755742791d39cfcaf4435a39c727fd8469bbaa647809f3b710cda3cd3

SHA512
b518d0774e6ce8cab200d741be0cda0cb3905fece843bd769e0b64c437a903e204b5dc0fc6544b425d86861969a58f7f2aa589eea8584ab60b056183c1b551ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
76ce25dd0003895d216aec011fd48815

SHA1
82b7e4be21ebef67d9fe1b9b8025961da5a45f9a

SHA256
c0098c46f84c08915e00ce0dba99fc5c119a8b277d1525335207466a7ce2f9bb

SHA512
7926cd52bd8cb212c621ebee307fb85584c8f3b565daca95eaef7c8620b68d567334ab8da6b041ff975183fb984d73a84a5f0ae2b7a51c2a60a58a38cdb45f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1d8077ee4257d9177bdf0619e53b5b33

SHA1
d398d3af8d24494349b96dc35236f3eb8faeec75

SHA256
def411aa0410645d29ed25671e9981be2b222dd93ba11eb51dbae6ce49d8f59b

SHA512
46f89427feb9aff91108528cb8233afa839f0917de4a24a0763be0e9ca1fc153ded544b4531c6f697d4b39578ac8d16f79dbec3b8f712340dfad20048256aa9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
263df0f44fa42eab6dbf4092035c9ef8

SHA1
de1511ceb047b64a94ebeda2656a5ae47891536e

SHA256
55e65502480366385422d69b7b0fee9eaf79d4f77153e3c8b584674fc964e991

SHA512
e90be07095382b452ae9c73ae93ed048535dd76bf22ceb909fd1c81d6c547c3cd4a0cc309c5cc2ccbff38c414324f7a6c033cebd2e9285eab641dd795077b207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e6b8869f4a844fd9811b728d58ad266a

SHA1
012b5adf515a859d6b8ed7efcfe0fad923abf80b

SHA256
34ba324cad7a5f0e287ed1adb7033c59d3ee437bf98f2768149bd3699c040fbc

SHA512
43586bc1b23ca2dd4bd166a8254be166335661cd8c1846d70096ebe257725b7bf08226e3c96c6a724406bacd4b63bedeec49f1b9f010a2b2a241df85b9b23726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d9f7f33db3d06fdcbcbe24d8b330f994

SHA1
00c7719d7c3c5042824f3a18e133d1db9377b024

SHA256
9f7c7a36b1926766039ad17629c7a11f2cb735826643cf5a702797fcf71c2e8a

SHA512
4527f705182fbae8b115b52f18b7ddb3a492f06f8d9eeb491fbb99a4add3a27f258966814b166f2fceb5b5bc2da618f88f4fe2b9e038f371779f91dce423a644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7411348508bf00ce94e596c36502af5

SHA1
72b0ec97b4db51a1a48149d97f8b6f79db733803

SHA256
b783e2f5b2b96d7bec589861a013bf6b4e6a244955150ef620a4a03cb7ba4000

SHA512
e26e783330f1b828df8782938704af921bc5eaedbfdff3f490d4322dfe5264bd028a7e0dbcae3259614b8d386f717346bfd25bafcd82a38dabcd820951ebe8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
45bdf844da4528bdb4609d182ee243d7

SHA1
655d7e23c90c8247777b709a3b6cf5f7f20f4c41

SHA256
0a375120adfadc2da912241dc6f559cc34c3c2d1efa984298050c2d90fd645ed

SHA512
16dc565e67280440a6022ca90c4d6176345681d2ab0de1cac2b9a489ecdda7690d8c1f2720e4dc5acddb6a9144154cd70c2e2aac8ebe5514b3db772f309f7710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f29319e0fc13f443216401e6b8681d4a

SHA1
3c5019e2e3397042e37ef767281683746ee9f9be

SHA256
86da869591744ace8faaf05b767add4cd3e8296f535af90d2007035912f52b4e

SHA512
63d020f1929822c49ec1613ce2d2215220272eeb0ad4bc3dc7b02c0219c139a86157038b7868261be89d863468fcd55c97a28e8bffeb1b7ef3e181f45e879687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98f0d9fa84a26a77610a7ad88a89e002

SHA1
3b228efc14e9f00c99953ba6ba9007addc73e9a0

SHA256
d20bcad2c5a547bfe6c45420981e42d3576e222ba1b2e270242b4034264e3c81

SHA512
a81830bde54efde1f9d22c28e92f9ff0adac64bd2dc809caa34b09aa163c499aa247ceef2522acf3de64c6bb7d4378ace1ffd48d3561688901b4642c9dc62180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b8e68c7e848db89db86b9719ddbbed48

SHA1
48d41ee2f4d01ce774b03034b26195cdc426c291

SHA256
3b9d9e66ba48db157d7d21f9eb1b3ce2adce171c687150e338e6112f6a0804d6

SHA512
a52828bd927aa08b31d9d800a07194c30fe042d4be4c77020876633822cfdb84c3a97cffb355751055882b1ab052b04503d1ebbf47601916abdfe4f35e101ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a15ff30311a1d60a2dce25baabce5966

SHA1
06a4ebf3ebef22f3aef4d3133a4d35d5a580cbe0

SHA256
a92a4cc1a41553a76f1db46d11b47321c7ac40e48bfbbec6ebdf0c1ad4968bb0

SHA512
b639df2dcb97b6a4c6374943661880415a998920d307f498e605b248eef6b4b6fe19930b88cffaeac4adf0fa168cde8574a383c8cc4d448419fa0a4458519080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60830c3888486cc6976ce26f0fbb9747

SHA1
46e28e3f24fe0bf5c703570012bc3c454eac2391

SHA256
55c082180877b35158e67ce2d973ff51dea7e787ed488b724e90a5b4c36e8624

SHA512
383b4acbb40182131dd090d1caee912c6dc0c877cca6a13377537369265d88ed0f14786e819bf32dc0cb743a9f0fae059217b840591010f1ac677d74e72c7311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d124f284d9fd51e9f1c3022127a807ac

SHA1
baad0a9fa86f21ef969a7c408fed6d54d91854f2

SHA256
29235e6f82a3a362b55179cad1031658968322d3d2bd9ef00881d9a0361713db

SHA512
027d0f1bfc94e223a4d641b9c69b123018f8b22eca284db9a5c91f7bb511b138b30f560314734e1250dabbc24a5c4469169b1abb1ec385f2ddc1c06166042c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f0d88ab70fbb834c554139533b53e412

SHA1
3a437e3b5f1a9abbd9283c5bdb2447bc666dc789

SHA256
5edd1854105b0559ed446532df3453a71e827a3e45aa9b14a1ae9582d9ca26d5

SHA512
ef0b43b0ebbb44ccb060c86cd18e5198dd3d5b53d4f0fc524d9dd03476ce8d2c32fcdee0cd46a379cf04338ba83fe194be01f63480298180c82f03c0155870d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
46e884c1c8b43107d026324d6374ecee

SHA1
042de2b75064ae97867fab08b90f5fb5f4f504b0

SHA256
d0c68a70e5c55215bdbde908b1e30d0c4a7a11216a98d0edf0671a892db803c5

SHA512
1c4821277ffcc3ce556092182f292ce254986ec2075ad780a9368191be50547c8eb372a344c48ff52f324fb78374e8f7c1a651b924877e011d327b6459906379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
88870f0cb22dffa06d638fd6905c879e

SHA1
b622f46f4a19b8beb6adcb0bb11810ad31d3ac89

SHA256
df056a7cff47519431d26ebc3183cfd8bd10fb272024982e782bda24bc4fa2fd

SHA512
551877490ed81da75aa127c4dc2db8ec96eaa27ce62e3f4222d503bc3b959a1a926e7f53243996f8ff0abba4a285e10939e4fe776f660f501b75833780d75e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a91b951eb76ed06dfb9f000f6f6be573

SHA1
4d26c2ce47926f45e24a6dc73be83ae3f97c81f0

SHA256
8a3d5807f55129295279a4ba6078213e9057dd73631e09db537bd3cc1862d31c

SHA512
ff924867ec9795001c2fa30b248972f007768a9fa7e9b4dc4bcb1ff203626cd5643f18706e19a24cc4b0b15a475b9952720e2991c09638237144b72a8eab9efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e3be979345f00903ef9dab3d43d3177

SHA1
d280d12df5e146a82d8f6d7ee9d9eb814564a8b3

SHA256
0d74a0698bf735ed657dbaf077081accf22454efe420bdceb834a92c18146563

SHA512
1ecf3f07c2a6c384f4e32e27ab12acae28df667c917aef40787f107e6bf591e497e3bef21430f7f338b1e3b0b9b5cbd68cf979c7692822a631e36153e486a192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c1d506d2cbdeaff9b4fee75e53e91afb

SHA1
6fe68089c66175883b6add3481707bf41efa9127

SHA256
aef03beef5a69377fe947a1a0493d9a8a8f471085f8a0130bcd3daf4654a3f15

SHA512
cf1c6789e8b8cbce7a40b71fa23c1e39cec15f66589f6dcd351683c11b2385c9b776c445c68a73402d4479ddbc10cf03c684d17ec4a3917168afacaac594d6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
44cf8584293ddc7d6bb180b5f77e4305

SHA1
19154790e6e9c773a969e9ca58b6b8abd824072a

SHA256
c5847e3958d8625a32581cd18157679b213d69e8eadb4888d5238e4b68a094b8

SHA512
59c59be594fa34e92f9ae953e773dab13801a8268ccbcbdb14efccf6fac6376504ac86086295ff87f7b4d89d706682db0009bec45d0a870a355606214b8648f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d60cbabbb4ce7d2a398b278678757823

SHA1
e83a6c1b49568b302e089b4dfdc131141443b57f

SHA256
7fa58604bb8e3bbe33244cf09f4c0af6cee8e9534a8b459bf4e7c3d93d1a051b

SHA512
a6f7c6587e29669a0cd1e8c0632f23e1edfa3e7cd721c3a47706c452614adf4e7c059b9d7d01f3fee55f3d1914f592dd3cf67caf1a7cf530f9920a702df26712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
85af0e97c970884d83c1ddf86b8e327b

SHA1
f573401b58eadb28efb50c74ae7820a3fb095182

SHA256
219cc6c3057a45a6ed41309afeb9d7cc6bb0d3c2e11d774317da4ad21e3ad686

SHA512
e2cd2aeaf1b51aff1095c3ac9b53808474ed2de7b603771ee898fad757402ce4663c33911601ea736c38fe30fd059138ca7a72b077c2c93a776a84f630c40a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
46d8705f55bce616650147ed74bbf5b9

SHA1
92831ab0ea2ff5885824b3b80d0dee334a7f4946

SHA256
9003fc1e75fd4b17f74dbfb03ddaabf72a622c8ac8280c21978ff4ea054497f2

SHA512
05244c9f80e3dc23d77fe006849104e576557dfa715206b18c856c62d318d049d3ae6ce1b3f077a1e2995186928e66ac1477bbaacb8f23e88c52227751c8e475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42da1968d7e13b6171403ad82671b5f7

SHA1
1dab74dc84689784180edacf31f2fadbde271f9b

SHA256
68e59c2c78f740b61d74844e80325834f666f289b63655bd34770f5c5bdbe49d

SHA512
667c92debb8676c6089bc32dbef8c9257cf6e0baf14cd90f376fe3bbc22095a71db79f1c593cb21d2fe246b0c38c241d1bccd4f2c6b1dabab90f3480ee0878cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7458c042d73c4c346481de8d434d3581

SHA1
79c09ee473a9636ae412d791a3518062e0c164c9

SHA256
1c9469f8623d91e5d5a0829f30aff3fffd1f28e9b13fe8bbb472dfa938b8dce1

SHA512
5af53524638bb895868dc86a816f4759beb88d615df01c21226952117573eaefad3c7306215b2c654de6d96f0bd30634f275511da435dc9f8deebe9eb644cfa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cde095598c5ccaaeb1e3072db17f6bb9

SHA1
6a2e69f9aec71cb5a737cb30d2e4d848f6968836

SHA256
f40181ba6494b1cf35bd7b837cfbe8af815d8265239af414378c311f6a269203

SHA512
11339d53ffe714e1f6bdff90aabf7901196b96eb7398a46280231eea3f6e73f6e5a7ab19a24815bcf1711f694a7565a0c83690a0c1262a4fed10ac80b7e9e87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a17996a007842c53a9338b070e7960cd

SHA1
20fd31017f953fa468cf6136f1788b4076af4565

SHA256
38ea83e3bfa208960088b1d2007b55266e099bacb8ba3a940cd2154e140a9dfd

SHA512
8b27c680d06131b7b932b714f32879c08e555aacb9ab616d90b7eb1d449443ccd22c9203b507e1549476ed566d6103f5193813b0137314a2d55f93d28f308161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
63dee82bcdd073c6be5f958b871f9b7b

SHA1
1bf0dcd530f224929dc26ef60458e972cab92925

SHA256
785d5696cacdfea3b5aacc637a6cea363cb622f03b56b506352093bcbfc121bc

SHA512
d192d8e52b148aa8d9fe2964f9e808283b997afd8909c7534bbb117e3a5fcbff3b35d86ea2391a78a727741b234df3c72f6e58afea96abc6b7133b95a44f1e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2ffff753bb0c8f71c1ffd3581d8e1317

SHA1
cdca93df7d603be3fe42cc884d7062c8ba19c4b8

SHA256
2eb2c389bdf811adb6bc15252a64eae002ed952f3da7a685c1796c7b566f73be

SHA512
ababb1aeb59bee8b697304f7f81f8267800f04831de4c45ccc01dbfba22e3f770325df8e54386c789565bfe964cbb592d18e7400220d33e994ddbcd16264c936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
857834ce3372beda0b1fe8d38d1d604d

SHA1
1b19a3646670b2d6d75a915cb1e33c7d9e3034ac

SHA256
4f20c174c9e410925b0c383b59a1b34c55afebba2ac89d2518441ef99e50cc9b

SHA512
4a8dacb339a14b9e14fc9d098de664549b9ac2a5d09c10ac6868ba7d37bafb1b93b7e561d33c18926eb60b96f212551a1a2403ced9126ce13135fe2bbf99ba1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ba9c0d4ebfd0e4334e249356782e55b6

SHA1
2503af8fc1de96e69378a0e43ffd0c1179d1431f

SHA256
c33629c29a9c4e13b4a96def72a0613e7550bfd9a755d22efce1f508c50f046e

SHA512
a87d43dde8ba03e8abe50164e98236be38200d2bc0e3ad0c2017e05f33c86b46222fe4be773cc62164aeaa9e301a73ab7c995e9a72e0e7aba73d12272e7d33ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5e0975cab53466e86fbd80c590c63ed5

SHA1
d18fe46577291423456c9c56c60ef99b6c06b8fe

SHA256
36d40163908e829f595071ee2e2ea73e4069ab5d8e487119811dfbe58631df9a

SHA512
e221edebf56eb256be9aabe04a12fe51b46b234dd3f4a5718c6e9f022aec230584b740592c1f04e418c9a10737c5a61339f492dbed10f57143c22001e0aabc48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d40096894e8ac283f1dc766e766fd76

SHA1
0e0ce93d9d865aaf89c3a04e37e792964d9cce6e

SHA256
cc4e1dfd84217f01f3a84858cfe1fb87a0ddef39fa7a203f79cf6a28e22bac66

SHA512
0da87aa1efa8d8c47d54157ec345672fc6ff610ac884d8695123949a1f04abbbdc64156effde31653dc65de209d50f382384ac0c415f0dca4d88da8a24d9b26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb2a6cc54d3170c2382e8fc4b916da74

SHA1
7afff170fe4a77d958c197ce20eb52ff91720bd4

SHA256
bbcebbcc15b74df79f42e144ee325d737b42d162ef0665bfc794acfc566b85a7

SHA512
bdbecc2f7fc3e571526bb7926c1bddedae0a57f43e5ec335475d6aa69d740724565c4441a0de1497636e667868d5344b3ebb97f63d7b8adc2a7b201471b3b8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fd099d66b680bbfa2a451fb5b60eddba

SHA1
a0a130761b5f6c4ad72e661d3ca7a8c39e4ec0fc

SHA256
9470ae8149a5b4f80286a7ba2f34334774f16cac0268b1cdaad3d91e8918b53c

SHA512
a87389e691054d9e30e178803077a2461daed0fea798df6d9a727694069ccdf60815f89eacb2d44e0dd4588f04259401b0b8879340982e77cd3ec8761070923a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e8becb914191662469562bb24359aa9

SHA1
ed424b1adb5bf62a0bd7ca7d2b5b9744a00f7447

SHA256
5a9e34c7d35730beabc607875dd7a702d52c4bc8d7ae26f8e643b11c9fe6640e

SHA512
7846a2a25d0939a829ce7a40613a563f666c44bb8aba23de30538e4fecd5c1263695ad1ef5287646fded3e0b84103cee1c20413e31ac68a30b4d334ab1be8092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579da7.TMP

Filesize
874B

MD5
177097d683037ee72682a69216651123

SHA1
6c6a84633560eef5b3da9689fa6daf2252131604

SHA256
ec5f823051906c08b08476adf3dd17b1c0d044f9d98f187d50f369589a9901a6

SHA512
0ab045430be090e21736bec92a98cad27ad764d917093e6fe3872057b3e5cfef3c04f42d14aa26bf8453d7c70e6c2a60a5302742be06baeb501dab64d4a055e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ab28a8aa5a15125222f31f344499b4cb

SHA1
e2cca44120b85c63b7a555579e9f9914346eef06

SHA256
cb40e75901ac18c943e68e51c218732693e956fd494cb663a316a4e8bc67a5bf

SHA512
df69aa29768a81363fb99ef64b2125da7b625f10c4654151387b0c27748b5e840b94173ec76d48f191f8336cf0e30ec5293582f5942bdac3f07d687e096bb955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
501c53226b62e27d8578a6617e075b47

SHA1
515bb53dabadc868a762e1ce9813ccf6c9e51bf9

SHA256
5641d4fd5d22520df8ce4db073c548e0e495634a841c3e208531729d3e513154

SHA512
806acf5d67481e0b0d1eb0557457580dc9d2ad9525dea883a04d7dbbb4218d14a12da21c9ca2a2c223831546db0d9baad3593e4ccaa6b8171d3057cfcf78e8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5f13ac47591a64a04add608dc5ca992a

SHA1
67cefa26a9d70114d1faf576ec418a9fc465729b

SHA256
6cdd57b004648df7fabadea3e97129c73b28f4fd5a89adb708b59636e2a87382

SHA512
0aaadae7e4d60fec373b503248d851c7ecf6ce81a561ae3bae82d623490fb5a00485528ab0f3ae1410956372af45bce038002a0c61f45b8ed9ee3d8e7cf1f22c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
70aa566afa7432419706b6e300e765ba

SHA1
ba380d2cc478cd0fc340740cbe51fec375583e7e

SHA256
2285a4e7511e9a59557d025717b4d555ab5b2a96cf2a972256a59574f907aa2b

SHA512
a1e264000655c35d78b824f4db40b51744d7741a3abe659d3853c7bfe70d16c0871211dd855adf97a4a208e5e98218296f1b415ce16c7945683a8bb86ec897ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f5318360ed333ca1021b1db2136eb3dc

SHA1
a6789243bd44e3dbf76f776d056a16add7ec51e2

SHA256
279bb38cc5f841f1d931ddf6153c1ac540306792c2cf11cb690c24e897d77ef3

SHA512
aeff0192e5d9e415adc5de5db51c46c08b7b08a9dbdc555365e29ddc3c52ace1b8e4ed1e6f397bd53e3f75d945db10bca91422707c1345f1e17d51b218043565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9d668f10e38a35c1421f374c8de834c8

SHA1
b5e0026032deced77af9748aa24903118b7fee3c

SHA256
bd24bf3cccaa3c99c9d7d22f199ad9081c95ca317f41f3887d4a138cd01d34f0

SHA512
e898cc911a2526f75c96f1a6ff3860729530a3fca9fbb6ad4134e3b7ed578bd3d06975573747668c1ffc9ae533cd3ad21c0021a6f5d447a74148b8dacc1ec4e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e675622b577636311daeaef35d7b5d4a

SHA1
5e33e372aee2b43b6058efafa0b1d3fba4edae05

SHA256
36c16d68bcc0de48dad3b00ffbbd38a418b95afab15f2a51ee52cfaa96e0c0c6

SHA512
0ae9de2262da51b5e9089cf7967adb576b0989375f00866cbfcb0757ebfdf50a053477504a3590c4a2bcd3ac167467bbcf72e2a69e4aaa2eba47baba7c9d9046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6f9cf9c0fd6da2890961ba5a052f7ee3

SHA1
181b84635c4dc6ec197defca894bf1aa312f0d59

SHA256
9c47e3078388e3cd611158fd044193baad4b201545de522799f6e81b34aa492e

SHA512
4c0d13bd2d57c6b0c0f117b0336567271660d2b848134e70023b4df77e2258c9f25ba3b96dcb400974caf2b4e4fab60a2acb8483f32299776ae842903d25242c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b6755df0ddf9dbf99e21e413c6263e3a

SHA1
b2bf12f15078b50f1e1793571f4969b9559316f2

SHA256
140d500d29a0b1fb7c6b12950cf4abe282d26608138ba0052614a689a0ecc31a

SHA512
23e896e774625c103de37ebd92dc6a7abde3abee3ca3e3d2bc4a2076e64f973b442658d318b03809bd1c285483220a051e0550706547146a33ac0b85047bbd0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c6ab56d7820f7e61bc872afcfe276653

SHA1
c80525ec51b5da32d4a4dc9e7841fb750fa7178b

SHA256
475fed31cedbf231b93614ce7a05fdf33f0682b08946930aa9a384a8e7a0cdee

SHA512
85ae57700909c391be93a8923ec9b89af3fd6829ffe2b449c14388a33c51875b9920ec55132445ef0bce4c41a9997786613caf79b8318758fa5704fd813f0818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\614B2666-B368-4AE8-8EB7-D7C09174E21A

Filesize
160KB

MD5
33c6b5de1d0659d340e5537f3398bd15

SHA1
1cac702df85c201bd578229b4fe6966ccbb23241

SHA256
1ef22c95d8caef6eef565f20334089f48ed145c66085dd9a7c77b5183d6175bd

SHA512
1cdff24e3a9ea8eea016abf6ccdad7320661c2bca32285e0da6c3d55e7caa3974a604ad01244e7ad213287da802d3efa05e6cec08ea09b56b3cbe498e9bdb6d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

Filesize
8KB

MD5
c1e152aab600db4809a6a1c368782b92

SHA1
0df6f22a5c0d987610709e15479e4d1aad3bb4c4

SHA256
d634539939a7d9af229c5167a8f3bbf11379039dd9f42014900a0bb1ceca9000

SHA512
e99f561b3f1c45738cc68318ed31d2b6f79e5ac4f57b6ca7ec0ce37f0928e6abcedf20cbe179a44d4454011db33cd1ce23f1c7a5b53955b8a4676350a6c503bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
0f193e229811a81a11bb8252311571e4

SHA1
d203005ce24da606f9adb3e285dba9685d38a7ea

SHA256
94896a3a9f0b4daac71d87776d7e40feca0e670d7ecbbc90c6ce204bf10638fe

SHA512
f742ee19417e4532c330784e77bc13679ac53be55df0f037431c14c54dc7289a6499bb41b5f940ac4dabf10ccedc474e794fcff68022fd9c7892431cbbf4f781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
dddbdbc3ad7e1ceab2331196c1f4f8f4

SHA1
e138adf88bd7e8407de1a363866109b6bbad6dd3

SHA256
8a93d537faf09279f9d077f4190d267ab3973863bdbdd1cf12c3f748689f24af

SHA512
b6291011974e462259142255d6cd1cc20109a91253f7476d456012ea89d559e645cdf3b783a5c94926b5de6b0980810cd181f60dbd7fa261712a69731e5a5305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
8a2403f816d93dc3968c85793923745a

SHA1
96cfce6057838216bff703a6276a9f6079b932a9

SHA256
c49cd3c9e6cf32b0ac0a164200e52904b036bc2311a29e1af602a8606c49b4fa

SHA512
586a570d7a712ae4c04019a45caa0c2ca369bcff8b7655e3eabc5c032a0ddda6d520d3911543623caeb593674b2a4c1286f318db9128578d92f848a1786a6ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B5306D0C.emf

Filesize
5KB

MD5
0ed5bc16545d23c325d756013579a697

SHA1
dcdde3196414a743177131d7d906cb67315d88e7

SHA256
3e430584cd9774ea3b21d8e19b485b48212fe356776158dd5f3c5f63a5bde7d3

SHA512
c93072d11058fa50e3b09ff4da9f3dbe2637c2b5df05e616bd8ddd04557ea1e8b0db106b1545fad334619118c467776f81cf97ca52d3f2fcbbe007f30032b8af

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbhja.rtf

Filesize
816KB

MD5
c335948e442d52211765672747b680d8

SHA1
de8f22c5bb234e7306cda461e35924e2e88927c2

SHA256
6cad42bf5fc5ac7ba8f9082e2da000c516dc138b6234e335d5c0f88fa7ce7e97

SHA512
bfe4de8f4646027fb8a4b750d533d88fc794449e39365d058c037ad97f83dbaa70e8ec05c88150d163bac0cfd5b68cf6ab29ce8d4dfd1060e16ea43bc62ee104

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
287B

MD5
bb26dff665ecaf81eee45aff2d5801f0

SHA1
a042988e52d39b036d9a45ecebe0eca5cd9f0a67

SHA256
56605a69f2f0695757dcaaec1dafaaaba75e8dcfb9da88c77ef564c1b78eeb05

SHA512
6d1d5d243945ef840c9c4d4743abb49752e441bf6513d6753374544b42ab720e34b7e8dac21c2d343b6c400520c4fe5812cde65a76cdeaed89c7df41cbd0b82a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
249B

MD5
74635f6e5554ebd726fdca0c002dbee2

SHA1
278e66625144f9d89050b0bedb482a68855b97d4

SHA256
483e814b8f7ff4423f67f93987147b151908e1eef88479b67d4c7c69e5444424

SHA512
bb5dfc5a78b97bd7a5bc0bfe1083b1f03b5592543abf9ce00a7a36c84fb540ddfb1c8ec8994f7e6eabc30b6de896414d171d7eb3c0735ee9708093162fd17f34

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
32d53b236719a92136188e9c955ddc2f

SHA1
8723c64e1c1ba8428cefb43f6877696270186550

SHA256
286c58a6e7693e4d036e094742f3c33cc7f6e76aeaef9597b45e1c32ca1ec69f

SHA512
cc88a69caad57ae6167d5a6724277f410a6821cfa2306a8a5e016a65efc74123401c7330f8c6052c5368edce031c8968cce8c7092e20a1854fa8275dcda14246

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
89cbc48287ca0576d461e2e027d3c930

SHA1
223e24b53028f52f2efaf1223b3aa5daf1b4c2b3

SHA256
34380c637752a8f5405cf027c504c904f00d30dec4756d20320be2df0b29fd82

SHA512
b84240138a54892617ccdca15660edcff8b9a997a08a48869eff3b792a7586c1bda829f150a56a7cc485a10f8f704d993c918b6d8cb45eff5d2b29f1aae25f31

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
067e63999d280b63daa857b8243c7592

SHA1
acaee6663357d25bb4420f42d67c06471cc0521e

SHA256
674c493c6b1e59024eec3018aa3ce16e657ab8451b1503ed0d48636036bd5d98

SHA512
4b61f4df2ac59ac5a363804bc1a3a8dcce901d4ef2f4be607bb194aa32c20160d9494632c8c1eb38670fa8287348b243f31c7e7adde6655580afd10e40f521cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
71a0ab5a35bb40302e7dda0f209294d6

SHA1
5381921288f1027adfb8a368fea6d165bbead8fb

SHA256
d18eb9e25558836955209b366e897563131715654b6caddf25a286cb46d21d05

SHA512
9d86867e1abd290fa1eef80703c81f07761af458f837cb3718ecc8c4dd39f5444a187fdc7bdb8842b141b7e4619aac7ad3fc4eaa59c2fea221f7ffdbeb41118e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
2a520905524e1e37f49612d10d75ab23

SHA1
6b437c9e501757c00eb4d12d644a92b242e637d9

SHA256
054f645998ac23477a9c514bbf1b747f244523a95a3342bf68a9a521f08ac583

SHA512
dd3c9c2ef14a0e2666607ca61ecef8291ad2515bab23ffb6f07a88600b387d0a03d9e01d5927b68c41d77098e699ce54c7f0ee8f3103bc58cad083a30648df6e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
57c7a08269f5b1b1323ab1dc9e0d12eb

SHA1
f2784afa9bf53d97395a100aec53143cf36a0aab

SHA256
270d69b8b5fd7c5e3cb8a86733006f9492d999d0679b748256574a680318a1a0

SHA512
58b174bfc5ca6a0ad72eb39fa8ae50107d1bbff716bbd99e1b3347dcf229f8b4fa20d9f3640e3870022bf0b3d027015d1df70231c9cf60dbba6f55fa87f6a7e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
cc00e71d0522107f393e98c99b9974aa

SHA1
a14d65c8b0a4f8b917c6fe89930581e0bfccf9f8

SHA256
e9d2003355950fddbecf768081ea42ea1a05f70de80b3bf8dc3af1a545f5f920

SHA512
570264663333cf2fdaa3774da08580ea27cf2aa9f028bf4e84cbeac4fd377d37af87787dbdeecd3dc882f62794e2b9d47853b950f4972519687a92ae28d6e5bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
8f2b939201243bf419276390acaf8dae

SHA1
b2e7a47c1642999e192021d0ee61b366ad7fefa7

SHA256
8f7a7c9eaf340024a8a1c695df89e315e6b36bc98160df63d943b778bc74dcb0

SHA512
9f2ed0519d080f7dac1b0c7c148ba40fbc6bfc8bb19f78637c54b71f29c14da046c6724d3c4c2117a9e6a41c9b7e21ba2f9533d8a6bd450076fa462fe695ffca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
4KB

MD5
b2d4bb2eca436f379c0007487eb8dd40

SHA1
b5361da7008633f2e40716c2f4bd2cb2ec915188

SHA256
6f79c27eabc9e36a6d094ab9c9746be3495abf2427a01a6770724e5f37e358f0

SHA512
533a809b0014a29de63367ee08a3a81101e71fc7542e8addfa12c7b91a995b09ef55f3372c66bb0075dfa10f1854d959e6360ea30a34717f9f69d681bc8e7d13

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\Mobile_Legends_Adventure.apk

Filesize
4.0MB

MD5
42585ccd2b7867c12052653e4d54b7cc

SHA1
a9348c3aabcc0171d1e35edeb37fd2da0fff0ad4

SHA256
b47bcc55ca8dc0625a145d6809cfa3ad78e9e3b4f33bc608b5bcaf7e9e1e5827

SHA512
e270bd1fbbaaccf3382048e9ac2489444a735ed32fb83f7681526a1edb0b7847d6adb8d75064b065309293ef75c45e2ea85fb132a1c12afd08b3a1346caad550

Download Submit
C:\Users\Admin\Downloads\metrofax.doc

Filesize
221KB

MD5
28e855032f83adbd2d8499af6d2d0e22

SHA1
6b590325e2e465d9762fa5d1877846667268558a

SHA256
b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e

SHA512
e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/4304-1170-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/4304-1241-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/4304-1242-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/4304-1240-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/4304-1239-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/4304-1177-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/4304-1175-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/4304-1174-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/4304-1172-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5616-1040-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1045-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1043-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1041-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1025-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1038-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1037-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1035-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1036-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1029-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1028-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1027-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5616-1019-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5616-1020-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5616-1021-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5616-1022-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5616-1023-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5616-1024-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-532-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-254-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-465-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-534-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-462-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-247-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5760-248-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5760-249-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5760-251-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-250-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5760-252-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-499-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-533-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-379-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-378-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-391-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-516-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-253-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5760-535-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-264-0x00007FFADA330000-0x00007FFADA340000-memory.dmp

Filesize
64KB

Download
memory/5760-567-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-255-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-506-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-256-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-336-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-464-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-257-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-258-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-259-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-334-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-326-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-261-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-260-0x00007FFADA330000-0x00007FFADA340000-memory.dmp

Filesize
64KB

Download
memory/5760-306-0x0000016A22780000-0x0000016A23750000-memory.dmp

Filesize
15.8MB

Download
memory/5760-262-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-270-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-269-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-268-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-266-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5760-265-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-413-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-502-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5852-504-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5852-505-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-503-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5852-411-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-410-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-414-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-501-0x00007FFADC390000-0x00007FFADC3A0000-memory.dmp

Filesize
64KB

Download
memory/5852-409-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-407-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-406-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-405-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-403-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-401-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-402-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-400-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-398-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-397-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-395-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-394-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download
memory/5852-412-0x00007FFB1C310000-0x00007FFB1C505000-memory.dmp

Filesize
2.0MB

Download