lockbit | hxxps://github[.]com/kh4sh3i/Ransomware-Samples

Analysis

max time kernel
1472s
max time network
1487s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
27-10-2024 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/kh4sh3i/Ransomware-Samples

Score

10^/10

lockbit defense_evasion discovery ransomware

Malware Config

Signatures

Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit
Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 539786.crdownload	family_lockbit

Downloads MZ/PE file

Drops file in Drivers directory 4 IoCs

Processes:

Gnil.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA	Gnil.exe
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen:$DATA	Gnil.exe

Executes dropped EXE 10 IoCs

Processes:

builder.exebuilder.exebuilder.exebuilder.exebuilder.exeWinNuke.98.exeWinNuke.98.exeGnil.exespoclsv.exeCookieClickerHack.exe

pid	process
564	builder.exe
2532	builder.exe
692	builder.exe
2508	builder.exe
3404	builder.exe
4388	WinNuke.98.exe
3664	WinNuke.98.exe
3164	Gnil.exe
360	spoclsv.exe
3532	CookieClickerHack.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

48 raw.githubusercontent.com
74 raw.githubusercontent.com
165 raw.githubusercontent.com
12 raw.githubusercontent.com
22 raw.githubusercontent.com

flow	ioc
48	raw.githubusercontent.com
74	raw.githubusercontent.com
165	raw.githubusercontent.com
12	raw.githubusercontent.com
22	raw.githubusercontent.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CookieClickerHack.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\builder.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

builder.exeWinNuke.98.exeGnil.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exeWINWORD.EXEmsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	msedge.exe

NTFS ADS 15 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 137011.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\builder.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CookieClickerHack.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 373646.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 410102.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 243478.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 271226.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Walker.com:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 743754.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Melissa.doc:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 503817.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 802047.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 539786.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

5668 NOTEPAD.EXE
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

1444 WINWORD.EXE
1444 WINWORD.EXE

pid	process
5668	NOTEPAD.EXE

pid	process
1444	WINWORD.EXE
1444	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 50 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeGnil.exespoclsv.exemsedge.exe

pid	process
428	msedge.exe
428	msedge.exe
1028	msedge.exe
1028	msedge.exe
3024	msedge.exe
3024	msedge.exe
1804	identity_helper.exe
1804	identity_helper.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
3416	msedge.exe
3416	msedge.exe
2624	msedge.exe
2624	msedge.exe
4712	msedge.exe
4712	msedge.exe
4500	identity_helper.exe
4500	identity_helper.exe
2388	msedge.exe
2388	msedge.exe
2000	msedge.exe
2000	msedge.exe
4704	msedge.exe
4704	msedge.exe
3164	identity_helper.exe
3164	identity_helper.exe
3268	msedge.exe
3268	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
4600	msedge.exe
4600	msedge.exe
2600	msedge.exe
2600	msedge.exe
4580	msedge.exe
4580	msedge.exe
3164	Gnil.exe
3164	Gnil.exe
3164	Gnil.exe
3164	Gnil.exe
3164	Gnil.exe
3164	Gnil.exe
360	spoclsv.exe
360	spoclsv.exe
5408	msedge.exe
5408	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

msedge.exe

pid process

2388 msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious use of SendNotifyMessage 52 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

msedge.exeWINWORD.EXE

pid	process
2388	msedge.exe
1444	WINWORD.EXE
1444	WINWORD.EXE
1444	WINWORD.EXE
1444	WINWORD.EXE
1444	WINWORD.EXE
1444	WINWORD.EXE
1444	WINWORD.EXE
1444	WINWORD.EXE
2388	msedge.exe
1444	WINWORD.EXE
1444	WINWORD.EXE
1444	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1028 wrote to memory of 1016	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 1016	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 348	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 428	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 428	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe
PID 1028 wrote to memory of 4672	1028	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/kh4sh3i/Ransomware-Samples
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff91acc3cb8,0x7ff91acc3cc8,0x7ff91acc3cd8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,1438130677214799132,16883264227331031375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7068 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3416
- C:\Users\Admin\Downloads\builder.exe
  "C:\Users\Admin\Downloads\builder.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ff91acc3cb8,0x7ff91acc3cc8,0x7ff91acc3cd8
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1748,3518793181770466220,14327820160713206671,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1748,3518793181770466220,14327820160713206671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1748,3518793181770466220,14327820160713206671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,3518793181770466220,14327820160713206671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,3518793181770466220,14327820160713206671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,3518793181770466220,14327820160713206671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,3518793181770466220,14327820160713206671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1748,3518793181770466220,14327820160713206671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff91acc3cb8,0x7ff91acc3cc8,0x7ff91acc3cd8
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:1632
- C:\Users\Admin\Downloads\builder.exe
  "C:\Users\Admin\Downloads\builder.exe"
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Users\Admin\Downloads\builder.exe
  "C:\Users\Admin\Downloads\builder.exe"
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Users\Admin\Downloads\builder.exe
  "C:\Users\Admin\Downloads\builder.exe"
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Users\Admin\Downloads\builder.exe
  "C:\Users\Admin\Downloads\builder.exe"
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6492 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3088 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:1444
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:2020
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:2976
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6984 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Users\Admin\Downloads\Gnil.exe
  "C:\Users\Admin\Downloads\Gnil.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- - C:\Windows\SysWOW64\drivers\spoclsv.exe
    C:\Windows\system32\drivers\spoclsv.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6692 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4270310878246915715,11488607028232558087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0
1⤵
PID:3872

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RepairLock.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5668

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f141d8e3c70f1dfbab1045095880e01

SHA1
74ec489f4b739471823fd124d4623516db4aa82f

SHA256
47de9fec9ccdf21385a4bc80de6d1dd541645d50dcbc402c77cbc85e3e732ec4

SHA512
398225d88241e22b8ca49dac34d983c392bbcb4f72a597b16e3be337802dc4f163181c852c1dcdc1372d7a45f2456082dadd9da70dc1f3f6ba69d97d197a9a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
00de88f288a17663a922fd267f3e4a45

SHA1
34cd50c50169cf48cd447bcd751f9635ac894196

SHA256
5b2244028924c17e8f193d272d891b8007e1488226496c9321f27465ebee19ef

SHA512
8775804f9826ecdf8047a6c9e509573a853cc7ef149bb10d23907b0e276bf5c2bb14e388588966260de303a41c7f50a593767c4151fcfd8a795f010271941089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f85ab7ca7064942edde55c9caf5e262

SHA1
4a707800e1814ab2e2309fa04cc0ad269ed484d6

SHA256
ec08bcffeaeeeed740cbd554da2ea84109f824298c314a939d34a4e75f6abe68

SHA512
57633ab0df911289310966753859bef96405a857c60bd21506deff49b40f7b78564fd9745742f468234fb41b19e4c98c5f2348cf230f5b18e5780e6854961fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\62c87075-c8e7-4796-beb6-c5bcdc5a4144.tmp

Filesize
871B

MD5
abf24df8a4657afb833753c304520389

SHA1
1bf507f3d52c70f1add79baf6d1c302e1f647e6f

SHA256
1754874d9f6a3d9238db66d85f607f15545252243271be25e96713b176ffdc75

SHA512
eec9cdf54d7299565e8966dbe49a6da669bb30904195070be59158cc3c1e5975bab48a866676e57e54ee677cbbf5556347d17f41ad0cca6e886b6cd22af43272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c24c1f46bffda21b77a09d52ac90c3b6

SHA1
aec9bc65e672532eec48cae23970a8771953d02e

SHA256
9e5e4d4ea71c43567caed21ba8be9e86573566e33485b4f05ec4ab509d68c072

SHA512
a16ef131e054fcdf4ef9916c3df49dec65312da882345bab9385ba0bcc4bfbe4af02f891f2d173cfe9dd5c6ce4f4ebdee9028bd5f80cd3e05a8b095f6dfb4531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
a8185e396ec625e421bdf601af757ab6

SHA1
0a2231481218beaaf76f3bd759c664423173defa

SHA256
3dad8d8cf3708fde9ff19a13c9792178a901c5fb588c23b64625dc9c9daea7d7

SHA512
fcdf294ad9bce808f83fb15f5d6d17a48656bb942b421d06a50754eab81aaed042e7b1892ac7c5b10c2a750f49b493502ac82a69dea23bcd0922c7379999047e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
a52a62e1a19cf76bae49d4611ce46aaa

SHA1
10903a581771ae1a68b9314088586d118a3d6dd5

SHA256
d1147d5535387ac7ceb5e5d56a7fca6aa8fb83d1cebd82d6615232f7a9302ce0

SHA512
0061baec0b45efd81153d959dc1544db33f22ab39f88efbfce815072663b7ee61017b382ebecfc35ce2605ed1cc312acb951a51e99cda1992178b82765ad5470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
1f9b3c3b43c1865e45c9c6ff88b68317

SHA1
039c7cea645526e951ef050a8245fbf2866b0df7

SHA256
f5eaccb08823d02942e77ecba3374b256014c65246bb82242f2a00d1bf3d56b7

SHA512
b42c26b041de03695913269d894913ccb37bd412b889044aa5144b55bf79889b95fe6a15a481cd4dc13f365a02d39f0854581ed72380ff949a238d29320b8500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0efa99809e4b17229abaa0dcc5837aa5

SHA1
1360236034357e63df65c66e9c2a4a11ffcab1b5

SHA256
51a138700ab825f70b35a2e575e855179a4683e9c0542c9ed7627d7239e54a2e

SHA512
7e9383566b9fd79797766950c37145697579d59e22de31b4967f1e570fe9bab8f6b2f07f04e84c16f50fde06ecc46e289199bac5173c938d7c933a490dc0e3b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c3f31cf7d3de87487b59873cdba5552b

SHA1
11e091a372ebc4e291504f6e2e57c9419ed24291

SHA256
c57f712c3526db72ed87c2cdbab4eb7a611b689849d76b20c3b394b9d50c5119

SHA512
b0a374df85fe7a353281e44d1853b825f4bf6f67bd1b1c0371ee0ce645f3e84124657c98ea9afe517ecf37307f4cfd31afd012e99557f2bdf69de2003277e697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
693c96a99764df260d0754f155680566

SHA1
c0ded396fdc7cbb99d40b04c5104dbbe9e173e5a

SHA256
69fbff884c9d93d0af24584b6265e0e6056a6a20d00de982c1087305c51f767e

SHA512
70f17742f1e2632cc2a7e46313c13924f98c262441f650bec657b79bbcced50397bc6d14306c7017ca134063964b6c982f276b7aa7f8245fdaecaeae6b3359ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
32KB

MD5
7ed892f81e8263558776df3f3d54873e

SHA1
f04c835072dcf79d6b894bf784f4ab850f0b6da6

SHA256
709dd92ceecb2783b04776173190068244a2c6c359433738614d04459b1972da

SHA512
4c41cc274df9f135aebf3b768db8a5867386490cfd2a8023f55a1fa6ecb199f34b00f904d042575b8cb5b8d52b65cd9ecbbe54f0c3f59c66f2bfc336b1e42e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
f959cd656ddeec163643337dcfd408ff

SHA1
7f76956125af0810d7339b13c3245e216948c47c

SHA256
b40c7f8bc8d46b5121497b7966e7a7c69296a446224c9783f04cd4b5852b4e99

SHA512
af8b1cf3388704ddb305008b929af7f5d1285bf4c1bd95f172bf2207d141a9e908bc24c26adb8b89db3876189e1724f41fff421d62329a64a302a169b23d5b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d88399561d71f8e513b0b473361c46d5

SHA1
07d96dd95e8c105208d4ea6463c8a47b97d3932d

SHA256
1b0e2ee3b984249de9abbb75488837d42f65d487c1cc75ce070a760eb74c78d9

SHA512
62989a37d2de23032e51b9b49b7ee165e1a33f4f681ab25b48d45b76a4a924c5469e578e9db5a4ef7c1a26319aa1a3b5a8eb91b3f8b1e6a4c7882edcab7a3630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
49f5ead82dd3d5eeede95d807be9b4f8

SHA1
a790cfb7ba971de0dd62a5f6365d64f516a377e6

SHA256
5fb8ec57661805308b3f601ed18c1585805e6e94594309accd6872ffe109b41f

SHA512
61dbfc36b47abc80983710992615cf7f908c58a11fdcb2a3b9583b2d002865f07f89f82f6a2dada9481c830ab43bba2641d1504c468a606a119d76f9039fe5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
5KB

MD5
8d622eff97b4e4edf995b0d8cb13f5c1

SHA1
50e42319a55f40a54a93995081060eeae9b47374

SHA256
d5cb88a8b43930c95d0dc073a30f7314e41c668518c79974735ac90420dd654f

SHA512
46e1f8b3e77427ea7845f041b2e1172efe9575cb03c171257167962d97182bf5c30be0797ce4d30c007fa01fe8a6065755a87a4cf85699ac23f8b842a782e04b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
28KB

MD5
05c78b7f13874126085ba8919b98877f

SHA1
918b81cf19a5e8120462f00a2aea1ec93af5d3a3

SHA256
d34af4677537b9508d2fa5cb5b9d87144ae5f780af5cdd0e63420ac7c03eaa13

SHA512
80760b47dacc3c1a26a3a66fc2a299c88431b65b29f4e510f616e6cf82c1991b316192454c2f669c25a7de4e61d983751c8da316d0bdf8a048e7ab5389826df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
008ac12bf69412b178bad130676cdccf

SHA1
db3638071716436c726d26e576dedbf9b2401736

SHA256
189936cf8217acc338e7b5b4b480472a2daf673cd2d8bca3c2344e76fa766277

SHA512
73d0d62297938231d53146c64b307890d7a253b39cc89f28dc77357b6e855202dfaf09c97cd0261c6a6c97d8e96ce04328a672b7a44ef8e368cbc2a129820216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d338f6a7f802ecde236d766fb7791369

SHA1
3a509c01d69d001bc0fa9568567875d3690471ac

SHA256
90d3fcfffade490da176a9b3aa8ad3021c9419a12028d898bb526d7c1f77e3cc

SHA512
95d2ebb8b53a2097953275486d9e82ae9d92fe9ae8793dfff1cc957efc6015d6e5b69fb4d2de486d9dcc5882d5e3dbb5cbcb970be88a61d2a019dbd102cc2dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dad19f65f9af652f3b987e974ff483a9

SHA1
f2fd8ec3a41d0ebe6ab635fa1c1d85b2b5318a94

SHA256
14e6e155333e167a2be6cfa9410cb28dc40a0893bb3e5774cd57be718706acf2

SHA512
c4441a07bb968c8a6f8e333d9f8995e7365631ad3124b978246cd1850022a9f7b0c5664d6aaea11e86c05c26eb8f80d9fc50c91c06ba5376b862c6ff0a7718be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
625a8438c653b9b0626576d66b953e59

SHA1
1a040c5b15eb60b021dfbe9e9ac6c29c365b2a9f

SHA256
64d4e935043fe14bcdf9f04fff80c1f9f8fcc17720609a2e4c736d4ecfecfcda

SHA512
8e9541b0671d4f1a5fdfa480a0cd33df0a07da89f0ced599443b2378991820a174426112b0bb83567d5bf823b4120973b17d58140707e3794d081cc43faf359f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
725651097506101f9586602d3ae42db1

SHA1
1b24828cf76d5329307f68a8c7be0053a7b0f227

SHA256
04c5d9e9068842aa4caf4a66d23b1fe4d6d7100141acaf95d01af07648b54260

SHA512
4621b8821de42cda0a855555fa766dc7f8b26bad3aaad6a503bf7e74a0982286616aeea83b067cd39556868d3d83ef2c0cd0649b2f4ebc8ca56ae69da817ff54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6d5bbb48d744f67d936ac05c0df920a5

SHA1
7bc08ec4146df62368b2e4faeb38e7d6c84efda9

SHA256
a68abab7f2b42808236ce8f61cda5ea3171a79e2e8d91ab6bd13ae7183b226b3

SHA512
5064b20d1c580c53b9f3a7bfd9d31a7b9890fb982314a20f596bf838542b96d722d012183a1472866f900aec24c8e3318bbc97e17cbf7de24b3c6b142f351b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e4123640ad1d4e71035861f3781aa46d

SHA1
04af85e837bb7d242b83365110ca88d2a0d467b9

SHA256
a6c57b4a6b0cfe6e81d2dcabba8d0a09f9e5aa4cad7acf90474d46db9fc0625e

SHA512
bc04f49510714aae5d8a69b604638b7cba5d86a06b79737e9870e6f26b179790281a181f56ed551055b42f02a5a12f3073c6e9185abe740b88d9f1ee420482f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6bc9cd28a007686c5cc102959847e0cb

SHA1
b0dae877a2874c7db60351765469af9f23065545

SHA256
ba6d74505300059da9b0dfe817f4671c41e6035d83a97647e7468023d092eea4

SHA512
8c9e6d963f409dac13b1f5702b3d35bfde047ee369ce123fbffcb4e32371b7f7fa14f39d7c6dbf05ec850e6b93d7d96f6b37f955e1bb4ead0fc97e4972b60f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c534a3af89e45cfd19e10433f52401d

SHA1
53b4a83453dda342632da0c045b8fd2c30f7467b

SHA256
b2271b9e151c46f2bf0363544d12291cef399cd93d9ba52cebd586d84f0999a6

SHA512
2262120a2bd55d574a41a2f0f905c6167a94ea0fc34deff24e2d9442ddf0c761dfb334c2f298ed5fbef9e6f8ecf643389dfc017d57e9a1600d5d3f9c20621966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
39207378d86617d4701a1697dac3174b

SHA1
1a92110d6d9e3ed02e891ff1a09b4653d9f29bce

SHA256
fd5ab631669f85beb17360f71c4b90552752ea2887f8b4eaef5b91b0ab7ccdb8

SHA512
432dbaa0e57471f674a97a2a6f994918b3c98ecbba72eb70fb8ac277c2911e29450cc5643d9917e85e417505d89d74a2e4b2df15f5e49c34ca3c632260f69356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5ec85368bf1baa772fc46c4a3b61cc70

SHA1
0d56dd1cb7edc11c768a58786eb341231d6571d0

SHA256
57a75f1dfa0351a6765e64e3f760cff6df7ad7681167491a24cd77dd6a24a8ed

SHA512
2cb15d18604fc0421a976c7c6cfdf89b6dc5615b071aa6cdbedeab6b12c7abc15f685cf59b34e1f7f7a8007a88c867038125be9e6fcaa24f0cd9f92898fee485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67814a8e5109065d102308e91b837994

SHA1
7d3a833c0a918246eebb9199496e2dfae21ec1ce

SHA256
dbe139104aa0433f49865964cc4453cc38be0ff2099b551929bdeca39152bbf4

SHA512
b58669a539bf1af7c31d26daefdcba4986ef6bf67dd61a74bbab8953f38ff322f373db115d971ccdd7e7c04ea4a1af905fbd73cceaa971831280e0923c6ab6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7848e9953b7590510ac7328aaa34b310

SHA1
c93bd27defa6adf8f5713858438b4b40728ad5b7

SHA256
083a307651109e375cf216a239ffe0112d042aabdc08b5ac81ad85b1f29cd2e5

SHA512
3d75bb29df624109a054cfe6da82984fb009086260ed52fea7aac0a03ff50e703d0544f7f2bf656a344a68606d21157e4ddc7cbb9d1d7e2b723fdf118e0c4d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e82eb51f54e5ea15bf0c306e6c03f45e

SHA1
58afb6fc76cd849e9a995a4ae6d684f8f5c87df0

SHA256
041d2e32d3146634eb03acc1b7add81011c26f110bc8862d898a8294b1498dba

SHA512
85a88790f69658c6179f3fa86a36132ba03ec09f25824b446275fce4e23c5930414f224bcee6108acf228a161bae702dc7343b84793703a6d85aa5ffff9bdc2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c9c771686c03a43d2e56d4e01a0f6fa

SHA1
1d9c177589426cdd151af7692810613ab9d55356

SHA256
0e36da0f6544a5a4485dad0ee305beeaec88827c900a1bae976fc0e7e44e3cee

SHA512
d166a7a38d5666f99b6fdf52e927588b50da6b6777f7a7f94cb0e734deff97da3a86b3b175908508f21087a8d9312941d4c3f05ff12bb13f6617b5e3bd4d37e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b9d4dc203e6eaad00837f9dd842c4e8

SHA1
d6c666737fe6fb45b4bc567c1c79de06327702fd

SHA256
0f9f6af478dd1646a643f35e37ec8fce4d11c5df74333895b2f4759263edf65d

SHA512
b347b7d9fb122054d1d6cffba2e8f95532a7de71261078a5f6a17bd5bd4a2296dca5a2c94c80afa32d6c288f0866c853e9df7c7965aec6659573032219fce0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a06d6c4fc2328aa8099c3c8649e90e92

SHA1
d2afdfce32f992e40d94d0300add93723bcd67d5

SHA256
59d911634c54f5bf65b86898d27ceef2dece14c7d4f746578a5d11051886273c

SHA512
4770bdaa87179f1024b459fa197d03b95a9d54690ebb5d1281b71d3ce80861172892b497a1cc53f8eb759df22dd64409fcfce76782474cf56b5bc9c139c66c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
edfbae5a688d1300c81d64b8d8e3eceb

SHA1
613d469b0b1803170d21000d135b2cc5f709a1dd

SHA256
2e0e449680fd7651ca73f9d8fb10f40db87300b6dfec002ba18c67dccaf6d06c

SHA512
b2cb842a1eb4f60eff8e44d6ed3f2baa5ca86afbe54eb0f267c15394d59b80320dc303fe820f387d76104cf670b2cfeff882e505cf6a1574cf8c0aa19c1f2b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1de1e14c2645cb0361ddd5125ed06f7

SHA1
ad6f23d3e02085af087272deef474bab40f7c69e

SHA256
0670cb3b90b87dda391d24c44c722c7fe7ccc59a8c0ef9ab004cb6bb3dbe400c

SHA512
f6d9edb10c4694f61cac1e4ff02bb2301524fdb6feb45cb10761064d666520d9d6936e1b6b46711a584d50993896a8ac5392c584648a623364194a8a98605234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
63c206ce1de439664165d6f0baab5764

SHA1
68b911b4bc3f0003ffe78068af3caef3632bd348

SHA256
52a565276d0340c7c65bdc952474a0008a98d256883e5e70914b4081d40a68f8

SHA512
332bc646e40ca07631030cd0aae6ee9cf3fc7033baab6fee0416caa484da7ef761b66afba92ea6b5275e541854f29c163af3c13fc3a03898f791f07a7feea30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9dd25725419eb8fbfff7b2637d82efef

SHA1
b39a28a04e69e9f5f4fb2d90f6512c59ff24fe42

SHA256
46f3d77dcc58d6c4cb6fd285e48f11b143eb7624b91fee444ef42cfa4a079601

SHA512
f7dce3865edeadc82d4d6660a428756e108aeda99937fc3d479248469173b1871ad8310d2f2badbb2be5d54b76ad90ce9bb46e6e1e5a20f3fd31a9246aff5557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7301a1f57e9886bdbe2ff65ce3373994

SHA1
7ffd96521423c0289c7cb2488678a961ff7d7bb0

SHA256
f8e3cee007040533a5ad16c481347811978aa72dc840aaba1674c20a1ae43b8f

SHA512
25d999d4330f82216c41d1ed232f5fda8919133ead47ba0d4db1f04e5f78b0a18cc8781f5b141f91ad96d62542107924ad1be8c384c665b99fe0e490499bf08a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e74f23cf0db0f29d4adf69a0e401d07

SHA1
d08c56825258e540a3c19d505a3b29e0486e5c71

SHA256
16f2b61b9707dadcd4f8a3aa88bf5db91be01229b482b3d6aab93191c5c74ea2

SHA512
128583772cbf1d9590bbd5d503982bf67eebff9edc5efb1a156e61960c10613900f697f6e836dbba00bd00d0064f0396ff85697e936347d5ddc2502eb276b8ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4a15d2520150326b728e311f102cc3c5

SHA1
fcdc3becd5d9774fbfa3473c341adfc9c4fe08d2

SHA256
630f37ad05272b10ec8a1e0df5136c6f329e3480d956c657445abcf7093f8d34

SHA512
660ca3c16c4da3531355ad89a51a2b4a593055f973ece1fbd11ecab95be5e96798ce11a6bd3a5c0c127e68de45f1276218a60401c3b7c77d90da4634f7c81eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c244658ee1736bfe013ed31e411e39bd

SHA1
1de3e309970ee84ba472b8b15956eb307a078158

SHA256
7f25d7eb292a192e2972b0079a22e4e03a1f592753413321043336f30ee01f06

SHA512
65b1eee7e102273db6c4377f2d6617e3033ba2727bc118b859e21c976d84faf66196c9107b7806e2e3ca222aaef46173ad679b8e1cd00bff492348709c76c6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
14f2bc203b252f547d0b0e3a984229f4

SHA1
40aff8f7c1c4bad7936b8c0826a4860d14119c28

SHA256
6a79335a21978797463ce1997e8c95f169df996b4ee5452305dd6e7f548ec696

SHA512
e0b5867e2741d681828a2214cc9c85caef17ed7b736c56857a1d72cdbc40b826bb45b4af442b7c342d93708434068816b0bf11e1feb6608ab770c7c3a29436c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
bc171861ea62c6089ef25a99ef610780

SHA1
61481f66fc43a7f37069254ed5098af429eea8e0

SHA256
ba8664568bfdd6f7f7ef4a01e5f3487f227ee9132b281801bbec0137f52b9dfb

SHA512
44db443e0c2d78a93c6847f4e5c942530b5a6b8886afa31b939967ca767207a68687c975d4b899a5033551fd3594b81a1c5e2e7fc8175f377941b2a660099c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13374528780623564

Filesize
21KB

MD5
309fd98f00a7e596e86def53822139d4

SHA1
1a3942d90a57f90753598df2a554dcff8b6b9357

SHA256
587ac204eba1b212eddbfdcb2f9464a06954c17c16f3536cd583380f4cce62b7

SHA512
20546ace241f13f2dc85c19da7f69221fb48f574dedbdfcbee907a8a45409339fb9c8f7f9db5a7d938c7d8090e2b381f4f4ab801ac583c6327f9e398fd2d10df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
187B

MD5
81850512524767c9ce6f9028b5c074b4

SHA1
6596058fe42e47ad137310f8a083ae0720fbf047

SHA256
54f0cbee2e0c52413c6097e7b833fe690f06b419dfa1c51cf0afe9d57f4b06c1

SHA512
71ed5f1fe69000979109942b2b34e130ed27a3af629c77eb0e08cca75d46ff9813c4ebdabb33383f529b4ae8699b93637023885905afe57047315a0ac59304a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
0955ba2909c047927c1cfaffad7aa8cb

SHA1
24fdf51ca9d14b93f4ec9c84858721b9d67fa4db

SHA256
33afe366fba6feb987cb41e9e89453b35890ca2c4ce290c4c90609659e061cab

SHA512
baba1af6ec598bd477cc609ff47e98db68ac99c53d2b91573aa0b9fc9e18660e8c3b1075fa9938009bca52ec5792cde38190befdea8da4db64a4d4e12ab31e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
00b96dd70a0cdbebffa38d8343f65190

SHA1
c760d302b158a25942a76335779f5dd9a3b8382f

SHA256
b641a37559529d56316b21e2787f749339715b548700e87c349710794c39a991

SHA512
99c7c7b6e0c9289bf52b832ce74b8c34469f1b10fa39b54d154774bd928820e524b4edb2c6181448de1a4c7a42f5c90a867cc7581990f498f1611208a57c0d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b916aa5dfc9cb36be9133cea94035e7

SHA1
0522edbaa1bc75c7105331856ee3e53738815737

SHA256
b9d3aadb28fcaf12d1c303477c2a7915456f2fbe00c04c00653eb87c27ccb9b8

SHA512
8dda1760a20a4a84ae22b65e23c5c97b32313e0dc9403751058828e58ef5388282d814c4385294a8cd0f8edf74bba621887b5093af139f99de3acd011f01e991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eae6f20875f8d2b61b51ad82ed4c071b

SHA1
5e6bb2ec954c960393b993c90422219b674ccd4e

SHA256
5af22940dbdb40ad51df820c8d96d9754f068eb0a5e2fb7df0635223ce7d9fa7

SHA512
f8f609918ab5debabcc0ddd0d36fd99a4ed44410d199bd284908ed46b0c0fcf915b687cb16179d5f1defb048e161cf23fe5239d99e9d8e94339a0404229b833a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
39de6392ef0d0291a62ce341a7b6ecad

SHA1
8cc924a11d93bcd10589b31241889ff2ba2dae23

SHA256
08e1c15fdf3bdff085de2370edce6b9462a7a3d2650ca51c6530fc025b5c36ef

SHA512
8f626eaa98b4230a1f3357c8fba1d629bcc0d09d0d9fad91af13c28840c3b4bc0411d7cdfdb2e802dba96d375f253db6f6d3ba5e1f054d305ffd4cbb23893652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37beeebb0af92050328010f0a4f2387b

SHA1
aaaaa2e07b95a43973a4681cc1c39e47095d8813

SHA256
a73f3030b074fc749d1e18df00136c742ab57e64ee7b64cbb107de09b636b738

SHA512
329b39d0aac89e3c4e0e0aa1a1ffd3b395fe136d637d7c624e8b0930021ce77cdd183c908d0bdef68f965a87e0b35c57e8c931a0caf263b8eb4be11c3892a0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
066dcae193f75548ae1588e6ef9c9970

SHA1
b59341bcd3a1c22ce1d3803041f189804ee42fef

SHA256
60afeae024d4c5d581b005ceaf9e0a86168f3881c29c4edc45068b8d1188b5bf

SHA512
3d5d393d75246339191661a2e294a3444fcd39ba92d85e6bfd118f36273e8854e57a716c535a3f8367a3b91c35096133aa46a32bc1d0c00f39d96cfa37a439f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f4fc07d2af058a80e5f4423a14e7b88

SHA1
67b33c1e81d281eb6d4669395ab1fad613faca0b

SHA256
3f2159cc7f68cadabbfe6bf624c1c4f974f04cd31f26b97de31eda87b1849ef5

SHA512
9e08673185d2a62b27f0eb2bca14b309c682f12e7295e5a0dfb17dbfe41a9678e6cc8c0204ed0f163bb987d47a99e51c761b8166652fccb579f34cbed78f0135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5afee13ddc0b6319d0c343f5538a1d6c

SHA1
9bb9e613d19f23ca74ca27029e8f23e0edcd86e9

SHA256
c4cc4e64f298aec6a36e4580048411cf53bb473d1b1303514388cc65faed3398

SHA512
7349c52c266b63c12fcb5616a724ab70c8bf37dde34c5c749174dd412d66882ed0de7bfad28e34e5734341fda6c577ab42bfa1d87b3582905be8d4eb810b6ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b4f75b5cdb48772886ed4b6aba3437e

SHA1
a3887038b23e1c573b24edad792a1aad0c1dae28

SHA256
ee1daa4082a3fc5f81f443a3089751616871aa1cea9ed6aea9bfd624c45e7929

SHA512
2fae4bfe5e687ff0dcd2a66e11d17b712d2acc0472666cd72aa9e917df93669f029da448c405ec6e961a4c8c2464420a74e4ec5b243d7a308d6d99a1bc8b20ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7610ffec2c9fa76623fb0da9276b3b0a

SHA1
c7b0d0a1ace1fcf4c166ffd830db560dcf2234b0

SHA256
e87e98440e535f58677d0a163e8c7a5bbd3ddd842afb73ffbe9b1b4d5acf8d9c

SHA512
5405e9f4f6ce534fa251c8f02296b510a114249ad70bb1904da2a6fb26b86c7db4b496dd9a9085b4f4eb705f02bf0370d35d74ecf1d0bcc9952b8f13927bad17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4595fe592e604daedd4847f5f3524e39

SHA1
bcb33a8b664484e69950e59e95d27615f59b87ad

SHA256
4f35dda82a3a4de9f16feade3f0adfef2c2c8764ad9b39e85fb9076579f6ced8

SHA512
d0841b17660a1eedc1c0fa0f0ed01041656e51a657b18ae4efe49407d5b6c610d1fd8a956728b2301d457630b66e7fe28022bce4eba814179ba1f65d92649efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
661d1652b612141683979a911dae5b30

SHA1
c2595cb3f785cbbcf24152d261f9327616b69c5a

SHA256
89e40a6f5d21d794df20bf7551b4a60996cbe291d0d1067b78a770218deadf45

SHA512
26679d9206f07b1356cb0162f63d769b6db67a9e791195f513f6451951c4a98b7c561949d6974cef7cfb9ef296c5f0f425fb1cb70deaddd192eaa84ecaf6fc27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7b4a03ef20dff1e9c5dd7f7730f0f1d

SHA1
2aacc0b2b708da66cff8bb2b92ce0f10b18885d5

SHA256
edd495099b31e792d4c2880d0883e6470698867603a7a07f942a46f8a802777c

SHA512
c54b57dc74d54d51f766b17cda22e6a189ee9f44d8f07ce099b3d84af9a39e8c0353d23a9c4356d5bc30e1f2f7fb8aee9f825ff8f72c00bfdda394ea6b368689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7328c33968c7400148600bb6a67007da

SHA1
b6be691680da6963523e109b4d812b6373959187

SHA256
0d42cb349d8fcf4facc8e08b1ae9c0017eb121d011b7c7101beb1179915b1604

SHA512
179873bb6b9ded4b16f16fca985cee0f48a62d0356e543ee3f602db9a4e1cf41931e50f6e50b84681961645fc37aa7543335f3a28ed3b5c8bd9d90c16a2abc59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9cdbbc8716f604b60e20707f68f051b

SHA1
2ef8c37b632d4f5023504c785410cc1b09c12a9d

SHA256
d6e2edf2cd7ca7693380d069409c888fc6d134475fd9191759ed581a226b07e6

SHA512
776ba2548d533f0d823c6d5f39dfd3f503f8a2bdd5ada201cd3e9b021e14c544f5c1524dd0d36d3274e5ae4a6ffd95f8afaba5e819896bad4aceab99a258573e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df625b5d74a5a328b361fe8f1c02c8e4

SHA1
452118d02de8b5f9cc867ad2e852b159417c3039

SHA256
2317dcf57d0e73fe91538fec0157ddd8940701fb3ff7a9241eae8279763f40b8

SHA512
c0d67be6e57c7070606540ea1dfe27c1a9f961ef5a92846fc80710a85ad279117c15f194e7a880a0da71a57a34d92c1ff89af69600a11cf007e934d1566e82d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b45f0a4d165d2bd03b5d0992f76013e9

SHA1
048c43c1caf6dd924b405a500b83dd28a9f2e354

SHA256
d9f981e6d74e13836b4d33d6eaf74ab0fcffe3cd8a30f5f158871f5851203d5d

SHA512
5d21966e4a5088014009873a149130c03463dabe96da17825d7868b51e818a8a03abd9d862c08830e3e87e760a74c230ea4388fa188ebe689db54209205957c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e3c8.TMP

Filesize
1KB

MD5
be13ac4ba07216182439d74a21d56e9b

SHA1
3e0908852095f01e288479f158ee046e1668f567

SHA256
8ed47db8b9cf1fab01453e464494d7e63c15e2a169add2344e1ccbc23fb7dae0

SHA512
5ee31dc7c1c37868d9ec00eddae2562f02ce0f9eb7535b86f92c012f672fc182ebfc56d5ed4ebedb26695d120d1ca275a57de691543e5bb715b7380fef92ede2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
1afaadeeeed7fa01ce94be1c5b4abbe7

SHA1
60c7dee7b91e0c3989d134ce4510aef4c072901f

SHA256
df80f918e9a6084117e3a23c22a5a63068350c05c7f770e62bfdd7eb647a9bb6

SHA512
c4112d769c197870ac929d4e554bb066ae165185300213c1fe9f3d604748e71ed7c3aa05bc14cdb54be90c756ea0c700824fcc224eac8050f2e1eed3ee20b4e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
a53714a2758384b032b2798f27876d8c

SHA1
d3cff3175cdfbe12e935d9b64d254e5e8203794e

SHA256
8513f5ef093d927ef5858d511c327410d91189cd81721eb649a3cbaaf7805f58

SHA512
9ab1c0b37bfe7f5f77916e37ce08c1860ef2a26d78c03fa8035460201754f4ab3eb139ff104871ec19ddc639e2ac286cf7c517c0fea0c94a7edb3fd58357fac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d0e5fcb4-a0b7-4937-866b-3e29b8436b4d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
76KB

MD5
2035b14f6d9f38a9fc84d2d2cb386e2c

SHA1
2b45d64317d6bc2a5452d79164983a5b0422f914

SHA256
2fa819f98585ce6a73c278f70ce6a4a899af7824e5e58a0e1cd650ec6a8d8a2f

SHA512
9e1ede6619e60fadc1b2570542b4fa4a3ee55408ed16b8984a620ac75ad398d969d33248dc8d2059e59799ff2add3450dead7f3947715dba022f418f16c76832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
3KB

MD5
9ef7dfc3903b9b71a22b3468c218c7b5

SHA1
82418677d29a77c6116205ed6e7014320b596a4e

SHA256
20195133e7a153de89873c8280f60210578d4eabfe1c67689469b2c492848b7e

SHA512
ceac6c4bce089785b7dea243996201ad0f6f8dc5a93b5639aa4816145a71b0dc500292c875c6da8f67172b0c46797e248a3e4fbcdd5ac7b75ede399d17fbfc68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
bb785597e67949a64ae54140ecad8f59

SHA1
607998bb1115cb5f5d27ec1f311411647df5c32d

SHA256
013502e7441f0e4bde2e70a7d804b9b03ad647ec9ee37c7e2e048deb3e765e32

SHA512
1739895a4dc66e65cb6ee6297200386901ac59110a3e109d0c0ac45b8aefc8e832cb7ff2706e4504b7ccf447963822984ae7a77ea73bc040afd3da6076977ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
a31aa84595560e5af7f89e7b7153bad9

SHA1
0e2b49c0025bce07596b06301cc0d8a884444d0b

SHA256
8ebb23e52aae41d15f0c5975d6d8a46db117542855636aab403ea4b330450b7b

SHA512
800ce8161db70c1c883e87a32fd4187d9ca656b8e53a0cbfdb25fc9b44c82c288b41758972bbcbccb9af8aea3ccc3ca454e5888a44cc27f1cfaa424bd6da72a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
75f3bf4fb4e5d22a44e79f1184a1963e

SHA1
294dc174e312efcbf0cdeee394d31f6fbc00d8b8

SHA256
7fa64e26d39f64c061068e6530fa4bc1d07a7ae9953430d141583814382bd33a

SHA512
b60024566318724a5e2fed761431d950414455ec9d1e3fbd38bacc335c646f349b7a338d44b8298ee618c80774340b98425d364966e6063091132e0354dfd957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
6728edb3e8349f593ea1d7f1bdf00a57

SHA1
a6453fff2e37ce960dc08092e743d9a945c5df59

SHA256
08be7feab82f48aaa8b1b15deb2b9157919bb0b4971d683589f7734b0c969e7c

SHA512
79ee80112c836d21cf9eca3630c96accd85f1af8d3888fd0c38e76dbc90fbf9ac1c0347264e41f3843406b721e48ce5011aa8a7eb1a4a397cc86183271355b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5080340c490fa32432ad1d36c31d2ebe

SHA1
3fee1fda0dc115231003efac5e18bab5bc82986e

SHA256
918d5da7c9490b16e0df3fe09a55f0b9f3022acb1dc3380bdb5da8057de74ddf

SHA512
0796490fcd3517645a6c24a98027afaf48ff6d64b012cb74c4509325a9cb6cc0193dfce3762e1809d4be21a4cb0c3ecb8dfe204537603781678afbbd811f6a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40e82ce07fde98cb2727cbc0f32fbccb

SHA1
e82e1ecb1f99a096cb4a15bfb472776a74616df9

SHA256
fc4abf7abf54c7227db2c82e28a17668d7945f4e54fece2303b97148646c39dc

SHA512
b91fc7ed85d35cb7597865d333ea152db2851a5162b392f55ca715239672ec9b56457336792c863f401aa4189b490eea795b7cc9e5553ec6bd3c558a45e8e86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
65657a8bfcd7fbf3fb604f2d0b091784

SHA1
a3ccc170d96a07eb7af2667e7c8ee38ab065b926

SHA256
475e81ef4566134789b27ce92257d51b6885ca0055e181fb60e45ed9554476d8

SHA512
775a62bc15dcbf024696f987123e583662ea0f086d012717ef1d8ad48615c29b031f239fb9c5e30c3394e3ec5fd475bd0299f33e104d7f63b458c8b7bfb76959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e1d88a66309a0dbdb67d309fadcfd20

SHA1
9b7d9deaec11081b60566f19d759853ad087bea8

SHA256
ccaf72b13ae4dcf4348baa4139a2fa4a86ec477860e69558a7434b8330af80f4

SHA512
82e5eb63e768792415632b1ae32e1f399098d93ed6422ee1e977f5d46481f28c40ef89eb62e696e863582d336c632910170cb403555423925e741e1effbb7875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53c2eb1140f8579f36402aa145cc4a3a

SHA1
653c920258611d8c2b48570ad32f0ff19bf92caa

SHA256
bd42bc6b49ff7cfc3a344fbadd22d57b0479aa53a9e19683ae9b102b0bda5ee2

SHA512
1a3f5db343bc9b1e238b1180680f0a7493b9170017e6982aec5f732f14076eae80cb2c283d9a7af74becc21be0cad1755bac87499ed6609cdc407054ab764991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cebfc9555f3e68093bfde9544a79b13c

SHA1
24936c998a4c5820730deef8ec319b4137f720bf

SHA256
d4d4d00282bc98ef05466a7f9294e00125903d9e21aafd91f097831c72ca34b3

SHA512
291979c2a8759d6fd31a7426024d004e666982d8746f6f88df6760e0274ee11ead25384a3cb1420bfbbd42a0d30b112442978215df891c639e1f2c1a78254879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3116464d20f45721d08ba9360865e254

SHA1
9252cc289823d7627f62434313bb9d8c6cd36e2d

SHA256
4b0d562c032b89a8024dbfba9040e2433cc86a8d0b60ce9e7ce0453de0713453

SHA512
1fc31b58dadecc39bd55551dc1b8ac0f8197bb9aece5c26518f833f712b667bf439d3468357535e2e54713feea533008f573071fdecc20f63e5f2247b0bd58d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c5b8659a4471167f523eed9102c088bf

SHA1
dfab5fab825a4c0faf71127469530e7883d42b22

SHA256
0286623ae6403be12817fd7eb7afa5127804951870f44533fef02cb3f9a665a3

SHA512
644965b42b2ab374e4835b035fac3e03cc6080b12a9300872e827053a737219d26b6a5ff8a417db7ef67ec5334ceb5532d8111f4db3facd19703f6a03f4f28a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8612bd1b4b1c323bb3b993961dbb93da

SHA1
91e000763abfaf15a722d45efa9ef8b24710277d

SHA256
240a943122b05c65ab1458aea1c7ed9934ea872c7023d8fffea3adf7e6da6acb

SHA512
70b2917b1aba40cf096fc82b2af69295da8c33bbabadecbfa5f92f40914c5823bec5f449e589694055aeb8d050d9be976982035db6c404bb4d50549b8efa8c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd8a6ad423737e90e97bd683fe974855

SHA1
23a60a85cf7dc4f15009a9712f29f274eea442ab

SHA256
e0370ebdf10b7c34d8a1064933baae4ba1b7efb97f789ecd68ca00ce5c05c196

SHA512
8d952fc3574d28fcc74cf58b6cfe722338fd2137413534a2869e587f5a33b1a464d4e8b26950b026455d4ea493f96e732b2dcd44fc1f8cf27c59e7706d60e964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7d4f2130e0911567e422508042c51621

SHA1
7e703782d011ba71d0a9354397debc65f722a8d0

SHA256
78af925b2314b197619658131bd42b392d1a9c878ac2f572dff2ae63d7b89439

SHA512
b2e48d93ac5e5fe49f790b79c9d72ee7c2557abf42835d9a1e5d9b4a40c64a620b410f7d3247e9240404f5c9b0bdab4b288c219b44bbb1fbd9334795b1033626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0002.docx

Filesize
11KB

MD5
82721099ee205482f14bd6767d9d60bd

SHA1
6f3f7f574c6a7215f4718dc0470f7d15e878658d

SHA256
d4176da5b1087b3bf8a36992707b8e7eed12057a58fa248436d4502d68a2efbd

SHA512
8713a252f8e7bd3cd3f14e3fa490dedf88f13561bb63d64f290583b49a0cbbf2d1af55c958ce2de1cd2987c00fecb32b4afc792937c7d4b55443f9415f955294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0004.docx

Filesize
11KB

MD5
040d4bec860f6220050af4fb39d0aec1

SHA1
c61d86b4598839aaef9458f99ce500916594acd6

SHA256
25f41ebfeda31a5dda7c77c2e162aee313d6d84705c03209d05c2cb24ed679fb

SHA512
e9462509f3c88b848fc765491238025c4e33839a7fec4c7c3f0d513d350e4e6f1cfd27a3cc961d96bea9694bd6abc9fd4dcc753d694d3dcf6106dcd8dd34073e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDF35B.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
340B

MD5
698d260c500380fb7521b748c154f81d

SHA1
6b2ccba6eebf2f22e81b0f657d3e2a92acff3610

SHA256
b2434979a8a277d9d7d4930968e52d6778d583fcdb1525f639b6e44c95cea794

SHA512
e6635ff171caf2d1c7639c68b20ff405e68dab8764df35f0aa3c3e03ff7c9f87324482a82892551aca780948bd591a06e19fa8ab93a01ba09f6b9b44e892fd99

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
31KB

MD5
754d0881af3eb419955b8c964e8a3f29

SHA1
035409352af8e13d72dcb354d282f9b71885ac16

SHA256
5c8449ca3ae1bd10db614a92470add377a74c34a24a6c6d384f012c9a9380914

SHA512
5d2c798946ea1ec6156717bc91ff4932e190d191dcf740c1183715143bb73cca96c000d61c8633266637cc7971d14c14aee31e270b1d4fad5ebb9629ed4dd27d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
9eeb36361b8363afff631191b48bb65f

SHA1
a735ed7050f92c34c22b36998e643bf27b1496a9

SHA256
ccd203d1b86d990336fbb15c11e85593943090cac9cc04a5bd68bdedbcd8f240

SHA512
abb9341b01e6bc511f1cb86ff45b9a7361bfbcbedcee897abd996fb90a72d23964ff9fd2f65a51d9e939ffc7271a287490954eafc510f3f662496853e18de41d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
401dce16a41ca6411c64941e45b77b04

SHA1
5bf75fec579253fd25dee6ce0c21b9ecf1f86e21

SHA256
53bcf5cc069972bae3b1fca038e31baf7454abd9a82edee4d9c50c16bd271d21

SHA512
069f033dc2363ed4f1c1f53644d57ff5881c24da38a9ca2d77ab4acebdd15ddbd859dab08e948d9389fcb73f64663d968f7befbb569a0e10ff71a11473872ebc

Download Submit
C:\Users\Admin\Downloads\Melissa.doc

Filesize
40KB

MD5
4b68fdec8e89b3983ceb5190a2924003

SHA1
45588547dc335d87ea5768512b9f3fc72ffd84a3

SHA256
554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca

SHA512
b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 243478.crdownload

Filesize
73KB

MD5
37e887b7a048ddb9013c8d2a26d5b740

SHA1
713b4678c05a76dbd22e6f8d738c9ef655e70226

SHA256
24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b

SHA512
99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 271226.crdownload

Filesize
4KB

MD5
93ceffafe7bb69ec3f9b4a90908ece46

SHA1
14c85fa8930f8bfbe1f9102a10f4b03d24a16d02

SHA256
b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07

SHA512
c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 503817.crdownload

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 539786.crdownload

Filesize
469KB

MD5
c2bc344f6dde0573ea9acdfb6698bf4c

SHA1
d6ae7dc2462c8c35c4a074b0a62f07cfef873c77

SHA256
a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

SHA512
d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 743754.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\builder.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
\??\pipe\LOCAL\crashpad_1028_EWWQAOWFNDKYAFAQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/360-2390-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1444-1551-0x00007FF8E6C30000-0x00007FF8E6C40000-memory.dmp

Filesize
64KB

Download
memory/1444-1554-0x00007FF8E4090000-0x00007FF8E40A0000-memory.dmp

Filesize
64KB

Download
memory/1444-1549-0x00007FF8E6C30000-0x00007FF8E6C40000-memory.dmp

Filesize
64KB

Download
memory/1444-1560-0x00007FF8E4090000-0x00007FF8E40A0000-memory.dmp

Filesize
64KB

Download
memory/1444-1553-0x00007FF8E6C30000-0x00007FF8E6C40000-memory.dmp

Filesize
64KB

Download
memory/1444-1550-0x00007FF8E6C30000-0x00007FF8E6C40000-memory.dmp

Filesize
64KB

Download
memory/1444-1552-0x00007FF8E6C30000-0x00007FF8E6C40000-memory.dmp

Filesize
64KB

Download
memory/2940-1562-0x00007FF8E6C30000-0x00007FF8E6C40000-memory.dmp

Filesize
64KB

Download
memory/2940-1565-0x00007FF8E6C30000-0x00007FF8E6C40000-memory.dmp

Filesize
64KB

Download
memory/2940-1564-0x00007FF8E6C30000-0x00007FF8E6C40000-memory.dmp

Filesize
64KB

Download
memory/2940-1563-0x00007FF8E6C30000-0x00007FF8E6C40000-memory.dmp

Filesize
64KB

Download
memory/3164-2391-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3164-2385-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3532-2444-0x000000001B6B0000-0x000000001B756000-memory.dmp

Filesize
664KB

Download
memory/3532-2445-0x000000001BC90000-0x000000001C15E000-memory.dmp

Filesize
4.8MB

Download
memory/3532-2446-0x000000001C240000-0x000000001C2DC000-memory.dmp

Filesize
624KB

Download
memory/3532-2447-0x0000000001100000-0x0000000001108000-memory.dmp

Filesize
32KB

Download
memory/3532-2448-0x000000001C4A0000-0x000000001C4EC000-memory.dmp

Filesize
304KB

Download