gozi | hxxps://www[.]softlay[.]com/downloads/Electron

Analysis

max time kernel
300s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2024 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.softlay.com/downloads/Electron

Score

10^/10

gozi banker evasion isfb trojan

Malware Config

Extracted

Family

gozi

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 8 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

Electron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Electron.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Electron.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Electron.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Electron.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Electron.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Electron.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Electron.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Electron.exe

Checks BIOS information in registry 2 TTPs 16 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Electron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Electron.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Electron.exe

Loads dropped DLL 16 IoCs

Processes:

Electron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exe

pid	process
4864	Electron.exe
4864	Electron.exe
664	Electron.exe
664	Electron.exe
4288	Electron.exe
4288	Electron.exe
1892	Electron.exe
1892	Electron.exe
4424	Electron.exe
4424	Electron.exe
1536	Electron.exe
1536	Electron.exe
3960	Electron.exe
3960	Electron.exe
916	Electron.exe
916	Electron.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs

Processes:

Electron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exe

pid process

4864 Electron.exe
664 Electron.exe
4288 Electron.exe
1892 Electron.exe
4424 Electron.exe
1536 Electron.exe
3960 Electron.exe
916 Electron.exe

Program crash 8 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4604	4864	WerFault.exe	Electron.exe
3036	664	WerFault.exe	Electron.exe
1580	4288	WerFault.exe	Electron.exe
2840	1892	WerFault.exe	Electron.exe
1896	4424	WerFault.exe	Electron.exe
3760	1536	WerFault.exe	Electron.exe
3932	3960	WerFault.exe	Electron.exe
4260	916	WerFault.exe	Electron.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exechrome.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625597468589950"	chrome.exe

Modifies registry class 3 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{3421E9D6-E514-4713-A0AA-C2A279796A98}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 51 IoCs

Processes:

chrome.exeElectron.exeElectron.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exeElectron.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
4864	Electron.exe
4864	Electron.exe
664	Electron.exe
664	Electron.exe
4076	msedge.exe
4076	msedge.exe
4948	msedge.exe
4948	msedge.exe
2976	identity_helper.exe
2976	identity_helper.exe
2168	msedge.exe
2168	msedge.exe
548	msedge.exe
548	msedge.exe
4908	msedge.exe
4908	msedge.exe
1000	msedge.exe
1000	msedge.exe
4992	identity_helper.exe
4992	identity_helper.exe
4732	msedge.exe
4732	msedge.exe
3100	msedge.exe
3100	msedge.exe
3260	identity_helper.exe
3260	identity_helper.exe
2224	msedge.exe
2224	msedge.exe
4720	msedge.exe
4720	msedge.exe
4288	Electron.exe
4288	Electron.exe
1892	Electron.exe
1892	Electron.exe
4424	Electron.exe
4424	Electron.exe
1536	Electron.exe
1536	Electron.exe
3960	Electron.exe
3960	Electron.exe
916	Electron.exe
916	Electron.exe
4012	msedge.exe
4012	msedge.exe
3004	msedge.exe
3004	msedge.exe
2976	identity_helper.exe
2976	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: SeShutdownPrivilege	2836	chrome.exe
Token: SeCreatePagefilePrivilege	2836	chrome.exe
Token: 33	4244	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4244	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
2836	chrome.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

MEMZ-Clean.exe

pid process

4672 MEMZ-Clean.exe
4672 MEMZ-Clean.exe
4672 MEMZ-Clean.exe

pid	process
4672	MEMZ-Clean.exe
4672	MEMZ-Clean.exe
4672	MEMZ-Clean.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2836 wrote to memory of 1512	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 1512	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 2224	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 4036	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 4036	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe
PID 2836 wrote to memory of 5068	2836	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.softlay.com/downloads/Electron
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff871a2ab58,0x7ff871a2ab68,0x7ff871a2ab78
2⤵
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:2
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:8
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:8
2⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:1
2⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:1
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:1
2⤵
PID:556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5244 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:1
2⤵
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:8
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3052 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:8
2⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3112 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:8
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1868,i,8818612070805140452,10723518597998563454,131072 /prefetch:8
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1892

C:\Users\Admin\Desktop\Electron\Electron.exe
"C:\Users\Admin\Desktop\Electron\Electron.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 2652
2⤵
- Program crash
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4864 -ip 4864
1⤵
PID:4800

C:\Users\Admin\Desktop\Electron\Electron.exe
"C:\Users\Admin\Desktop\Electron\Electron.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 2656
2⤵
- Program crash
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 664 -ip 664
1⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff863aa46f8,0x7ff863aa4708,0x7ff863aa4718
2⤵
PID:3988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
2⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
2⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
2⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
2⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:1232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4764 /prefetch:8
2⤵
PID:2072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5324 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
2⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
2⤵
PID:1804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
2⤵
PID:796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:1
2⤵
PID:2624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
2⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1372 /prefetch:1
2⤵
PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6124 /prefetch:8
2⤵
PID:4084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
2⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,12868158663850211402,12818844747219995300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff863aa46f8,0x7ff863aa4708,0x7ff863aa4718
2⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
2⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
2⤵
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
2⤵
PID:1232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4012 /prefetch:8
2⤵
PID:1380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
2⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
2⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,609309571406378567,6620466979838612656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff863aa46f8,0x7ff863aa4708,0x7ff863aa4718
2⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:2100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
2⤵
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
2⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
2⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3432 /prefetch:8
2⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
2⤵
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13687015413495655773,9813144554088000358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

C:\Users\Admin\Desktop\MEMZ 4.0 Clean\MEMZ-Clean.exe
"C:\Users\Admin\Desktop\MEMZ 4.0 Clean\MEMZ-Clean.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff863aa46f8,0x7ff863aa4708,0x7ff863aa4718
3⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7684397260418848076,17097570345840284295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
3⤵
PID:100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7684397260418848076,17097570345840284295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7684397260418848076,17097570345840284295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:8
3⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7684397260418848076,17097570345840284295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
3⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7684397260418848076,17097570345840284295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
3⤵
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7684397260418848076,17097570345840284295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
3⤵
PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff863aa46f8,0x7ff863aa4708,0x7ff863aa4718
3⤵
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
3⤵
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
3⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
3⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
3⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
3⤵
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
3⤵
PID:808

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
3⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
3⤵
PID:3440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
3⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
3⤵
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
3⤵
PID:3224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,4757232231700710035,9595340860623455207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
3⤵
PID:2704

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Users\Admin\Desktop\Electron\Electron.exe
"C:\Users\Admin\Desktop\Electron\Electron.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 2564
2⤵
- Program crash
PID:1580

C:\Users\Admin\Desktop\Electron\Electron.exe
"C:\Users\Admin\Desktop\Electron\Electron.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 2568
2⤵
- Program crash
PID:2840

C:\Users\Admin\Desktop\Electron\Electron.exe
"C:\Users\Admin\Desktop\Electron\Electron.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 2564
2⤵
- Program crash
PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4288 -ip 4288
1⤵
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1892 -ip 1892
1⤵
PID:624

C:\Users\Admin\Desktop\Electron\Electron.exe
"C:\Users\Admin\Desktop\Electron\Electron.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 2560
2⤵
- Program crash
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4424 -ip 4424
1⤵
PID:2428

C:\Users\Admin\Desktop\Electron\Electron.exe
"C:\Users\Admin\Desktop\Electron\Electron.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 2564
2⤵
- Program crash
PID:3932

C:\Users\Admin\Desktop\Electron\Electron.exe
"C:\Users\Admin\Desktop\Electron\Electron.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 2564
2⤵
- Program crash
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1536 -ip 1536
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3960 -ip 3960
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 916 -ip 916
1⤵
PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
29KB

MD5
455cc6c3d25e197d9647dd42676644c8

SHA1
7c5d524bc0a529d921eae5dbabd02b0df9c223bd

SHA256
d497d6bc810ed94b71d2e001768c9fc043aa8ca888864b44ce143b695ce01599

SHA512
e8d198f81f73d8daeb351b8330d9791f59d59f511a7fdeba6faffd9e177512f800f8ae142a1d58df97f249f3be7a3bbc8b3139ff0f3a3bfca898d077aa4cd743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
0fc304c397c09a72816ed9e4c08e9679

SHA1
9e4a5f9169f09903180b2fa06695a9c43e3f1f60

SHA256
66eec15095f3b8ee9e2ca0e6c57070c3fa5c511be3df12bfb6caa45ecd1f7b23

SHA512
f5b17417063d01254b4ca64116ba0ff218b51e927add9bc9024627f913fd80f50e748b902d5393f7189a6a415a553a933010079d48d9314daa7d2a84ee33ebaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
d6b6ce9904789cebf674a110eb8a75e9

SHA1
dfa63033ed3c7091d4a7a1447b3e96921e318b6a

SHA256
5f5bbbdfc4feefd98522fa71d17f6e3ad20d56480ff6154e3236ba08a817adca

SHA512
e6dd6ce232fde76ff2571fd1c2d76018cfcc5487e51a43700e979849243f1cf7ee804296d7336869ff10eb931db84f5ac991904fc59ea13013772b121f809ec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6b9b24403bedc2b8033ac3517bbf1eab

SHA1
b9c2b088febb099a93f40dcfefd2a6eaaf92ddec

SHA256
35f96b1eb2fcb32f2d7c9f48f6cc4810a4d3bfa6e20248ac4680c8a7ea7a3ac1

SHA512
758f8562a3109f39f1eb6fc468ede21336e6df42f1b999be02fd0008885d6509df1b360a939abb2e997b72633fa57be67ea50cb56d61bc62863022eb6cf8ff67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
403a6a4dc5f2d60f510e63853b2cc12e

SHA1
ea2a18b337647e53f370c0097582d246fedeeee0

SHA256
f5f8c42af071fb890fea1c39f72439a4a2e349205e0bb8d0f1cbeec33887faba

SHA512
0bcc2d55d2739cd1ed4e8e0a856117a86add6eb2e341b4d70f2a7aca9e8a51508b0ee8c2831ce7fb1564833a410a5b2849ea882369a1596d5c51e33a058b8fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
22ed4adf2f691a11a8b45e5599affef7

SHA1
8c54292ce9c1e5121cd9181d611bfb19149dbea3

SHA256
4e1b2820d499292987e335c0d346e3c9f060e7d11812bdee88b08adb235d760f

SHA512
587782c8126f6d031f350721b8df79c500c702ca3a7c832e616495c305a6e71596149d6911f0949877187e19dcfc0157d93680fdba64b49b740e16cada022e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
02b3b063c5f2da48eb6d4ed9b04a54dc

SHA1
2daa8d6ed4a2d04f900b18eb6fdc5e33c84e7314

SHA256
46baa9d7c8ebc9f1fe3183cf1e6ecc307b5ddd8f57acca3f757445eb43d4e71f

SHA512
2815a8273dd2f96328bfef4d963b54e89efa43f89288ce4730ed536456a420cc515a919d05a3ee49c6eace0c28f7511ffcf3fdd19ce7a0a87286cc4d07aacb7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
d8b8b187af7631fb5967d81dbe44c22d

SHA1
ca34bc06f8d1411ccc36ef10e3c5fade515f6433

SHA256
3818c5b7b55827b9db3ae5a8ed6f8083f34f346e2b9008ca5b4892ecb369977a

SHA512
5ec66335f32535804796ab3aebd6d2c85ce69d23b5c258290e5b593b89ffd28200edfabf53fcf5e1d7ab5c3666a9109ac15553276de945691ffa5e212b342c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\89c4ba8c-a9df-4cbb-a265-6eccacbce557.tmp
Filesize
11KB

MD5
bd35630fd3acdfd505a530b484080962

SHA1
1564bf58c98b5272c91c270f92c6a38039e25dc5

SHA256
2fe937abdeaef14832041c79773489f412092856525b618fd233d27ebb2f2eed

SHA512
d87dc64a5c42922be13cea799bfc16943c328daaf346a962d1a1ffb25bca84fd127913322c35c2aede454e9dea8021b0991ea482717ae9852bda58a5cd0886be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6267af72014ce6209ad95319d7728014

SHA1
d5bcdb91b191b431ddb7bbab688f61ee7b534905

SHA256
73f7befe9bad6087bfceee9cbbc89e62c53f05fee9db02970dd0e02c02187f2b

SHA512
a4320000c12da553ebe5a60d68e087ef416d1724e7d326fa1b1767b4c5770a31141f964c9a916980b16c72c831cb1035dfc71e8e48d928a27497e5fcddbb0496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e05a0436a9798f464383434192522ea9

SHA1
ea3f130dc75271f67d52cfe26db397d5d24daef2

SHA256
a1a873fda70e46a5d7b3f477c4e2047e6a22a430bef921fc1aa1bb33339173a4

SHA512
6c9668beb4d90c2243dcd64de0799f5a7089c05f20c8b974fd5dc146c4b71d1d06c9cffb4d1a37b8fad3781fdf2f1b111c9f81d5a88c8b0acb645afa49cb5e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a4af3f3ad8335f12a15f215898f6c5da

SHA1
9f352efb481253592118e83dcadfec6b50f7235c

SHA256
7d4b93b1f35440d11e00831e0930deee22a9f5e7be5e2f2971241de1e650feaf

SHA512
0e560ad8909e81c24393d726dc6866f7b870ed013722789c9398d9dce75822bdff815d4ee61924e402aa0692be0a7ddcd3fe8d601a949f3d5c289fc824fabb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ddb853b7697db9541edca96c613ee2e7

SHA1
ff55b9e47b5163c3b85ece139f96f3f94979ed54

SHA256
1c84bcb67ccef5e0d47438167b7b40b8b2fa5f0d75997b847e960a73d529f428

SHA512
fecf84da84b86e1d544f1b019c9696aa9ab97bc1e2a5002d1f71b3b22871cc4651b8a2c5339388015237aabb06fa801be1d13a3ca0ce171e0cb99b9826925bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fc403bc54f7521ef762822e0571ec3ec

SHA1
fcf5916855a7cc0139d8e13488e43971a4f9f196

SHA256
dfb36ea693437ce5abfe919842003ec2fafde1e61b5c8d4c51423bce4b839392

SHA512
0427e479e9026f215e4a77b389b6951743f1cd2e0c45cf7d0947857ff1f060e9eb6f66a4e687b00d54b5c1a390a53776456dac173414650cefadd527bc8fc7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\201ffc2c-2f25-4706-8bcd-04b444ec1e49.tmp
Filesize
5KB

MD5
ffc75b27ca2306ba051ea81894279b7c

SHA1
86fdf429029f0f0f316c98440931aa7129384149

SHA256
27ce948458b6273f6b6bae22b797ca1c070c97e54935364613a1ae15a2b936b5

SHA512
7b065d2155bbfca356edb13d8d91c3e460ebc5c93c480d673d6a458f811943f64546a7dcb3648949df5be22bae8f5abd57d1ff3440543df2ea2ec78adf4b1bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
41KB

MD5
08ec6693d4a37081294566d20db7bf02

SHA1
198b01aa40d39aea01e50f38e7f40ce068a2e9f8

SHA256
25fb4b75a3c0bcbbbe2f5face339ac48d0abef8400b9aaaf41f70b777c61d16b

SHA512
27deda106c50a7a700f9284799e4a7520ccde2c95812fb7728446438f83fc720f103ad4ddf09e0345d12b790df92f2a60484518a5d7ec52b20ee7679d939600f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
36KB

MD5
423885818d67bfcf00e21be13f6f3a71

SHA1
a79144758af1204bb161fcd79e74c1f692afb7a5

SHA256
5bb552beb00af20a3a39660decabba8520cf53ff43594d1cd923f9217081d169

SHA512
99343f25ec96fe803d57a1787ceff649a5350de6e5624990214d604cdd6cb3a4c5a8c069a024712c83e70ab91424ac1ac1f7d3c7e16f9fd498342c46ded593a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
1.2MB

MD5
b48e876e91ec89fbaaef68677fac8058

SHA1
90d1ec84f062ed577f423c44dc8bf04bde44d514

SHA256
41b601617afa569c0a42d592341bdbc062b2480bc61f6ab89d85c43c1b2987ac

SHA512
2d07f78ffdb9ed12e560c9ebf64fdccc4ddf89b7866d28f5c8ccb862ddd56977d2aed1e82158f6f7f444664b4417e96a7923994c51052acc8ca1d6739f7ab5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
20KB

MD5
32940154aacfd6a789ba920303a6f9d2

SHA1
fc3d11ee786fce81af7a67e7665281df198413cb

SHA256
3ba01080382954095923d8a2c5fa4e9d743d9d9b57a2b39ae0906072892b0a0e

SHA512
5abe00a74b577eeb3daa3537fd6a68e230220fd90613036be343d5220589e0fc861475b450c58d37abcf4061a0ec264f3a7ec1115c8926bc52f88a6167df9d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
18KB

MD5
277fdee241a520433873c520e31bbc7c

SHA1
28ddf5b9f1353a3acc38a50d8461a791fdbabc4a

SHA256
743027653f691df64995ab146b00c862b25f3c0d97e90b25e0ba0060ead8df9a

SHA512
f2770681a541ee93d159c663a03f2421b5280f736256f44fb834fd165db9d8e0e1bee5eb484dbfedf4e324862322f0c462af0ab5b4389e366f3d716e2b1273d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
Filesize
202KB

MD5
6a16cbefd2e29c459297b7ccc8d366ad

SHA1
40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe

SHA256
9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60

SHA512
6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\09f4462215482980_0
Filesize
2KB

MD5
b2ed3c509ddd28d0e8fdf0b528ad53ac

SHA1
9361b6022a926dff9305078500b93527ea22028e

SHA256
0322dec438617e7ede12bc8de1c5913157b3119cbcb5eff498f6ad14be9a9609

SHA512
c9bb57329fb37cfbdc91e729c159d3705946adb2eed2fa1369cce70c94add8c2ad27074db2cacc4be061d6cd8fc8d9c6916dc2bbbf3e734ed0d45acf61a8fc64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14475254aafd8ec0_0
Filesize
3KB

MD5
f1b39ced1fc5c568327b8d06e79b0ead

SHA1
c5a9fce5544b9ccb500018b228c1300ef5e362ab

SHA256
fd052af364b06f2eae964ad6b3f5dbe141ac60cc8c073d1c05f44e5ad4401fb6

SHA512
fcd25097b6c3f542eaed6ac717ee80e262d4727662c47253dc888c9a82153197a8de30319b84e66665bbb94d07ca93a19815fa2a31d07b7fd8a88584af77b2eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2504af4177af1958_0
Filesize
1KB

MD5
e49a27ce430d7b7cd1c3201f8603d69b

SHA1
d93c89b29dca5653a4930ab0e76c51e7dd4ed70d

SHA256
65674f5a8295b9af04df799fca6f2525adac73b957afc1b7d92e976a0a126993

SHA512
804920d7f3ad752d6bee62269003e86ff13906ed4227ad0793401244b27b45c65b4ae244b93292041e2bc8a98cd4bfe5825ade3612c30e32d0b29bb34ae9359b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b76d7967c518e37_0
Filesize
1KB

MD5
920a891e79f7a2607736e9d9c0e22d04

SHA1
c996514a8473446e1e8fb3ad0d6656ce11917fc4

SHA256
0cc6bcbe051618d445978d74c1d07ab2b31d31894a3e62d105bf903fbbe186db

SHA512
f4154f9f1a32d1349b4909777d0019f817c379a86a515b5a1ba2af73d0cbe45687935720ebb4f07c760b724c74f246cf7856dddf7fc0f4a230b9ae0bde4c7be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\484b77469dd1f078_0
Filesize
1KB

MD5
e694330b65e1614946628367e7666c85

SHA1
d69d4749445f7250fbfce15e472b98193d248061

SHA256
868efa91720c56529dc139b7d8995ff2e17fd6a3ab76f8f91ec519f557633e27

SHA512
0347714d4ba55d45c8240ec5611a68051effb1ca955233300ccb61876a7a6b286f4eb67965269ff98e970f8b11b5749650bb0479ce4a787d3517ca4b30dc5e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\499b86fca3b4305a_0
Filesize
1KB

MD5
7135d46007ad288cd24a00aababc8069

SHA1
daf659e1b45bb746709227342c6a06f5a4e5c87d

SHA256
98444f0e61f43c69d09d4110f97f30df8b45fce429469c3b95c52ea6adfe32b0

SHA512
66344dae9ddd6ea57dad91042f52abd891cfcdb12b0c5aba837101087cc1f33e3922497a80e2a61528a2406e692ae0c3c0d15bb73554e772afcc866e0bf591f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5029b06f11a1b2e3_0
Filesize
2KB

MD5
c663c9f5d74e9497ed4a149a6df90d5f

SHA1
3f914a58ea54d625709beca6da947da29b9e0606

SHA256
391c46cb16cc53d077a88540de6cf8012a8e7f3d3ac25a1f090044aacafb1045

SHA512
4339f7a9d616d0d135f8290e20912236786a1b930f5a589f4ceeab6865d46e9461ee6a24824caa8e235c1430d25b913dd52ae4994fdde4c5cf328ddd8faa6be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c7f87c683148aaa_0
Filesize
1KB

MD5
d1ade94c8436ad6eac21f72b5df9508e

SHA1
4abeac3f7f8d26c9b5a58b11016a80c34d8a199f

SHA256
e6f2185c4af166562f0bb6d9b3e4abf66bcc8fe7c3672f1829ce1637e1fc183c

SHA512
8510974f6f245207a26556abe6802692c60868da904500d0fbc0a39336ef7f811a65e79933ecf89616ca0f6c0d6c2e763004e8aa1d83194091262b6f5b040be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c65c5af754bc363_0
Filesize
3KB

MD5
16802faa2936620cee3dff4d03dd47b1

SHA1
2130ee14f69aaa8248ac76b6581245dcca3a95ac

SHA256
2815b7108035ae161456c7e5df45856d9d81fec59bdc35f3e67bcabdb56c359c

SHA512
5623599459f914345d0c57dc412f58d9d7a08c7286a6751245b2e032f11fc70b221a3f96f079304d38018d8142756d84f5a6234beedff92fa07865cef3e4e067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a50aad6057e22c49_0
Filesize
2KB

MD5
50b4a62a25be8f1c834922248fe56fc2

SHA1
9c9bcaf3a795b04d65ae0a51107508e393513620

SHA256
7c694bf456c7b9fee703c713993939279ec16b9d82d3ba3a0019c943e786ee6d

SHA512
21e013b391fc34a055cfcf9e2f653762281954097ef1b85718db1956dc61350d6c337d365ec5f1ebf24598e914ef3fae1d08684085cf44e95a1694fbad4cead8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
9dc83ee2989be9f30ab16da8dc1111f6

SHA1
8feb81105a4cf3d92cb7e07d9e72be6cf117708d

SHA256
e3c3b91feda2cfe57d8ec3429847103d1958cd70ec880e62248226e79bcde383

SHA512
a6ab232e00eacea13edb65e58a25a7cd5a37ebd2c883e0c17cae4720dcfbbb60569e79bf4eabcb77b0735ca2684b6c0769a64c0bcdf49996190c0ac9f25d10c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
5c87647bcdfb72c2565cfbaa6c7544ec

SHA1
60da0ec3e29f787be39f2e5b753fe960932a8efa

SHA256
40a862f0c2ab69b39c850b091188a14787365e57f8f649268470ea486ebed09b

SHA512
687e69245b611c814b707d5e6211958a8740ead83ff553e1fd4a2f3628f0a6c99af4f9a7236cea572e9a38df39103cba166c08774ede7b7a053062f0319ca2a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
8b5620ccfdf043afdab0c3fcbaae450c

SHA1
2ba8a62d95d3d554ee74d2e8f86fcceedda5ca67

SHA256
1a30bc9e98a1a02dfeb2a14539931523788e9d08229f2001a5d68e67046d2a85

SHA512
ecfcd05c25e57d026b9c3aaee4a86f98ebf07db853948f1c372d62fdca73030ad6df97dd34bc0420416deda87b9d1d69fa1d1ad3ef4cbc0cca9e9ce308b4dfd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
bbb254c4157d9cfadb884b50fd063d53

SHA1
b03a7601d28147f96380f732a481cbdb95a2cc91

SHA256
579c915ab8a8c2c9373bfdba11e41dd5145d2b935404e503894b9c86db9b8a43

SHA512
0c66bc69e1b07ca7cfd6635177675c12dd1c4e0d35388ddfd663c049cb75490749abe45f226e05f2746a431ffafa47fc4aa33451cae90b41d6035116b2c93125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
0e5c785880ca771d01c3fb830c922b5a

SHA1
bc10db6aca6b1a582d11bb27bb95af9bc4743cd0

SHA256
2d109808c319d576b4ea921a1f6aa2ec9a68e6824e156ad2534926198ac58523

SHA512
9870aaf12104bc18887585bf8bbbb36a42da80b95bcd1df5aac6927db3ab9b640a37a39c8847050432f0fecd575c4bc24d91982001ac320a55da5de4ef0cf7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
cd65f4c7d5c9558c68da67d4984add8b

SHA1
71fdca2bf539a6b5edb49574e9cd01424f66f4b7

SHA256
bf939005079b3c9c248def0656b149497b3f541e9931ab724f89e4c68c045ecb

SHA512
9efd52d790d35386fe4320a42eab9a6ea9999b17fcee2e8d6d4cfd894080a05d8c9e0e3fe257705b296ad540a634df03de916fa663ca7ca0b14d9203983c0be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
9ca74aff649a6f234dab81e4412aac03

SHA1
be4e5548f4436cfb0f18b964046268ec95046e3e

SHA256
a032d5e7534db01198d102d3d4928027abe9027f1c7b773e28da5a4949c8a733

SHA512
9dc503aa157e0248fa4242d1006d81ef74861ca07ea057574f46f186237396c44418734db5d4bd94488717de70d02f17b8ab4d619abb45482aac6d9cdba6ffc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
2d33a69f00decfd733922abcda2e811d

SHA1
2114080cab70295a510cfb63d2a751135a732215

SHA256
7545976c468129a755e76a3879163ca25ec08d77142f0726d465cbc81aec736b

SHA512
11b269d032173227c957bba81e76a3ac5c8f6f1a4f96ccedec9dd6e55e33b9fc7559cbb01f340debac42fd01b02644466be3c49b5d4223df05eb800cfd4b78e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
3KB

MD5
3928df6f4ab1f72671365291167b7627

SHA1
b8799cfb0bf45aff93a501f02bce4f3e0e992c00

SHA256
b8ab1ebbb62864ca28641ba24c6583399da164281e600508cafdee09d54971a8

SHA512
18394861a9af459da5eff0f68921daaf91f36e66726452db76f2c36b8ac5498ae432195f7c2aa3da80a24ec00acb515dc343c5ac7a44fb318722d01fb659327a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
c658b90920357416fc593db92a5791d3

SHA1
88862a299cd8a366d15b6ffd6b182730044bd455

SHA256
58ad2028274599fa23fc7a38e63fd727a3cce703a6e4c8b6f75411253b3d19f5

SHA512
2f33cbbd3e73b21b7bebe73f9eca5fa8f6f112e7eb15fae91612b4f3fd3f59affc13dcbb754d23fed4a43ae053936895771844b160e6cde51d811b543fb25728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
d9cb0654961297c64669d1f8f94994db

SHA1
08a62f3b358b98eb2b6e0082c8a5e75f9a474907

SHA256
5f87f109a5dc386acfe08d195ce6d340d2bc816d00e321b53fd99034a7ec0850

SHA512
3db2bf3d424537efa4727fe23548bd34fd4fe6eb36c464ac80c272857254fb8399aca9c8c868824b966158fb87f144b514904b9d2a89d6a1d3cf519a1fee9a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
f957347537fd7f7351b452876df9821a

SHA1
db8f00e34258dcb8c93f8b62d704d8a6ed3eb2f7

SHA256
38e2ad2a705787b1f4acc6f60ff5a2473973e458c3e3607df2a2e3d964e49137

SHA512
ccdfc0399108e67beba685eb61dd0fb4a51ff5e074fe51bc3daa58dd754a090216794acf86b3d0456e142681b32c3f0fe44c07a3740629c2745555abc2b5756e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
603118998d02d0566f9c33348916a598

SHA1
5526e011426748ff58da8fe48c31841cb4655a49

SHA256
75dcff863bbdd2fd0c500fb088e96c70afdecd203c1297a0ae3612278258318d

SHA512
5b552ba8af1814ccbb708c75e86128b40d270f056d926753ac6fbd8f1d083baf709acf2d892c7347d464f90b01effd2999d7bfae3bb9061640f992a15cd6b5b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
02e6a9a04ff366b503a1599c2e8c73af

SHA1
21d7e0b858433ffdb78966b042c0fa5d9340c52a

SHA256
fc55e25220e304b95b5ea939fc5dd3c67d7969eabf17ef7692430a3f9253643a

SHA512
4f151f5b6e3976476217073b87a3fab7f13e6e009c94da1677ee7296af68253f02f994b38027296628daccab7ab2aedddd7401a21161542c8ccf2f1eb0848e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
453116637cfb41f9a5446f92fb413143

SHA1
0115cc9d3c7ab1c38c55789d493948900727a2b9

SHA256
9118cc84022598b75b0da2e3cd99b833918e316c4ac93e7a8d6d1d10b611e450

SHA512
8a32e8c50a5f28e80309b425aa13d27485048caf2d4bca6446fb160d5f4a1b0538259aefcd64650553fcb2e0011edc49bc66931d5bed51d10ca9eaf867aff561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3133d7f1c821d4a5dc11e5ff719998a1

SHA1
79d23eb9df2c4b5270b34d2219324ee44e95828e

SHA256
18ed82efe9335931bb47d93fb9820db948dee3a284c9dc655c376a61986ec00f

SHA512
cd2ca3210341e387f10989e2274ccd009a21b9639fe70e0949e3390ff219718bb8396623e51aaf2f4a2026d0f7cde29a6c9efb9ee8f476bad9128c37b956dcb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
eb7d5185a0244ba15de19d1d35fdaabd

SHA1
5165537cbf2aa2e62d97dc4d3b60b32fe2a8f08f

SHA256
e378b73daef4e723f5cef8013d7301b3c117057fa248a8df19ba556fc8ddb313

SHA512
7ede85e3209d97ea8d3fd040999d1d341715506ac03c028d15023a8d9803d42d6e2dc38f00fc195f05b10d2e346f75a811171378fbaf682ca1d02bf4d92ae1c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3998ba619824c487c7dc239e65072382

SHA1
94b282782dbf922c6cffe570236056d9b0777e03

SHA256
d78fc3b7d1332776449fd3e3228f8d79169913b294d55f80044032499cf512a4

SHA512
3fa1a45a3060b22ab25b8a84bf193c119e51e89ebc1516261aae19eae620a8a80361f3c0e42f78edff682a0c197fd43eac42fd8950cd8bd1d1715ed513d6dc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9e010ee119e5009b467152d0fc69e7c9

SHA1
3482bc27b77fd2a258a83f96a55f203af3f7ee06

SHA256
304e3ff4feb6b492b7a587a8d45b847a7c6c438feae1693b61140f2963bed5d0

SHA512
323ca2ed6829057300cf57eeef37018155105e46fffe15483361114b6d8e7cdcd4031f00306ef92a92ef6b913fd23a4e6c5901fbf87382113dff1db7fa577071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2325df7a32f8628e9910db1f8a6b7c52

SHA1
ec829b801f5a576dd1b9e3f202a6b1024f29c188

SHA256
c4297ff4d53159044d16c3c35be3d4c85f478cf41f56c57ec2d74e96aee7a080

SHA512
5c33d2d40bf9f74bd0e53bc0e1915032380687a339157f3bbefc17a717232d545912f20ef4af9949871c763e3e037ddc6b79f957cde8d47681408216b727f6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
41aa7076b32da1a93c07d602f5beae6f

SHA1
f64a5ee6da94c375a6efa14f3d262974c1561b2d

SHA256
baee799b3357285a05cb9290e5b3d848395214088ac3eeee61d5edd6607b1d42

SHA512
c7319aa2505ee8ea59580bd13053611d362987897c471785e6d30745ab49a578287c20024b693886f55ff1e61c299680e7abe2561a415b0bc12bc9309f23f74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
efd65d9cf1bf3ef5c1fe1b200cc94bc1

SHA1
d1a8b621c214b67b26dcff3400b6de04d9193841

SHA256
09c81915ba2489635691c4d0204952692ecabc53546e46937bbc855d3ddfc17c

SHA512
3472293541b22e24d14dce15fe5b70e1c2aff2ae5946e95b9fc11e77c169145a3d5226051341e2abe3caa273ac20ef6e22fa1269d3807e30c10af56481a9099b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
92594736062503c4d350dd68cd56381d

SHA1
29bffe518e1ecaa3e3abc563cb293afe3505eac0

SHA256
20d3c882ce34b94bd7259d9b893160d63fd6ec02fe7a60d329f8f8d672fbff1c

SHA512
aca84cb2f442b6f2cbe877cd99222b7f8d10baca805a44bd7847a32d4d39e3e66fc949936704833e39b43971eb90ab9bbf58d9b6402b80621d51ed7b2772e804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3cef5f505bc3918b2dc0b3682326f9e4

SHA1
61208fe85884f484f255e6839c5940960743e0fa

SHA256
54f762bbe7886e877c611f89924caa1ae8bf50d3dc108807d1c7bab0cf82ba37

SHA512
8f5dd1d17a1188aa6c10d32cc91e879110e53050fc10234ce62707530251e63a26f4d4ce56f8c18e77918c0151e7b4e1da6d30fa553362003c93a9dfa5370d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a3facd8e932345487dfa0b04f22bbd88

SHA1
f5e7e74174c621f53ee463443876e88efeade86b

SHA256
43bc258bd14a11b5708fb5ab66983f7ce15dd25f93af07743ef01fe3f288ce1d

SHA512
648902a96bfa6292f4e834d70995f5e46033508e14be402c79f51123b6161e5ff41f04af55e822c9f784cb3406b50bf0af4a7a66e2e40169376461de92e7988b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
83a3893f82c95e1968f8f17ad0065721

SHA1
4efd9f0083777c169ead9ec12c19c062dfd2421e

SHA256
aa19ac47d44e3d429ca9538147697056f67ecfb96234bbfd1729c4301d6b3a60

SHA512
695f2f36ca5baddb0bfd0be923d68f556374786edb17e6a837a6be74f707c7a0f552e6c5593f158d5871a7ce8e454b91d405f96910de1292d6c21d50d212a733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
30c08a3341b27430d68d6c872d8fa307

SHA1
8de0cb3ccc3d79ef2f7223104a376635fd978657

SHA256
bbe1e8287be9d384c25e511b884519410c110d276479dccbe8adf2d7d7506c27

SHA512
3ec2053882152adafec0554ce652e654b95ffb16508b33e9d92aa7db24963459e0cdb3fbb90e3ba3b3b71d56163eac9af3de90bb314a727f9f1e8991855beab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
83eec464c583342f0d0d92b195351107

SHA1
81b5cc0fafe20900f649c9e1a50af92e67e83b16

SHA256
7be87db634cd65d7f2a61d497e9bfc90009e5c07c8fc3d7793f793d93bf06a77

SHA512
7c564e1b383d4d05b91e3d4c275765295f075eabd5fbfbd268556f07099cc4ea04afd71236309502c087906c0c69ebd252644c68b7ace0b7652980285f3a93de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
4c3cdd4071337a44ea140ad52fd15606

SHA1
a1ad3838599cd4ed7419c9787df6f7d1a6699e56

SHA256
8ebde18436350b1b1e18fff82d4ac63b00a353741b82922bdc6d5560c9e1ee4c

SHA512
c338ef10619ba9613c88b642683364759cbd4f5d8e362d51caa7310e7e35a6264bdca69f0f35232782b75782945dc0352a486fd9b2e067299f64f2a62bf6413f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362559785897675
Filesize
14KB

MD5
9b8a8bd01bd5a85d58a6f8458bc70606

SHA1
fc5318b8495504a6f5c36424e1397c1f3756142b

SHA256
8b140d9d19004944b12ef8f72927b939e297bd3fd06a11d2b1ec153bf232e64f

SHA512
300712a4125c90f963451c1e000c38be2cc2db19cfa0f7a753be9daa46524a8c17e92b7d9e7bbe252f86d4c7f2b8536891966ad8afa4d77ae61162ec9d7825b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
184B

MD5
6f0f3c9a245d870531932a85d154bb7e

SHA1
bb4a292b791107a8ce75d88644242ef1127d1d0f

SHA256
decfd57114dc2892aa8abe9b7ee558b049a6e724b307df573f43ee93f1e4a40e

SHA512
cc81b041470753114e6c3220a058451e5d413556d79c17e3657792d142c03b910836b8b2f1d67e8e8cce355a665e78500ecce47f35ea0c999d72a3a715cf8259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
15be22aa5d6717a31dd4f262ed1a6764

SHA1
a1a78ce6d33939b3d166034f8995afe524e27892

SHA256
dbdb1b25b708f710a30cc70e99893d3286cd28de4e118158c2e4e1fd8f737829

SHA512
5a37c73d01cce38be3f20914d907ec58fc72c22a41653704f0a0efceb1b5d55f53f7f6754a3f95e603693edb197e46e4ad5be58566eaaf950be08ac46abc74ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
c97d5aad0e63e1ed38f81b1e08f4859e

SHA1
2696522a68d7dfae0282f6a46bd2291eb0ea9fba

SHA256
7d307dedc332e7363530365cedee8c75cc0f0eef4b65b2d15e35896499899d4e

SHA512
92689d822aa60a9124a208ef959552da642d234673e9c075cb9e61c2b4a22e7971ddcdb8c7b4102bae963059ac6d4f8211858ab4b66b4e0a433ee8706a227640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
bff3fced6f1240fbbf85bdbfbe6a3fe2

SHA1
d313ce00611bb22ba9179ca5d106a7a1a76f01a6

SHA256
9706e1881e90a23a10b925671c6c71a2c230faf3464732e26d4c5c3a8cba2096

SHA512
5452e063fe1557b6819a667166ccf328dc49f037573437826de7f5d9e2e846fa5b0d56181400631e009c4f34a786478b8a74fd4c2c75591e8f31099619ee5372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
68d483f5119a93cf4f5a6fd6f50026a6

SHA1
9e2d246871fd6f53b5e306ac44c721832f3dd6bc

SHA256
614ab766cd3d6b2dcb358dc3ec5f667b70f11fe7742f8f52c1d150a04ed326e1

SHA512
5d2160619dae66d8ad8032738b86358970251dda36d7a7efa0ffcaa4e587b2b400026b08a71b8f45ebd297ce1195638e99bb6902146a3ea3a77e59e77b55b23e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
51bb6b246cd5ec2b7eef80bc434f0e4e

SHA1
f3f2e9d833facd71f5c4dcefef037e865414d148

SHA256
48005e6aa65aab3353a7d303b801b721f6e48e7c9c1aa8d8d98e9149fe117fbd

SHA512
6b5fb12af002e55fe8c997eb10f1fe871aa01526f3f5411714a65512cf1c6532766e89212dd40c8c40ba3e8e3bba3a56c3aa4b3a41dce882bd383ff52af68659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
340fa278a99de055ba33a2f26609b8a9

SHA1
636cbb4e4b004842cacdc86eb4495df83044d62d

SHA256
7e1f0defd762557f168d1694695e95d4e5da101660a4ffa23545d6984dabce27

SHA512
26ad6980c984905d067e6c35b322c9dcaf40d96408ab0f1b7d824afcb8330d2540ac736d9880e3486883137f349cbf50ed4dce40dee52bbe0714ea5ca2b930b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a187fce86b6619b778ae7e67806803ab

SHA1
6491cb242a4ba4c2a878261829ab927bf3454479

SHA256
be2293d0aa332b60ce0aaac994819f20031b1b4d991955f536eb27d50200c199

SHA512
e52d963b4ca25bbfa664c941ca8fe4dcc96504a16b4f755aa53d85309e1b49292436f71f30c4b6fecb0cf1f5764a03fef33a75ca75287b2cc954c2e596aafb58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
285abd3c6a45193856b86ac79e9fc898

SHA1
ba2f80f4ebaf8abc1ab02bfc2b5c68d9963777b4

SHA256
a4247c2b2313394c241ff2a0b700d4d60a2835a0aa318a5225372abce7cc68b1

SHA512
84ee914065e6e0cf59ae98191472e760b634df7ea56c09fd71a22c51208a740920922cc35fda172f78470b281483fdb96a657e1ad0e2acc800575f2884bba042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
69ec3f27d8a53c965ff014d582e1c212

SHA1
18812fb9206aef76e1eec30215cd6d912f3de853

SHA256
c64037203d0d9ac77e7b415a84274ae5db62e0b7da0e82d94e67404a90d20f58

SHA512
12903dcac09405d252180e2dad000f16ef5c0907ea90568b0e7256b013dc0c5ba5cf0c7846a3ee0ac815a25d5f8944f4ebfcac6c5f950f2db72730a0aba79ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
18ee348f7deadf4aa37f1b3bef05882c

SHA1
c89de02b946f6250bc217e2bec6a337ef8c72808

SHA256
69b27197f9e0d86fcc279eac6006e6b51de890a0e2e43f899ab2e016c24dc7a3

SHA512
2a295155ecb4140ab3b22b5205271f37291e55fc62cc1bf0a13c95d97389259720a213824d2d696a95e02ce36a715700d476a80e3dfd0eeda117fba935efee24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589296.TMP
Filesize
538B

MD5
256a5d17099e188d166ee1f330715b4e

SHA1
ba120fb5bfc1c074b4cb89baaf910be0e7b902d5

SHA256
ecaf642e44126f3770226f620ee6e52c25dbd6a9a351b04b58fe50965a2f4e90

SHA512
826eeab26960197eff817552813180fc8aed830366a7b7a516bc21bb62afcdbeecb8d501e20e62982e2ee62717bab87ae1c758aaa8c5e0a133a33afbe2aed221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
cafab645de372432381d1d192d1d2ccb

SHA1
5543adedbd8a5a87b4b81671105f2afd7c8a0049

SHA256
026b8460b1ce2287c3b7972dcb31958d2ec2abc29afcc90a240a8beb9692a5f3

SHA512
59b8ab245602daa86195e855d708b4874c273c1ccf49d16a2ace108041950be5c1dd79f3c48c750686c62ffd31e500d0d241ee5140e302e62e62d8f113a5baee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
e4fc5f82f9d112cbe295c73ff6b52d1b

SHA1
dcca5fd164d4c18917165fdbed06d7a1eb3c00a0

SHA256
1a99fc29c3d9ae3e056e29a8d98965e6ba2b3f786aa2662d379c935dd3816555

SHA512
486f981e4d1709aeef2eb25b489b7f8e3d6b6fdcf992485bfb7f9a81e7b41246c27958725a0c35e85105db8bb9b27883d3e232a480cee95b9a83db65463b5d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d618cc59-cada-41ed-9827-9dc4ed0e1e8f.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
60KB

MD5
51ac9b9026bb4b9399cac7515db8ff75

SHA1
f7ed4fbe23e775c859dcce1042b8f9dcfcdac22b

SHA256
f87c8b7946a22f7a608f13b4104d86b0f9b8df8716f536618376eac76d8c912a

SHA512
327fbec8649cee3cf098007f855dcffe2dba8d5c4281b86d86e293a4f184271c03ca6ecbdef6ea6e8f1039683d6065023afde245325980d02c13b6c4a490016d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
5fb9af9564030f8124b6255bc2a22e8e

SHA1
de266daad0bf07b6005cbbbd7283e97e74f0eac2

SHA256
af5421bed331cba62cd51d9424a075bc9f35c8539a71542d84b1168696dc12d0

SHA512
0408f6f4905d2de84c3bde919a162357b13a7cf9a61eefdc98a4537601d3553436326804fee1a758fe1c561f5e5339268a61f4a4e8ff3303d5d6da77b2cf3ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e419cb977f900b3ac65f8a751d46b341

SHA1
322837a1b88eb7d885af2d2ba46184df7c90cc5f

SHA256
1674b8777941cba15ab906402232b306937811cf2759f96231eace31cf0b7922

SHA512
86bddf8647f4ae67b87f801c7dfbf1a707f62a3a0772e4054f9dcd6c4f4b1eeaf9f0df255e435375efec1fb32b66a4cd59b30b51ab6004f54e53a8ce7cb0c9ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
284cc14896c6ad592eafa6a73de345cf

SHA1
61776accfaa0756dc06fb4a539d5a9c3dcedd90a

SHA256
712b7b9ff8789b24bcc56a02420522304a435b39f35669320a3f3cca97928db3

SHA512
9d8dbd2bc6a70363e83009da1d9885f3c574530a16f0a4e7f138fb46caa6af0d94f22016a96745d085af61d040082a8050a282b9cd1118326e9eccd30067b2b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5a45f8cf9f2a90b69d468ff77353ef38

SHA1
dd5311ef3d696822c667a1fb101c518fa08ca596

SHA256
47fff3a26a105c3919bd9675c6edbf9e84dbd0542c5c2c676922a19637e21d60

SHA512
06b50a1388333da9eb114beccce0c57a11b4d7910d80b87b6c97e7fa59e5e5b4ae1816d0faeed9cae910a6ece4feed920248e526b7de91afb428c9482c6eb4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
15e8896ced2d78df14870a35ca073324

SHA1
93406f7e8792ad221f135d1cb719a00cc4f8ee5d

SHA256
c93ede6776d7052c214ea1f385350b187ca080c2adc3cb6275c4c468ac2bab03

SHA512
f0f8a3e0dcf115f75fe4b930660d2b15cff5da627fc4fd461a30ef9c8d108db463b778c6495f36925c7b3b88bbaa3060c69d6bfe684ff8d8040342943badf52d

Download Submit
C:\Users\Admin\Desktop\Electron\Microsoft.Web.WebView2.Core.dll
Filesize
418KB

MD5
f342d254fdd33e76b2fd6a3f8b517de3

SHA1
79c91621ea96a6635e3934e9b46dcf23d1fc762e

SHA256
8ccde337ed97230a54e20db8608e3e74e6dbe3f4d153846a07484c2fa5ae596a

SHA512
618963615db38d9ead4855555e7ca7558b0f3c9cc425a950e3f3457d49a5b50645fc9718a0693398d07bc1d822067e9fd8289d45f889586884daf25aedeb6cba

Download Submit
C:\Users\Admin\Desktop\Electron\Microsoft.Web.WebView2.Wpf.dll
Filesize
42KB

MD5
240bd782a3480dee44dbb4632ddc7240

SHA1
590e339cdfd0c90ff57f2e05e2c7436d947d8c17

SHA256
034872ce8a62bd5d7bc1627058cb0b16435e895e398ea5ad0d6b0114b4eedffa

SHA512
03e74d8263b0e71af812338823f26efb2f45f99ac73011083d63c6c20ffec79b8575836564b09ecd4c0532565cdc0daee53bed40b7eb7cf47a685123e20d461b

Download Submit
C:\Users\Admin\Desktop\Electron\WebView2Loader.dll
Filesize
112KB

MD5
5b17da9adfc5a07fa499dded4fd52747

SHA1
d1c37478f1029930a03b6bc195c8ef7093ac49b1

SHA256
9d5918cec81470225be7478c7e092c24f248e8caa824d667fb57431cad94be71

SHA512
f50196d520d77b920c32a12e6c6de20a2dbdf84c88e2c66e086813017a2bda909caa1aabfb4545de4f2b8cd23f2dad1e10b1571abdc62524d44bcfb355ef5432

Download Submit
C:\Users\Admin\Downloads\Electron.zip.crdownload
Filesize
3.9MB

MD5
e4f7021381d73388b2ba9ccdff4c7338

SHA1
a2a5451492e95d31d638eab0b380ea668f937d87

SHA256
e89d3160f87ebffc0394b1f40d13795aac1a7187e732f3ae634427d5995f6f92

SHA512
3d5a40a74e38940ec2bfe0cf392b642c91be302d9c3ac2672ebb80f2d64b52613ecce6d20cf8f7ce7f46c66fe620e89468243b7f0156ce1500f1961253675707

Download Submit
\??\pipe\crashpad_2836_TSSPKZXIXPWKPPOG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/664-246-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/664-252-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/664-253-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/664-257-0x000000000B040000-0x000000000B050000-memory.dmp

Filesize
64KB

Download
memory/664-259-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/916-1693-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/916-1712-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/916-1703-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/916-1704-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/1536-1688-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/1536-1689-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/1536-1707-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/1536-1683-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/1892-1691-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/1892-1670-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/1892-1665-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/1892-1678-0x000000000A4B0000-0x000000000A4C0000-memory.dmp

Filesize
64KB

Download
memory/1892-1671-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/3960-1692-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/3960-1710-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/3960-1696-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/3960-1699-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4288-1682-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4288-1673-0x000000000A4C0000-0x000000000A4D0000-memory.dmp

Filesize
64KB

Download
memory/4288-1667-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4288-1666-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4288-1662-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4424-1674-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4424-1679-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4424-1681-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4424-1700-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4424-1687-0x000000000A2B0000-0x000000000A2C0000-memory.dmp

Filesize
64KB

Download
memory/4864-224-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4864-232-0x0000000009F20000-0x0000000009F28000-memory.dmp

Filesize
32KB

Download
memory/4864-212-0x0000000076E40000-0x0000000076F30000-memory.dmp

Filesize
960KB

Download
memory/4864-211-0x0000000076E40000-0x0000000076F30000-memory.dmp

Filesize
960KB

Download
memory/4864-223-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4864-214-0x0000000076E40000-0x0000000076F30000-memory.dmp

Filesize
960KB

Download
memory/4864-225-0x00000000055B0000-0x0000000005B54000-memory.dmp

Filesize
5.6MB

Download
memory/4864-210-0x0000000076E40000-0x0000000076F30000-memory.dmp

Filesize
960KB

Download
memory/4864-226-0x0000000005B70000-0x0000000005C02000-memory.dmp

Filesize
584KB

Download
memory/4864-213-0x0000000076E40000-0x0000000076F30000-memory.dmp

Filesize
960KB

Download
memory/4864-233-0x0000000076E40000-0x0000000076F30000-memory.dmp

Filesize
960KB

Download
memory/4864-234-0x0000000006230000-0x0000000006268000-memory.dmp

Filesize
224KB

Download
memory/4864-235-0x0000000006270000-0x000000000627E000-memory.dmp

Filesize
56KB

Download
memory/4864-209-0x0000000076E60000-0x0000000076E61000-memory.dmp

Filesize
4KB

Download
memory/4864-239-0x0000000006500000-0x000000000656C000-memory.dmp

Filesize
432KB

Download
memory/4864-208-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download
memory/4864-240-0x0000000009F30000-0x0000000009F3A000-memory.dmp

Filesize
40KB

Download
memory/4864-242-0x000000000A330000-0x000000000A340000-memory.dmp

Filesize
64KB

Download
memory/4864-245-0x0000000076E40000-0x0000000076F30000-memory.dmp

Filesize
960KB

Download
memory/4864-244-0x0000000000400000-0x0000000000EBA000-memory.dmp

Filesize
10.7MB

Download