f80829d30029ba255675929587f2b6665de2790e52b24845b92d1427c8893264

Analysis

max time kernel
652s
max time network
639s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HandBrake-1.7.3-x86_64-Win_GUI.exe
Size

22.6MB
MD5

1a1598a4f8a2d8d6b1925cb22a74d5aa
SHA1

ce693673a6f207be639fc07d21f90833dc386072
SHA256

f80829d30029ba255675929587f2b6665de2790e52b24845b92d1427c8893264
SHA512

63706b168aa11c6370a36fce9d73b585486f2a9e396c183eb725430f70a67d5c301701823b1e566b70a601443b748ad428de2c91e507b4a8f8d14e344571a18f
SSDEEP

393216:Xx4SBEeiv1+mx9BQNCX3fjSfy05s+EwWAa4ND046BsZdCu17QCnqXd:X3BE9l1XLSf9ZE5iD04RZD2d

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	HandBrake.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files\HandBrake\portable.ini.template	HandBrake-1.7.3-x86_64-Win_GUI.exe
File created	C:\Program Files\HandBrake\doc\COPYING	HandBrake-1.7.3-x86_64-Win_GUI.exe
File created	C:\Program Files\HandBrake\uninst.exe	HandBrake-1.7.3-x86_64-Win_GUI.exe
File created	C:\Program Files\HandBrake\HandBrake.Worker.exe	HandBrake-1.7.3-x86_64-Win_GUI.exe
File created	C:\Program Files\HandBrake\HandBrake.exe	HandBrake-1.7.3-x86_64-Win_GUI.exe
File created	C:\Program Files\HandBrake\hb.dll	HandBrake-1.7.3-x86_64-Win_GUI.exe

Executes dropped EXE 1 IoCs

pid	Process
60	HandBrake.exe

Loads dropped DLL 4 IoCs

pid	Process
3372	HandBrake-1.7.3-x86_64-Win_GUI.exe
3372	HandBrake-1.7.3-x86_64-Win_GUI.exe
3372	HandBrake-1.7.3-x86_64-Win_GUI.exe
60	HandBrake.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	HandBrake.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	HandBrake.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	HandBrake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	HandBrake.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-17203666-93769886-2545153620-1000\{8B941A88-0DD9-43D7-A61C-A2D7C612BC30}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	HandBrake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 4a00310000000000a558f6ad1000646f6300380009000400efbea558f6ada558f6ad2e000000283b020000000c00000000000000000000000000000026b0f30064006f006300000012000000	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	HandBrake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	HandBrake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5c00310000000000a558f6ad100048414e4442527e310000440009000400efbea558f5ada558f9ad2e0000007f3a02000000110000000000000000000000000000003856e500480061006e0064004200720061006b006500000018000000	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c00310000000000a558f5ad110050524f4752417e310000740009000400efbe874fdb49a558f6ad2e0000003f0000000000010000000000000000004a0000000000d412f600500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	HandBrake.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	HandBrake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "1"	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	HandBrake.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	HandBrake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	HandBrake.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\driver-first-mission-training-tutorial-sony-playstation-ps1.mp4:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Driver_(First_Mission_Training_Tutorial)_Sony_Playstation_PS1_ssstiwtch.com.mp4:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
1032	msedge.exe
1032	msedge.exe
4616	identity_helper.exe
4616	identity_helper.exe
4980	msedge.exe
4980	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
1180	msedge.exe
1180	msedge.exe
5936	msedge.exe
5936	msedge.exe
3272	msedge.exe
3272	msedge.exe
4044	identity_helper.exe
4044	identity_helper.exe
2784	msedge.exe
2784	msedge.exe
6140	msedge.exe
6140	msedge.exe
6140	msedge.exe
6140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	3300	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3300	AUDIODG.EXE
Token: SeDebugPrivilege	60	HandBrake.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
60	HandBrake.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
60	HandBrake.exe
60	HandBrake.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 3884	1032	msedge.exe	103
PID 1032 wrote to memory of 3884	1032	msedge.exe	103
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 1112	1032	msedge.exe	104
PID 1032 wrote to memory of 2952	1032	msedge.exe	105
PID 1032 wrote to memory of 2952	1032	msedge.exe	105
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106
PID 1032 wrote to memory of 5088	1032	msedge.exe	106

C:\Users\Admin\AppData\Local\Temp\HandBrake-1.7.3-x86_64-Win_GUI.exe
"C:\Users\Admin\AppData\Local\Temp\HandBrake-1.7.3-x86_64-Win_GUI.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa07d946f8,0x7ffa07d94708,0x7ffa07d94718
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6928 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6636 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,2515466444626982810,10092625866399375824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4cc 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Program Files\HandBrake\HandBrake.exe
"C:\Program Files\HandBrake\HandBrake.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa07d946f8,0x7ffa07d94708,0x7ffa07d94718
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2164 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2671935815382973984,5996060409973470431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\HandBrake\HandBrake.exe

Filesize
35.6MB

MD5
ee3cbf592c24b1bf04d906ded5c7d1a9

SHA1
1931bdd5d120635c357b3000dff08ec9110ce1e3

SHA256
ee818fe194c29f1f31d6edffeb8256405618dab251f3765bbbacfb91ea666336

SHA512
97b52abf6cab8540bb7e6467eddaf02199c34fb40eb561ee022e626f9976e9a6d5b1006d053f2f1234c4a8760d686a6dfece1c5fd25483ff2d67bae43e38d8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
18550fba400d99b3c922381ede39f9fe

SHA1
9883ac75af32fa8d96a7e73d036c1a56d405610e

SHA256
61efe9fe0651d4b9fe3879c54f5f68f45db2a32243eb07702e157db7f374e933

SHA512
795e79fdc5bdc6b132e2a1a20af8a143ebdc478c25809bd3248124ec4ab0d94e2b6bf1f95b565be7b67d659604fd4ad9e1a5a3ed68adb4371cac88aff6bee2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5871c029a3b708789271c450347db105

SHA1
60f9ca43598028a04efcc33011bbc12ddac3b7fa

SHA256
056895ffd14f366a0f5dc94b36dc7ddfaab06627c77e665731a0419bf109baf9

SHA512
6e09a51d59a65432c594dc2aec8a0bf9f46ba487a1c9a573ce1b257254b6ffa9a8d81e76d1d5f9f88c9333158a7a311e9a950cf133afa14303403265158f4b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
20KB

MD5
73a660fb16898416c21ebcf60baa0deb

SHA1
76b4f4ce3c6cca79d9126a24c95d52743f9144ea

SHA256
48f3231705cb876cce90c4342e5c60b792b3b8ff18e59954b214b85ddfd2f7ae

SHA512
831af2a7f03b8f246f9425e21dc74a646bc9213792c3b12fb4872a9c8fcac7240584dd8f6672802b5d75ec86d7e56186468205658cd01b428ea7f6144079fc5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7bffced1b76857a81a4263f2bd924ba1

SHA1
d8ced4f4d0f28ec26250669fcb68407d565ac6b3

SHA256
fe0d92d058c2e25815fe7d8e2e661923df0ca601ee4a7bc8a1c56b97b7433efe

SHA512
2f2f9e707b46e19b2c1d2460c422df3d2869c13b2fe8ba730b6d78f29855d96f865589e58ad6d9b28b5fc065fe8962ecdb39dfcb8a2dbcb034496a42ca2b0745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d60a30ea71d844aa7ed39ce9a227b654

SHA1
d2ae303b3ed0367514ba4b9c00aa341e611c7364

SHA256
cace97d095d5f8ff7230cbfdcc739c6a399efcc1244071a612bca6339c974cd7

SHA512
1b8c065452f630e96b8ac961ea43d0e9ce46c11ffde4ae785b38d32c559b38eef916ed3104271577f367a55a3714c47295d3ee2c2445764d2222fe76f160bb80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
699b9fab1860a2f5364c2a4a98fc1a43

SHA1
d787ee3f67b10607740f52b6314b7b44870c1755

SHA256
897555f04b7f5c6c51c1f2b0ae525f9175c531c7a8ff2c573d12a95ba7d124e4

SHA512
7cb078f932a1816fc63c57108b5869508dd80c0379ee71038b199dff3befb43a63600218be32e16e8bfb3496b84897243e6fc20a2ac04f7ccbff464f5cb7f631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c0bf31f25eeb9d3d6bff82d0b60cd79d

SHA1
b0170853e19c709edae3307e8ceebfbf9d637009

SHA256
4808c8378d3e1fb9035237dc32218576d041227d827fbd6c8099234e669e2dfd

SHA512
d50b8e0ba3cfbff3be9ab96fae13f1832b30f375cc250acde81da2ccd394f5f68ff4cb834c05ae30aa5b5d9dafe49385c4c2b991bf79895dced092abfc84ea2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c5a6aab5290918ab8b00e949e9223136

SHA1
d6a6b5c2b4c2826ca444e7585b1fd69a1cf76b30

SHA256
18ca1c67db6623bda7a0a6ae4383d74c6be1c78bcde204930f3c3ea7e798bba6

SHA512
a4ba952f534e7312e9856e536880649faf76487a1e9d9d22ef25bb0ee512f251fd95b4901b16285db55959f02ab6cba0a1cadfc610d8d0b79935e85f591c9e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ef3b22f413a13eca4b28d52d53d14cb3

SHA1
2dcb45e16a085fb641ebab3df438c428abeba3dd

SHA256
83232cb0408f9ff75fb2d67050cb5ca46c7c1c87b24df2b0aff29b35ed6352b5

SHA512
ef71a1589d4c6a5704c9500002429dbbe0c0efa95b71c5338e18884217523776ebe4189467c7a19488efff75d44973f0658d4c17367a4a3fe7dadfb52c645753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c9cdb34ba1d9a7f54c4f8131e385e75c

SHA1
79ddde03a68817881022a945832ed11a7b71f4c6

SHA256
fe5c72e7937cbcc492877eb2b2dc44f3aa1499507c737b664024d8b196c403f2

SHA512
aab7c6df042198bf29dfad10b2309aec67ce4a56256b95c3d4a2795e31329b949b5f7adf38284256806e7599f9b2849894344b6c523b63424f6c46255876c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
36KB

MD5
cbb9afb5a691a53d0d8367aa1d59047b

SHA1
974cd524fb2e432f2f4875b566b058b4b2f62578

SHA256
d988ee180765169dda59849b36d1a4a826c2866fa8ccb670851f718eb86d061b

SHA512
2b35245573be6f2841e1be6d333b89c0972a67afbace147eedf970a048fcf73b65f4121d35887a7223f1b281e49aaaba8527f3afbf7e2aef9779f39524808b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
6c3b900cd741449b0c717e972e8b782b

SHA1
35d65939bbb84faf9371b3de8164db2399aa74f3

SHA256
34b673c2c45b0630cad0db415da60d993c52e4c4494a1564a004cfa382d6c6d5

SHA512
1db45358229bb6085a2529634eb1cadb501e78db1a338531ba91649da964b4df97096da6a2f5033978607ca32715de55f416220fad037350e7a43743dddbd3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
af18e8a18bbb24f7695a530b87bca492

SHA1
1b45d00bd1491c735b77ee6e7a1387e3f678a8cd

SHA256
8be0d03a9c9672f04639e85299707f8085debae7ae11823ea9fd2917f36d0e46

SHA512
6a8b3ec6545c735f7168bef6404d66f44d586d4cc6ef1f83b249afcf5a2e6eb1aa2021c3baada43508127b4d3a6eda2503f3f81c3e8e95f1bec326a442394ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f7d8b330066874e5595325b06f034e90

SHA1
bfaaca9abecccb093accf11866cc0fbb375f9fcd

SHA256
0882dffff8a14edafb2de959918dee1aabb1f0cb473c62dde745f57faeb8faf7

SHA512
85d0c716dbb12a11b0c12d5ac48608c6d756968f6bed45a1c7d05b3a4a40278ee8600dddc71037c2411a96ec61acce791f9be385419b28e98e4b7dca4f6d8567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
0ac00285433d282b532cb9cee25ab3a1

SHA1
2e0b94754da2d6779481906a4ccca3d7dae57ce6

SHA256
03f26c9edf950b1582c8488dd77fc03c6e6780f25753cb7827c9e5f6a40b9113

SHA512
4425002175bed779dd3005e26ea10e2a36e789ebc72d0b0c1969fe35f406d686105530a7f9d6a72549397f2e3a166cc68bf1ca94876a22c2db6fc849a6e94bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f94d662de2fda7e47fe7c6343ae78d8b

SHA1
bc680f7d1ef39a201ea7be9b12fcd6d6c87676f1

SHA256
94a01df7b531b08890362879625d866205f9e6b1a63afb21a96a7d817ccf78e5

SHA512
a75721fddb483c2d5ce4cc9e28bda0ac055ba523e7cdb53b2265ec14448adc59013609757bc01ffc8a11ffb0be59f77309a57d4a0e063a9e324527a774d75cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
def2381e6e239881d857fd2948a3617b

SHA1
2d5dee24d4fe6ef0ff3558a3ec2653271069ecdf

SHA256
72dbcc5ae46a1c85122563005bd6c7d25362ef11ff5ce67e0bdb457e5fa544d6

SHA512
d55addc05cd114911b909cc34c8bfdb86e60df19f89a574a42abf4d589d281a348394fdbb749f4a2ae49b5cbc29835587d7a626b0f4ae99b03f87596941ba68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
3cb4ab6fb13596a959dabbea2c346f77

SHA1
5dd350c88c27162857387f28d698d199a8a6d722

SHA256
720bb46bb6b86d7e0ddc1babec35a9549671d4bd6894d1605ed3ec06b8a99130

SHA512
5b64849fa98a9f18817e4db6e2bbdeb4edc15aaa73ec1a92a0635c49062f0e99420b44482ef97b635bd3d00aa69e85f3810a0cfab4dae5bdfea52352f7759603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b1cfbc479812c5dccf98a4b7a02fc0f

SHA1
1ac049bb78e85b02d96373c7959e801a508e70c2

SHA256
d18ed38da2fdac167e870de622f2f519caade30f2ad3f64e38f23baca702cf0f

SHA512
ce537906f839b2d4b6e218a90af0e2765b5bd14fee473a88066d0e4ff8d603562778c8313eed4e7650e3bb3ac2d6df346d2217f50e9a84fd01f02716e4972797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f383abaf8557913683ed1bb06df84965

SHA1
355bbe2ad775a6282c3cb48cad19db009b88ae33

SHA256
db922eda3cc83ecf7437190cc55718101da1a181c2b41693576a4b4bfbc3a6d6

SHA512
36797e971c2bac19c2c4e0bc65e2b2e9ce5cc67ca774134fbeee253caf21933ab0d09e1e24d403573af737a327d2c6ed1fdff8c80f27858c5080470cafe9b474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8c2d9e01e168570299e6a13df57bf4f3

SHA1
31d06d17d2c877e9e5de8778d7386cb3664f50a4

SHA256
383c28bdf4d53d5250d84df75fdb85d81299542f6cd9ee3cebde0df46bff4abc

SHA512
44c5142781fe3318987339c9c4a4127a0782592ff4d5303178ed71e1401e57e16301980725297fe65cc187aa719ca538cd1daf63dc8f2ced43d7634300afe3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
99e09e8da9a62bc628850422a93f8408

SHA1
71784a2b313cad66bfd6f83a16642f3347c2107a

SHA256
6744d91c0e99ff12347df9e478e73d90ac9a6dc8f11baa3cf7ba754d55d097e4

SHA512
b25822ef75d0cfa17315cbf6f9cde67283f008b15dad2851aa55783ec15c66d2cf724953fb9e7e9a8802777587b5a25bb84f31a3a35e98dd47f00c03870e0824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
22d0970dadd31f3e07b9af885c012e7e

SHA1
bcf037c77e07de25754a9447702e843983e3eb84

SHA256
54eba361e36e5cb8255b9cca6b353273baa0ddd531f69cf616ee934db5984760

SHA512
3cf7c820c499fad76a47c7286a8c766e04fdc337f537b22fbc7d43bbd856a373bb6fd5f71d11cb785c7c62d5fdee959d15e329b61a8091bbef69d9a4828f16bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b06de1a9ad4dd978e69c235be3dc65cd

SHA1
0f4cd70d4acde6f3d9e1a358311aa01357eaf856

SHA256
97c7b58306d4fda1c59f4aa0476782af8c2d64d89dc7c00b24a78849508d5338

SHA512
665bc41535997646a734f3e8237cca158e3e202ab35d1dd70fe34380726e6a0071607500b75b1cfdd14a2c18a82277356e3dd9eb3cf4cb76d2cfe6d29052d1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4fb4ccc95b46f3bf351aa596df916d56

SHA1
2af56ccf7c3860291a333b2231d54d16b6a850f2

SHA256
45983dab71049bc3e0fd16ad49f9692b5e9078f8713fe332265974ba35469a63

SHA512
503353a886c23882c94c71067721d428c8d24f13dcabe35ee373f2ca567f1d7e42cbad7679f4cbea2672a7962a65f94fa147b28f17921f27d00e8e643c3c0b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
66e6812f5f259db01caf7cc3b32457ab

SHA1
30de8125c967aed7b785dcf535b68f083d7f60c9

SHA256
cc3f1be2088765f2b44610643b912e6d8bf10b7961495ad7a31b345f75df59ae

SHA512
c02b11c64ff4c17ea64f6891d4c04a9bc148e37abe440ab36849b39d3c8020242ffe336a866e3e27b43e281e971ff099abd4072c685b5bc1e4f4a442750443a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7434af6d18c6a509bca835f6b90e7ca3

SHA1
9663cf2f8c404e1d6a4f218637623137fcb0ca8c

SHA256
442e12547fd6f0c2e01c7a18ec194f3763b75be5b5da8be537eef537304febeb

SHA512
048a1f146dcfc8ce0ce7463cc0a3b1944564e5c9c0b99061649c76b8e88307970f07080ecd7bcdd905f7d7aa1a4159a65096e8473ae53b802529be1f8f8e27a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e60263ebcfda4474bd0cca4fe774df2

SHA1
a12622caa34538a88440e777c4b37d4ae395b07e

SHA256
89c3310c5b37ecc8a0c510c44fa263f54a373c572c8bc42fbe77b7788cb74baf

SHA512
72186ca7074b6b956432876773f392bb2cc4f2069a9b9d1972e45af6f60b2d04e06600e4e59896a68aefbe4bcb4e428f8a30a62ffc2a7c7b41f1115456239066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c6a753807afc56e56a8cd673a8180cdc

SHA1
eab540fc70b004030cfe370087f7183918450f19

SHA256
17e3de38fd19db71a9409b9878d6571b5a4bf34d3eb363efcd09bf486858d8b4

SHA512
64088449386f0b553807808ad3e16a207a3ef28fb93bdc2f9a54a97b044e011092e216bf5da86573acae507b123303f899b094330fdba01334784f22dde9b2f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f7cec39f-f105-45bb-9a29-f30b1a243085\index-dir\the-real-index

Filesize
2KB

MD5
818bad30953a4ebcec45efb065962537

SHA1
805e59c04d4d24be28f13c202141fcad845f245c

SHA256
8edbd00cacc5826b94e1a9f35144fdd5d77b345465e87a01ac34c288af3b4cb1

SHA512
b23ae94e1335e6be372cba9204a03fc1fe29f3546f8586c34bb996791677285496efc8e9b5c389cbd4288f55339424e2f2a527b4bb7accdddb8b20e9770344d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f7cec39f-f105-45bb-9a29-f30b1a243085\index-dir\the-real-index

Filesize
2KB

MD5
3f499be2b4cea3606c85b41d8b3c32b4

SHA1
1116c8d2361bb23c17eb9a356d38958d220c784b

SHA256
0ee72c9778f68cc8ea613f161483d994f11aa03d31622a82e050c2ddf5baf03a

SHA512
f826fa02c0c23e1d2a155cad63ac29224cdf7d2f903594c208a5e8d9ba3f1f50b25ffe5ac4bd3b10574eebae4fe2f7c1606e8a6cd8847b4ebe8c6ebd475b32ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f7cec39f-f105-45bb-9a29-f30b1a243085\index-dir\the-real-index

Filesize
2KB

MD5
97b085ee06424d8a8d2180b05032bb1b

SHA1
51be420975aa28b1f2280740c74ddd12474cbd37

SHA256
53c7b1768777afe4d6fd742c2320f9b808ac61313725be00fd3a548d9e56cecb

SHA512
3afb85e6029eaa75ff652bd135eb6735a8af1ffa5d680081af62cf3aedc345525ad13d550297182cf4bad308da2ba706ac8addd626c1052852eee6abb73ea351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f7cec39f-f105-45bb-9a29-f30b1a243085\index-dir\the-real-index~RFe5936b6.TMP

Filesize
48B

MD5
77ef85ad6b33e7d0e71c9841cafd90a2

SHA1
039e2f75f9923e64c6711ba090ab3e2ff8177ac1

SHA256
af093676321ff5344e3ef5f4699569a7dcaa9d03a4c793cff684499631ba50ae

SHA512
81516b392c1847df7ade873f3dd432d213307ef5d510d8b301413bdf89f749003e1fac30a4c259d7f4f03fbd7fee1446b570017c8ed3b52c966c3bb4b94a6082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
ad44bc1a29133f7d93e68aad8e706da9

SHA1
e648279ba2d4698fdf6bcc835becb613b569221c

SHA256
8ed4060efc343896f72dff0e685eb4fab70ceb25fc6895825a96e6b8d6bf6ad5

SHA512
7a974278b968380c39240a7eecc86e74c3c5b5f100498af46aa40e0c377db0d72dac2ba833dfab97d188720aaca7d2a765dc8982ba971015a34f4bc05e23d3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
8367f38db2f0235f690914e5146de501

SHA1
439af0bb96e1cde1f8aea7ab8298b03c261d5c7f

SHA256
549a7681ff526f9b7d07415d7f2cf726fcaf9f349ebb10225fb545f87f1397a0

SHA512
2ed895959cc5fe7be51d7bf182c7651dd2495a1398548729a7fa8821e8db8eeb7b99d0a050f5c35e02cbf0b2a850d574533487764d6135e3fceb212a77335b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
eeaebc0503a3644f39715e72c873151c

SHA1
efacea13ddcf434fbd96adf3ee7ef01a66c409ff

SHA256
1e9ecc36276adfdd28fb95f90e07104b832e6bd5161336fc03cde4f86a1d64e7

SHA512
ed805c80fbd24c61f7de0a55932c4bac83c147df6628c4cee2bb96249ee7120cb419e1685eb47c5736bf65ff737315d9b15bfec401c343c6c17dfab4e5979e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
54b70d7f180d241c291664e650e1163a

SHA1
b38e9deca5cce10446577f7fae10ca6d7b89021c

SHA256
1a4d0cc1121704be6319aa4310cd6e66a36abba90341cb50025951c164529dc8

SHA512
559bdb9fa57a7845f2e15b66e5c7641ebfad6859ea180f3835c516c6f2c5810b15e0f0ea441502107247ef2f86f927637de8e9696901d96421d7d1f08c4a2f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
155cb7e1e875677c1a7f81f2b6e1da8a

SHA1
76adaab0e0bcf20f4d9486bfcd014d562e0c6d58

SHA256
04211a6564be0c672a8f636ddc932353ee3713fd5521a5bb43d9c0943c8f6079

SHA512
821cb3ee5d9e822cb45758b4a95cc83421fa7dbcd148a95bfc25f0cd7c42967cf1a91d12bb2daa2c8a0fb1c90ffc9a943ee7e051388559273ffcd58f02418ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
e580cd7d3764334b315ebd2949df3a5f

SHA1
512961b44398acf25cfe098d0c0329c24317e476

SHA256
e8ffbeefed9614fdec008f5d350c2c4509113e27e6cbbcaf587bb47f1e0af088

SHA512
8cc2d98734920fb98605dd9b1afacebf467d84215928853c019895f9f6f457a77c2db080e7604712b94a0c400b32edc999b4ecac6701471a7db7fd61efccdea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
67dd1ed172c4cc0188cb426a9bc84594

SHA1
866ec8527f4ad77a66c9cb696e2c46da856d4a70

SHA256
c7b34b1160761b032658ab69376b7e6d3818534d9e3a0d1cca12fe8ce47e977d

SHA512
b332d3cca1fbb806c6f45e65b2e4825b69c7fb51173a4504333e71629a5c689d12f268d37a8e38c47fc9b518a6f470b7e629f5b5290fa08d2a3eb5f480f1934d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ecabe5c2cbd36862a24a5f36320dc599

SHA1
d8db0ac3074c77d36e328fa3ca5aef75743c38e0

SHA256
7b27c4f9f00586dd6896846d18738dcfeb3ae39ee7167e84a44ed15454347114

SHA512
490f82d4910a6be993004f7bd08eada38676cb0326ebbf17d57129f9c9f772e5b249239919c0dc71fd4f010e9aca50c6e37e303df20d5240263671a9d942146c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5932de.TMP

Filesize
48B

MD5
327f18402ec09d50ac7f515120c717ab

SHA1
bb8d500b44a2b00aba8b23aefe08b10bbf4d90fd

SHA256
b0da699b7aad34a67b1f820f0532bad69a8fc4928728b412dd95fa2efbe5eb32

SHA512
b6f2a58da95613ddd2d37d7dd2cc76e43e06baa16d4303cd88c10eb9e6594dfdffa9d79225cb8652f14a8306a1744c4de4bb7027923587c3038bd63af8ebb62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359419277239994

Filesize
44KB

MD5
f75bee04454c96c033199303069dfe91

SHA1
46ee2a09e1b5550937bf882ae748a2590bfd74ee

SHA256
360e3ec84c636037973993cc99eb9f5595ec8f1a8fea5c9019934fe2340eee57

SHA512
80aba095eb68f3981254bad8c3949c1a1a7475c8c8122f513831b7dfff0207d5611405f6f0bc8eed3992c27d4115ffdd14f6b959d9e140ba99d7f27a9b92ecb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
388B

MD5
d1c5efee082e90685e256adbc2daab23

SHA1
f8f30b0ba4ac22665594fa03041c05cd1f594c7b

SHA256
591d549bb837af2b2bf71d69be77485ad51f59b25cb54897b0fc7e716c9ec6de

SHA512
a399b3fe6123d234fe8515bddff0330982cdfe6508c5dda4b717690ab4a8981ce0811333cd0f0f019b15cb5d6a16cd597075dccb3a07ce5642ac1dbcfb4511af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
a721ee4210587852451862098af4cf09

SHA1
9df8edb54cb1890df1d0f9534db965c1344c296b

SHA256
26683ec071a656f84d7dbbb3e5f52217f1b324ba70b5571087f5548b3652bffb

SHA512
7f3a49c6e0fe04aefbdfcc3a0ae439cd1234a80cbb3b4e818399d692d0142cad9fd75c7dc513e04b0df8a8b5047be0b8299e285e2fb6989f75dfc5fda537908a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
9e1a03b80aea703fff04d3d457656456

SHA1
b6faba15315d35979e7424d695a347fc7f84f045

SHA256
a8469c80ad8c98f9d1ba3b194e94d0d238aa4cac4b35dec6b3f71499803a9e12

SHA512
18d1487289f1735e686127f5b3124d2fe4ce29bbbdc9dab3b8beed79870ccb49b0b0fa5cb1f03dee1c849f3bbf897569c77ffdb285323b71ff162ea1b05749dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd0e1d5f282529c5d1a4045007bc9025

SHA1
3713c5a1fd149ff36e73be989d6c7b7095149c1e

SHA256
92e27446cf2e99f67739e98d3cd7ca505262c0b130c1ab4e58587e90c21ca6b4

SHA512
97c0699ec5d0a5cee2bf9cd679adf0a08a6a0b48b351e36e9e393e9e49fb170f57d6e37bb5f72258c057c779521b5e635ccac44e18144bb9c66522e5b4d745fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84e9e01644e39e7c2f811f5230d4be87

SHA1
ed9bfbe3081d8abba681c695ccf4f2319ff82350

SHA256
27f4a17b1ecd1b0bb383a1901db19d1a21a7d8936120c465d07e0236f3565563

SHA512
b1de4dee593fd8f2b6cebc20b2739c30930730825dfe82fea3fb308fd4ec661cb4f7dc4591446c70ec778d2fde4bcdc426500310ca44f5d67edeef5bd572a2ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b0f3f790ef59ad564f012a1f8e89970

SHA1
ce4738354eb0accdbef73eb6342a1c03b4085753

SHA256
d5ff8f24c72b3163b7f2522177c250c4fc02016fad302f97ccf3c75a20d48706

SHA512
4a9304411eb2d294340208f928dad7a3cb5931c67498a0cc4551f49a064c320bcbe7bec43acf82020930d7ba38defc56d4bfdea8dc353bfb95d3708b5d8a2a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3f720766b3089d63312c87ac31a5f9a

SHA1
7b8b8c164aee6418a3f595fc1354bb7cbb5e2da2

SHA256
ef0e7fcc4810e9fd5cbfc45b9f1751ddbf651b9e2835890e28bb6bb36bc1bf05

SHA512
eb8fc608a0a8f5fedbb7ac0f53203541341dc4b759e66ffb52a50f0c75a0557fc3c7ae91fe222cc7c4b082eb62fd09bb9438ef8cb6c7763d93bab71f55998b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e8d3615db4b3b0c4263600aa498fb463

SHA1
5926156bca8a54547297b08c75a4adf1329c69ba

SHA256
1cac01a6cb8affa89d7319667c3a52e46b91271dceb302f82d81406230812428

SHA512
5a2db95cfef54ed7d4dab04aec5f74af2528ff99bbe3a3851b4a7ad4a48d1a06117ad95e985f8b90ef682b54a08223858dafde3fdaf3279023deab8b38bf4574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
aa6251883dc4b846632d04551d261e2f

SHA1
c1e9fc4453fa4c9b961251cbf83f7e84f724b123

SHA256
00662c6811a4833d690f8d4ca4cd858e375e7716bae0c71ca9e6e64621913497

SHA512
695eb4ba1cb480d87fbce540dc592bccd3e56da1641cd4db9403a95793925a5bb9b8224adf3769ab7b6ca5e225de05de5cc975b2456b132a415ef464947b1710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586675.TMP

Filesize
536B

MD5
91a2e5a2d476b51874b7110c050f2f95

SHA1
673286405a981d6b6e15d02960dc2f690da22e9f

SHA256
5a1417ec6e48be9ea96394530889b351d43bcd5263e82f04dae44884b63082f3

SHA512
9be6c009039655e8955682020e70589a71cb0e1679398af1e6b50d3da5d854ee2be162c90c6f41a57abf8dee0a701a8b4fd902e90b36319c51b9b604b19953a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
82bbea411d65d0d6dd01fbc6ca94bb02

SHA1
dc49adcd4e8d1054adb9cd86427a7c5ac5609d83

SHA256
413a35e36b0519d275387510426f70a534969c7b7d9e68bb66880e05ce1c46d5

SHA512
bedad517a0d2dccad5452742695a7188a67260ae4fddb6a266f66990ed6a9fd261d4db9988a700ea3e6fab455bdb67b8a129e444b71a45e220c14f5df4423bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
393ec7300dacd6a78c3a9d884c028069

SHA1
75bb953298b9abc911a3e8560113a519342c6e09

SHA256
9e042d86fd189f77a407dac229f210dd4cc50eb5876ae4d585d1942b6cf72f79

SHA512
b72700e23329c5a7ad15c21c4c82165a922e69f91c7d915be8810e17251ea8a75b4d56529da09de0dad88b8fe7c58bbd10d901b13bf403ee44275a73a1ba63af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1633bdf198f909d865946d975750094c

SHA1
6a7d0e4fde04c8078ae8a84d2090e0774a18fddd

SHA256
ed7d1de4d26d5b0116b3dd48deee76f752f77c667ab753b93444ab1d740893d9

SHA512
525d91fec1272a51e7c8237836c3677bb74dd620b13b304f7d14bc457a3815a402a64494391668119a940486225cdf236553d2147101ab7deadf33488d007ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
09ad684b8bc19e5765690f31b1a2a9cb

SHA1
43ffdae24ca8546ac32724386d66c972e01fed47

SHA256
c03499ae683560804ce32af1a73ee0920b4ac4ef2573a5c1ce6b18d45d662126

SHA512
86ba717fd03eb298d8a31d5da01fb94605d38a0ac18d0080e61733f211d9580dd92a2cde468f9b0518cf1be80ac6cde327cad2973e1ca3488731516a64accc3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
af31e390526d414c2db70f38a371d123

SHA1
73f3060e7cb348d4a0f39dcb3adbe25274242148

SHA256
6b55558ff05b1affbd8c11b19c32874192d72cba37e38174695613b04bb9f3bb

SHA512
45b38674ef71c126e0bc2c5d794541f80866e437bc1634c614d26817aecfcaad9245aa83a6782ede6ea48abcb8cd9de3dbc94956a651429980d432a627914e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
04c204bd2cc4093116bf325738202343

SHA1
ddfba6b80d01e88e5e3381b60e9572ca55b7c2fd

SHA256
0af4b99c2f9d2457ad627267df34ff743b4d19d0e03daedd117467f45844f8e8

SHA512
b7ac0f073c3ec536ba8d8bd54c4990813218850d1e11e45eab9167822ca906acbe962792dfa465824d87516e833c790f0a0a9b63105400767dcd20d883bd9875

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf4806.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf4806.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf4806.tmp\ioSpecial.ini

Filesize
1KB

MD5
d1dbbed2c474d6588ebb1f216e531b66

SHA1
771237a66b5af280c3f54450579fea74bc2c189e

SHA256
eac9c7032002626998b8c200c0420f4c79fc6b9e51c30d7f5736a8679046a8dd

SHA512
4297fd653be5611193e77edf71b9fea53b5ceff6df6f057cccc91b2c01bc04a5db3ea9bd119cb82be5b0af64298dc2c779f3681603e1d2c08a4f20349f1881cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf4806.tmp\ioSpecial.ini

Filesize
1KB

MD5
dad47e211a385342cf475a5acbcc0582

SHA1
8e87be768b89236107d5f26d7b3f17aee048640a

SHA256
a14881419e2bcec2d9fa315a16e37805a9dc57b79b984732a0bc1773f578b289

SHA512
00b14dba9ba31b598ffbc242fefb55f5f356bb60bdaceffa647a0918e7cc62f07c7b6c4cafc14e265cd10e15996814aedfd0cac0c389089a7058a09987b1dd08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf4806.tmp\ioSpecial.ini

Filesize
1KB

MD5
1e8246036b14cde6fcaa06cf4285836e

SHA1
10a5993b28061652a45715e6f93121b2131019b2

SHA256
3065c82d16e453730484551788e8038d11389c3811123d1ffa6027c37b0101bd

SHA512
ccf539bef7ab3ed83c94d3b2c9ac878c3f25cfff6bef461cd1086c7b3c97ba91b209532cf397c493adf541970197b7ebb78cb39127cfda2ab1e70b94da6efb8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf4806.tmp\ioSpecial.ini

Filesize
1KB

MD5
5ece3e6324413854d61e1d7a50596680

SHA1
38931abc9055d1b3b7ecaae9d045e1e07c67eb28

SHA256
8504504d1200c6c55775c1440afefd34e330c1fa00a1df0267421ad7ee976eff

SHA512
f3beca5c14384e83afdd1a49cbfae20cbe021d68e99ee37fdbbe2afafd1b14a5b013e8bafc4552f94dfa67b6476074d85000b4436dc87384fffc14b9a5af3aee

Download Submit
C:\Users\Admin\AppData\Roaming\HandBrake\settings.json

Filesize
802B

MD5
e9a36fca0d40302e2b9457b0e80213fb

SHA1
e306be11303647103a5a56b4b3ba343c93ccf749

SHA256
79e98af2ae87a77eb9b93fcc981af0af51869c38c7dc8a0829e3ea2d7de4e948

SHA512
3c5fe394897ec3544e8b0625d3e4abc9115d31fca3827ba0ce81778822512be2fe01dda11e0b775862375d988f3696a618b4159df649f172da509a269d540cc2

Download Submit
C:\Users\Admin\AppData\Roaming\HandBrake\settings.json

Filesize
882B

MD5
73b836a043211c1c74c0c8ce564e918a

SHA1
5438dd39c599d7dcfdbaacfe32d8fac8394b0322

SHA256
efe9438b1d1514cd3994bf310244457bd31b975df07936929c0c2d1cda9eb6cf

SHA512
9e1aca7727e9898d125e7261f2b3dd4e7aa3462d39bfe911754dd6eb80f6abf9627b9d713dd09868475d8cde43900cc5f89a69b2a5ff1a0cab6cdfdecf1664d3

Download Submit
C:\Users\Admin\AppData\Roaming\HandBrake\settings.json

Filesize
1KB

MD5
4a6286851fd2af240bcf822fb1682174

SHA1
9a1227d98c91d38c6da48fa1ca882e980d087ab5

SHA256
d14183758ab617b0c41b84b1ab4ad4b2349f870516d6376e37640d59e8c3d50a

SHA512
7a620df3c26cfa5b5eafb73946ad494acc9d96b1bcb3f42c4c9280ec3a020aedc16ef27c9496cc8b52bb2653eb0b6643baaabc7dd85c0984942f41bdd84e8f43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
734fb4918c7d9726a57c2e0814b2e53f

SHA1
971f55b0295f184862ff84188b47baca36ffddfe

SHA256
d38c92a9a3f8f8072204e1948bd8d6934eac43f9bdda792bfcaafa951b020f4f

SHA512
8ca13e1fa53e5aa89862b58063c50307a10e05d21f307fe4f36d0dc467ff70c810fa9e882362dde8fe8981559b6706153f9566ff5352e0300fe8120fa5565f71

Download Submit
memory/60-1495-0x00007FF9F2B00000-0x00007FF9F84C9000-memory.dmp

Filesize
89.8MB

Download
memory/60-1528-0x00007FF9F2B00000-0x00007FF9F84C9000-memory.dmp

Filesize
89.8MB

Download
memory/60-1396-0x000001ED50900000-0x000001ED50D40000-memory.dmp

Filesize
4.2MB

Download
memory/60-1404-0x000001ED50500000-0x000001ED5055A000-memory.dmp

Filesize
360KB

Download
memory/60-1392-0x0000000180000000-0x00000001802B4000-memory.dmp

Filesize
2.7MB

Download
memory/60-1401-0x000001ED504B0000-0x000001ED504F3000-memory.dmp

Filesize
268KB

Download
memory/60-1492-0x000001ED51C90000-0x000001ED51D18000-memory.dmp

Filesize
544KB

Download
memory/60-1489-0x000001ED4E7E0000-0x000001ED4E833000-memory.dmp

Filesize
332KB

Download
memory/60-1485-0x000001ED51C30000-0x000001ED51C83000-memory.dmp

Filesize
332KB

Download
memory/60-1482-0x000001ED51560000-0x000001ED5162E000-memory.dmp

Filesize
824KB

Download
memory/60-1407-0x000001ED2E260000-0x000001ED2E26D000-memory.dmp

Filesize
52KB

Download
memory/60-1821-0x00007FF9F2B00000-0x00007FF9F84C9000-memory.dmp

Filesize
89.8MB

Download
memory/60-1398-0x000001ED50590000-0x000001ED50662000-memory.dmp

Filesize
840KB

Download