ae97c237390f8a2c052f46ecd8a650c296bef4a90371350b0d391bd7b5c90c35

Analysis

max time kernel
368s
max time network
369s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

18KB
MD5

2111680fee2c128b700237325a3c495d
SHA1

1be4fe6da918c1fd66228ed68e5499359faf9b00
SHA256

ae97c237390f8a2c052f46ecd8a650c296bef4a90371350b0d391bd7b5c90c35
SHA512

7af6a268834b85ec5aabd10680751b17f0b889322816f56267c18a9f1e4aa9e91fb1e3f1cec783d3458134b7270a645bf73c4c41d13601f02295fc73c4c5c96b
SSDEEP

384:kV1ocy4yoJ4lbGafMvhpNboTlJKRlObz6r0sZmL2fN1xCejiw:C1ocy4yoCEakJpNETNbz6r0sZmLULxPF

Score

8^/10

discovery motw persistence phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: web-vitals@3
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MinecraftInstaller.exeGamingRepair.exeSetup.exeNW_store.exeNW_store.exeNW_store.exePcAppStore.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	MinecraftInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	GamingRepair.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	PcAppStore.exe

Executes dropped EXE 18 IoCs

Processes:

MinecraftInstaller.exeMinecraftInstaller.exeGamingRepair.exeSetup.exeSetup.exenss69FE.tmpPcAppStore.exeWatchdog.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeSetupEngine.exeNW_store.exeNW_store.exe

pid	process
5600	MinecraftInstaller.exe
5672	MinecraftInstaller.exe
3620	GamingRepair.exe
3536	Setup.exe
2980	Setup.exe
5728	nss69FE.tmp
2960	PcAppStore.exe
7048	Watchdog.exe
5204	NW_store.exe
1592	NW_store.exe
6444	NW_store.exe
6744	NW_store.exe
6196	NW_store.exe
6188	NW_store.exe
2460	NW_store.exe
6980	SetupEngine.exe
7064	NW_store.exe
6252	NW_store.exe

Loads dropped DLL 61 IoCs

Processes:

Setup.exeSetup.exenss69FE.tmpNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeSetupEngine.exeNW_store.exeNW_store.exe

pid	process
3536	Setup.exe
2980	Setup.exe
3536	Setup.exe
2980	Setup.exe
3536	Setup.exe
2980	Setup.exe
2980	Setup.exe
3536	Setup.exe
3536	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5204	NW_store.exe
5204	NW_store.exe
5204	NW_store.exe
1592	NW_store.exe
6444	NW_store.exe
6196	NW_store.exe
6196	NW_store.exe
6196	NW_store.exe
6444	NW_store.exe
6744	NW_store.exe
6444	NW_store.exe
6444	NW_store.exe
6444	NW_store.exe
6444	NW_store.exe
6744	NW_store.exe
6744	NW_store.exe
6444	NW_store.exe
6188	NW_store.exe
6188	NW_store.exe
6188	NW_store.exe
6188	NW_store.exe
2460	NW_store.exe
2460	NW_store.exe
2460	NW_store.exe
6980	SetupEngine.exe
6980	SetupEngine.exe
6980	SetupEngine.exe
6980	SetupEngine.exe
6980	SetupEngine.exe
7064	NW_store.exe
6252	NW_store.exe
7064	NW_store.exe
7064	NW_store.exe
6252	NW_store.exe
6252	NW_store.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

nss69FE.tmp

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default"	nss69FE.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i"	nss69FE.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=4304ACB9-C3F6-452A-9860-EB4E85D38D4EX /rid=20241120192709.946240961468 /ver=fa.1092c"	nss69FE.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

PcAppStore.exe

description ioc process

File opened (read-only) \??\F: PcAppStore.exe
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

291 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

description	ioc	process
File opened (read-only)	\??\F:	PcAppStore.exe

flow	ioc
291	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

NW_store.exeGamingRepair.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	NW_store.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	GamingRepair.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	GamingRepair.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	NW_store.exe

Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exe

pid process

1960 sc.exe
5412 sc.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1960	sc.exe
5412	sc.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Setup.exeSetup.exenss69FE.tmpSetupEngine.exeMinecraftInstaller.exeMinecraftInstaller.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nss69FE.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SetupEngine.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftInstaller.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

GamingRepair.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GamingRepair.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	GamingRepair.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	GamingRepair.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GamingRepair.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exeGamingRepair.exeNW_store.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	GamingRepair.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	GamingRepair.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

NW_store.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NW_store.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766044357793482"	NW_store.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2437139445-1151884604-3026847218-1000\{A14D0BF8-DB53-4EC1-96A2-2665B98C0DDD}	msedge.exe

NTFS ADS 2 IoCs

Processes:

msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 714776.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 321928.crdownload:SmartScreen	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exesdiagnhost.exesdiagnhost.exemsedge.exeSetup.exeSetup.exenss69FE.tmpPcAppStore.exeWatchdog.exeNW_store.exe

pid	process
2712	msedge.exe
2712	msedge.exe
1068	msedge.exe
1068	msedge.exe
732	identity_helper.exe
732	identity_helper.exe
2700	msedge.exe
2700	msedge.exe
5008	msedge.exe
5008	msedge.exe
4488	identity_helper.exe
4488	identity_helper.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
1972	msedge.exe
1972	msedge.exe
6228	msedge.exe
6228	msedge.exe
5824	sdiagnhost.exe
5824	sdiagnhost.exe
5292	sdiagnhost.exe
5292	sdiagnhost.exe
6028	msedge.exe
6028	msedge.exe
3536	Setup.exe
3536	Setup.exe
3536	Setup.exe
3536	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
3536	Setup.exe
3536	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
2980	Setup.exe
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
5728	nss69FE.tmp
2960	PcAppStore.exe
2960	PcAppStore.exe
7048	Watchdog.exe
2960	PcAppStore.exe
7048	Watchdog.exe
2960	PcAppStore.exe
7048	Watchdog.exe
7048	Watchdog.exe
2960	PcAppStore.exe
2960	PcAppStore.exe
2960	PcAppStore.exe
2960	PcAppStore.exe
1592	NW_store.exe
1592	NW_store.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

PcAppStore.exe

pid process

2960 PcAppStore.exe

pid	process
2960	PcAppStore.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MinecraftInstaller.exesdiagnhost.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exesdiagnhost.exesc.exesc.exeNW_store.exemsiexec.exe

description	pid	process
Token: SeDebugPrivilege	5672	MinecraftInstaller.exe
Token: SeDebugPrivilege	5824	sdiagnhost.exe
Token: SeSecurityPrivilege	6064	wevtutil.exe
Token: SeBackupPrivilege	6064	wevtutil.exe
Token: SeSecurityPrivilege	4196	wevtutil.exe
Token: SeBackupPrivilege	4196	wevtutil.exe
Token: SeSecurityPrivilege	5724	wevtutil.exe
Token: SeBackupPrivilege	5724	wevtutil.exe
Token: SeSecurityPrivilege	5504	wevtutil.exe
Token: SeBackupPrivilege	5504	wevtutil.exe
Token: SeDebugPrivilege	5292	sdiagnhost.exe
Token: SeSecurityPrivilege	1960	sc.exe
Token: SeSecurityPrivilege	5412	sc.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeSecurityPrivilege	2200	msiexec.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe
Token: SeShutdownPrivilege	5204	NW_store.exe
Token: SeCreatePagefilePrivilege	5204	NW_store.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

msdt.exePcAppStore.exe

pid process

6540 msdt.exe
6540 msdt.exe
6540 msdt.exe
2960 PcAppStore.exe
2960 PcAppStore.exe
2960 PcAppStore.exe
2960 PcAppStore.exe
2960 PcAppStore.exe

pid	process
6540	msdt.exe
6540	msdt.exe
6540	msdt.exe
2960	PcAppStore.exe
2960	PcAppStore.exe
2960	PcAppStore.exe
2960	PcAppStore.exe
2960	PcAppStore.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1068 wrote to memory of 1880	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 1880	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2308	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2712	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2712	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe
PID 1068 wrote to memory of 2032	1068	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5e5b46f8,0x7ffd5e5b4708,0x7ffd5e5b4718
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13016231838274645658,6277435118829912090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5e5b46f8,0x7ffd5e5b4708,0x7ffd5e5b4718
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8496 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9364 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9944 /prefetch:1
  2⤵
  PID:6192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9568 /prefetch:1
  2⤵
  PID:6608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
  2⤵
  PID:6732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10256 /prefetch:1
  2⤵
  PID:7100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:6552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9656 /prefetch:1
  2⤵
  PID:6736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7908 /prefetch:8
  2⤵
  PID:7152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:6268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  PID:6336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6228
- C:\Users\Admin\Downloads\MinecraftInstaller.exe
  "C:\Users\Admin\Downloads\MinecraftInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5600
- C:\Users\Admin\Downloads\MinecraftInstaller.exe
  "C:\Users\Admin\Downloads\MinecraftInstaller.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5672
- - C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe
    "C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe" scenarioMinecraft
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Checks system information in the registry
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:3620
  - - C:\Windows\system32\msdt.exe
      "C:\Windows\system32\msdt.exe" /id WindowsUpdateDiagnostic /skip TRUE
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:6540
  - - C:\Windows\system32\wevtutil.exe
      "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeploymentServer/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeploymentServer_Operational.evtx /ow:true
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:6064
  - - C:\Windows\system32\wevtutil.exe
      "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeployment/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeployment_Operational.evtx /ow:true
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4196
  - - C:\Windows\system32\wevtutil.exe
      "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppxPackaging/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppxPackaging_Operational.evtx /ow:true
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5724
  - - C:\Windows\system32\wevtutil.exe
      "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppModel-Runtime/Admin C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppModel-Runtime_Admin.evtx /ow:true
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5504
  - - C:\Windows\system32\wscollect.exe
      "C:\Windows\system32\wscollect.exe" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wscollect_gr.cab
      4⤵
      PID:5532
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SIH" "C:\Users\Admin\AppData\Local\Temp\registry_SIH.txt" /y
        5⤵
        
        PID:5268
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig" "C:\Users\Admin\AppData\Local\Temp\registry_DNSPolicy.txt" /y
        5⤵
        
        PID:1200
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\Software\Microsoft\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_GRTS.reg /y
      4⤵
      PID:3644
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKCU\Software\Microsoft\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_GRTS.reg /y
      4⤵
      PID:6576
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_AppModel.reg /y
      4⤵
      PID:2272
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_AppModel.reg /y
      4⤵
      PID:6756
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_Appx.reg /y
      4⤵
      PID:5848
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKCU\SOFTWARE\Classes\ActivatableClasses\Package" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_Package.reg /y
      4⤵
      PID:6844
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_WuPolicy.reg /y
      4⤵
      PID:6928
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GS_Service.reg /y
      4⤵
      PID:5700
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GamingServicesNet" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GSNet_Service.reg /y
      4⤵
      PID:2280
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GameFlt" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GameFlt_Service.reg /y
      4⤵
      PID:2044
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\Xvdd" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Xvdd_Service.reg /y
      4⤵
      PID:180
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\XblAuthManager_Service.reg /y
      4⤵
      PID:4416
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\XblGameSave_Service.reg /y
      4⤵
      PID:6176
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GameInput Service" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GameInput_Service.reg /y
      4⤵
      PID:2568
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\DoSvc" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\DoSvc_Service.reg /y
      4⤵
      PID:6980
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\InstallService" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\InstallService_Service.reg /y
      4⤵
      PID:4108
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wuauserv_Service.reg /y
      4⤵
      PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6028
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3536
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=4304ACB9-C3F6-452A-9860-EB4E85D38D4EX&winver=19041&version=fa.1092c&nocache=20241120192645.543&_fcid=1732130682718581
    3⤵
    PID:3620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5e5b46f8,0x7ffd5e5b4708,0x7ffd5e5b4718
      4⤵
      PID:6524
- - C:\Users\Admin\AppData\Local\Temp\nss69FE.tmp
    "C:\Users\Admin\AppData\Local\Temp\nss69FE.tmp" /internal 1732130682718581 /force
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5728
  - - C:\Users\Admin\PCAppStore\PcAppStore.exe
      "C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Enumerates connected drives
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        .\nwjs\NW_store.exe .\ui\.
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious use of AdjustPrivilegeToken
        
        PID:5204
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x7ffd44baa960,0x7ffd44baa970,0x7ffd44baa980
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1592
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1952 --field-trial-handle=1956,i,15217284615466656898,7150027315144550635,262144 --variations-seed-version /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6444
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=1968 --field-trial-handle=1956,i,15217284615466656898,7150027315144550635,262144 --variations-seed-version /prefetch:3
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6196
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2236 --field-trial-handle=1956,i,15217284615466656898,7150027315144550635,262144 --variations-seed-version /prefetch:8
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6744
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2488 --field-trial-handle=1956,i,15217284615466656898,7150027315144550635,262144 --variations-seed-version /prefetch:2
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6188
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4652 --field-trial-handle=1956,i,15217284615466656898,7150027315144550635,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2460
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4972 --field-trial-handle=1956,i,15217284615466656898,7150027315144550635,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7064
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4904 --field-trial-handle=1956,i,15217284615466656898,7150027315144550635,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6252
    - - C:\Users\Admin\PCAppStore\download\SetupEngine.exe
        
        "C:\Users\Admin\PCAppStore\download\SetupEngine.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6980
  - - C:\Users\Admin\PCAppStore\Watchdog.exe
      "C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=4304ACB9-C3F6-452A-9860-EB4E85D38D4EX /rid=20241120192709.946240961468 /ver=fa.1092c
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:7048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6425032806994276741,14977393440011595803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1
  2⤵
  PID:6324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:528

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x504
1⤵
PID:3268

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5824

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5292
- C:\Windows\system32\sfc.exe
  "C:\Windows\system32\sfc.exe" /scanfile=C:\Windows\system32\Qmgr.dll
  2⤵
  PID:2008
- C:\Windows\system32\sc.exe
  "C:\Windows\system32\sc.exe" sdshow bits
  2⤵
  - Launches sc.exe
  - Suspicious use of AdjustPrivilegeToken
  PID:1960
- C:\Windows\system32\bitsadmin.exe
  "C:\Windows\system32\bitsadmin.exe" /reset /allusers
  2⤵
  PID:5408
- C:\Windows\system32\net.exe
  "C:\Windows\system32\net.exe" start bits
  2⤵
  PID:6196
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 start bits
    3⤵
    PID:6740
- C:\Windows\system32\sfc.exe
  "C:\Windows\system32\sfc.exe" /scanfile=C:\Windows\system32\Qmgr.dll
  2⤵
  PID:7016
- C:\Windows\system32\sc.exe
  "C:\Windows\system32\sc.exe" sdshow bits
  2⤵
  - Launches sc.exe
  - Suspicious use of AdjustPrivilegeToken
  PID:5412
- C:\Windows\system32\bitsadmin.exe
  "C:\Windows\system32\bitsadmin.exe" /reset /allusers
  2⤵
  PID:4500
- C:\Windows\system32\net.exe
  "C:\Windows\system32\net.exe" start bits
  2⤵
  PID:4364
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 start bits
    3⤵
    PID:5800

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c827fad35faf4f5d94578352e97afd67 /t 528 /p 6540
1⤵
PID:5848

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024112019.000\BITSDiagnostic.debugreport.xml

Filesize
7KB

MD5
e19e1c6f70030d0e4462e72a1f7dd5e5

SHA1
d952969b2793322d2ec1b3eb8adaa637e25ec3bc

SHA256
d579e567cbabd093843af2dfbffcd037ca2c67b66567b521556011b3f77f5c10

SHA512
d29a844e61dc3089f011ac57924720c01d521be98340fb65a273b5daa08b52cbf7ef4014b9ea4ba07c43846accacb1ca314852eb92940cda746d6d6179931fa1

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024112019.000\NetworkDiagnostics.debugreport.xml

Filesize
1KB

MD5
1f25b536a486cd03d415d3f056dd8ac6

SHA1
5f359810f06baa1bebbbbf6e69510b9c166eb1bc

SHA256
1b075bbf80016eee3ca8816a059f69486eacefe6465c279aadc19ee92824b28d

SHA512
0cd04d7642527b0cc419626dcd226e103cc4fd0fc195a6adb13a386a77058084b0ed81d396b7f24cdf8bcb374fd47085cfce8dba6d54a780c99eefcb2b3c887e

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024112019.000\ResultReport.xml

Filesize
6KB

MD5
6a8c64f01c200c443e3f66154ea69849

SHA1
211302d6489de78f5f92d03297aa8cc6ccb96eaa

SHA256
57b8fc80295c5a1e4283b656c2bd07e5d9668b335746c81942ecd8dca439daac

SHA512
fc12d149b961f7f7cd6e24eac95f9ad2faae4ca599f2c893bfddd910e6f31cb397237f6dbd48e1452e1754bbd56e7d3a12819e9e8e2823a7a9e1c1f958edfc56

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024112019.000\ResultReport.xml

Filesize
3KB

MD5
4636fee4fe9c67e7ece8f64f0c248e11

SHA1
ce0146f7440840d62241b591644d20a6c25d15b2

SHA256
b6327d1dada501781cbf6c7116605812b0f01cefde1c4d0390e35045e62f8689

SHA512
047e49f9572d1bed5c37813fa7338c4a657bea136382d546dc466af1e9ead00bcc36d8ba3474fb78f03044147ebccb5cf47962ed343cf234e9652e3911161746

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024112019.000\ResultReport.xml

Filesize
45KB

MD5
b550eb584d8e5bae28a5d99b6c84a380

SHA1
631ed48ab5157ad898fe8a8e7789590f1e41b6dd

SHA256
a48417d84c4cfe93331dade64d293f4209bf0c5e43863a860b19d1a22a2f5d33

SHA512
9a33534c577ff2208ac391d357f4789999d49f88f0075908448f52b6a779a2fdb5a50564987a95997d789a5be6ae9fbcb6aa0a75b25cabf82994d608b317bb22

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024112019.000\ResultReport.xml

Filesize
45KB

MD5
532717f89c2033d7b05b8ca679346307

SHA1
6ec353daaf69a62b1968d682a518a710e4000c58

SHA256
038ab52c858016f934e914b77264140a42f102942697ef27ccd76d37cb9bad4e

SHA512
1ebe2bc66328e02bfec8706a6d798fa9aaaf8873aa653e97128a39dedd6700ad27c8c28d49613febdaad0354f3a3fa3c3049edf801ba5eb7ce20e98983d185f4

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024112019.000\WindowsUpdateDiagnostic.debugreport.xml

Filesize
16KB

MD5
c6ed41a05bc0251e1a802b6dedc91e85

SHA1
2037f888ab67f14249fd5903374921430a7598aa

SHA256
4297b54cac7712fc723bf4fe6e8d489275724492a03c80576a41711942e5bcd2

SHA512
38a5c9b872c408d2444edd5ce8bdeaf80a84b9d6eed4f4d2f59982c2a8830eb380b9cc02303bf4ef16266b9cc1aa43b60a6da603978674a83b7ed8c398cf0ce1

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024112019.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0cafa72565b2fa07ef5df1eb72b00b9

SHA1
d23e84ab26707048b3b1025d6a7fa3a7741cfafc

SHA256
276350672a0224e6a8bf090aa4e2c072fba69bb7668ed0b6c92fd3d9fedb55a2

SHA512
96f3ed200c573c9270ef93dea1652e63f55ef1132ac9d9bd21f4031d84fac23cb2d34e9ab26fc520b640670e32f32231ac52d26a5daab3d0aa2f761b01f5f3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58ffc60f16e2cc5f57693a21a9b6bee2

SHA1
1c89779940df6c4fedbb59a99687990c45015266

SHA256
2f591b201f1603f3847d9d992c01d3e365ab99fbd4981dd9fc8b019f004a212f

SHA512
ac31dd656373abb4cb59624f1f68808ec02748a64613c82bc5b6eefe9c1b9c70a28b95174c8bed36e479dfe6c66bb7b9fbd8fa2d018645332f79c69d1895f4d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
b3beeb65a93bd51ac90446fac338ae2e

SHA1
c74263b3e305864027856c338af8f521b74c353d

SHA256
81458f4cae863addea408a6e0870912f3d3814f0242f289ea3a7f8cdd0ca085e

SHA512
14ad66d0d98ddf1ff75646eb33340bbe934d381535180f77268815902ac3aed990f680837d098c16203270bfbb0fc3561e51931d2857ef79ed01c2f707772cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
61e48718bbd5e283a7e24af0bebdb85c

SHA1
c0a65f2e920895631edbb017e21ef2c0932cd07a

SHA256
5d341531e06929449982a4df385f37dc545c775a91d9c333a0ce13296c774501

SHA512
88932a68ca182a9fb5281d42f855b00d915e1643b9b195376a07f3f01cedb1d471b509b0b209fce58c4860c39aab01b50c1522193ff0b23574cb02e14b6a3463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
357KB

MD5
c9f38e7f630deefa24e81e906df23098

SHA1
2f60fffb85a05b44712d61e9960542ac782b053b

SHA256
8091e51471c5a8d728127c889d59473ca07da2ae0d01d920f0ab93b4ef4a5708

SHA512
a29d4cab12ac5e353d427dd67b2e7e03da92d719ecff163a4222351dfe634c57fb00bb425e9ea13496064b6d65a81a96e63bd14441930e94855a5a67060880d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
52KB

MD5
b1a6640b234731b30f61cc52523cf846

SHA1
55e4637091a2545b27eeae2a9f13a7d274c3526c

SHA256
e3ce05e2c2e595339829dd6dd971f3d0576e9e7e933c5b09a2f89577b037eba6

SHA512
2af4ef65879a558cc2d056d10dd2e54a9974620ead3529a7d64c0d86a058a814fc5bb35278feb8fe06b6a5093af0fa492d60c04e831ca6cd7cd73a8f8d4f2a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
76KB

MD5
59dbea113476560c8ac62bbdb462532d

SHA1
da13f03dfce8d1bb488facedcd55ed38c5a2e694

SHA256
24bac84b285257787f0643f97bcebb6143cef75c2222432298f88f4512a9cc9d

SHA512
b25f056ac508ef129e902571abb2bdc2ca95ba01add9aca3e0ac0a77c14115d6b4d68c56d43a4f656c4218571963502d2157bcca27d832398fbbb36a4e505bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
130096b7df7f464c7399bf4e70959098

SHA1
02cfdc7ac08f14664cbd509c4207de91b040e11f

SHA256
5ae3e45057cc9d4af7f6e030499f3af347650c6d1a053c05808aea50781e024a

SHA512
62f3b9694369e35c5af2e78b1459341c3c7c4d83714376d23ca1061926b64dfb613192a07213764be3a45da34328c20f6f0655e323093fac33753f1f55070bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
43KB

MD5
47a8296003c1aa00ca2c53676ecef140

SHA1
cfb9c4d6b32a1b4df237ffbd0a43ced3765d9f2d

SHA256
c8b89d2736c8bac911020d2efc78c3951a3b0958e6e031371240c91c9a8fc8fc

SHA512
4984ecde32d97223f78ae70a0af3cd85b505eb157b716a04df92a9dadd6ca10cde316d29e45b0457a7c2ea3a71aae42331dcdcdf2b56ced6a7407a5ef05ad363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
104KB

MD5
f3ca643900b35c27ce1ae347ad5b443f

SHA1
9e0982ec85d7b34d6e96feffc8d06b8640adc220

SHA256
f5bd6621b68a26bb980b0d0602bfbc1f9473e62bcfc19beed95965814e0dedca

SHA512
e62b29896f5131dc670a85c01d509691830967d306125bebeeaad1fa40080e551b35cf11d8182e6531be34f822f25563043f62e06d6deac91503359329299744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
78b7e2bc0c3de7eac1c75d6a1eeb4c84

SHA1
b2fb8ccd4efb0195343f86b47d695b880ee204a4

SHA256
99af8df48b04e1f8036d2d85158afdc222d00bf53cd7245b0bc82583b3c83d5e

SHA512
26c78eb2b6b08205db7abe4c5a7c61a1aff33c0a49da9bdd600d299bb3e863dbba34fbc9a38f1cc879b3040d4f89c23a84046d830d5d928a97415c8bfc64d80d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
85ee0118662082e02fc64b23a81f4d7f

SHA1
8fd018f33474015a90a60e34506b1df527013103

SHA256
4f5457aecddc510697810504e365dc0e5a65ffcecbe2f6eb07942696a0bb50ef

SHA512
18d449775121657895047da860f9f70254776a027665f0665bcdcc3a2dbbf5d7b6cc64fe53c770736d8c6f2581e60b0cdbb7bf70242fd81c78f56aa0b9181b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
110298fe16d451df4e90b52b7994713a

SHA1
a2d578022d7b3dbf5809b58a715a958d028d32b4

SHA256
9e873cf5d5652009ca28c597d14034e733299174ca618e6ff06ad474724540ea

SHA512
3d1c4e44ae0dcc96ffc28e7c0bd729c48e135deb77451b6431607f0fc263a0b3461d516ae864a43dd29bc7cf9162882c9a4410333fb00472b21238d00543c634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d82fb9254d667f95f39c6dc66be5b09a

SHA1
278474a1501a9719faeb9a3a1476ef07b8a5bed2

SHA256
56404afaedf90f34aeb1a52cd642e56c3eba286544e65050dc9383b003a4bc9c

SHA512
c5d86bc4fb9241ec98f9fd85c7fbedb4fbda61c9730ddd3c6b58b27dfe8a5d8ab70b00da979984f2a4d68c0119e3c8c1a282a410308979d245bcbbd08d7327d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9b7d5fca283797bbd1d6c0963789c042

SHA1
966aa3d927f6f653fa676da5d9e82ec5d247d6ea

SHA256
460b82622a90d50db1420d55310974647c6bc67df9d685adce8bf96cd004f078

SHA512
aa5e4d6dab410a8244bd0fa205576ea67354c06df8143f871ba237eb3f734f93961dd15ea9f7f7b78d37ced0ddba6f49400d00b0b75c5a713fce2eeb75440044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d892490e6ac4b84773676e57f013bf0a

SHA1
c0500e8fd1c948a06e82fa8b25b30278652dd9be

SHA256
780b4a47de1f6eb7d891acd26129ff9d8b064bfefb723b516be2fc7491c28ad9

SHA512
89138ace61dd8321c98faa956e6895742f49294456337183b547907b50c23d60eece175444e7a5d78ad72adc9804d7c9d5eb731630aad9c11a8dbf65151198c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
d32cba37d33230d978cb0c2f81e3c46f

SHA1
4a93970af41f8fa77f3fccc2846f88e389b554eb

SHA256
76b8e1117366144b0a2cb3074d6bd42a3a3ce9beebc0cb583475cac836946cc7

SHA512
e84a28d4e5b92aff192d9b30fbaa6ae1ae1aceda0398ae7a6feb66103c9aed7821abc3924c640145831e564f2b8f42cdeb159770b0f01f6256a5fa6e8536ae07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d60a6d4efeabc42910a184012936eb84

SHA1
6440c99175ab7b0965f4d27587b36e3385b3f821

SHA256
b537e0e7422e1adc7039b41faf9e035032aad44d84f65c215641a9a4c00aaa51

SHA512
8cdb5a4d04ecaceaafa4562df81d8a8f97f08aa0f177b7c53259e839bab7a3c2473204b266f6369915d2bfa723af2e7db186326fc6b6b7bfa04391d39fb0e928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
586B

MD5
1118da8c37e2963890c0899e073ec18b

SHA1
73f06031adf2e7dcfb4eb21db610b7f00b31fc75

SHA256
33f1fda04daad9967bde746de8011232d80b1cb9e1877d705925a57bb21d1505

SHA512
9c4326ed2d596c531d3560b26ca7b349d7f6fc835bbd45131ef08794d4e951130666b89ed3f0cd42d6bc4ce0c5f555771bcbcceafb49079e985d9a4007d5764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
08d61a9607db038c21cffb06a0198eda

SHA1
809af3af6c728f6ffd4cd30d37e0112687ebe70a

SHA256
3ba9c68ba984279478ce7d4805fa983203bdeef86160180726922bde73882228

SHA512
914415fe66f2ba6b6cb9a7884620a2a4cb63bc5738be65e3e7fa52337c9695873f41909508ade0095e2b02f14319addd388d5a869eec06df9b2740d4f0db3e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f2a4a19b6a6217945af4d7944e9a2c2a

SHA1
fdf6ad8083523f496353c72bcc2fc23435e83f4d

SHA256
e909758819efbdb819948c9238434492e1c1364e7fac86c3e700550cfbc113a3

SHA512
fa42b482b794a20504cd4a9dd57f5ae825feae78acafdab6665c9a527bd22511143f4b7c8417b4bbbf3fbd1d51d41f09e434c3cd013cbdb8131b4901f994b944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
18KB

MD5
a08ce7d962b21d9ec732e266359c5bda

SHA1
fbe06681188898ad765a8c116d33e212a296d191

SHA256
b4e56234ab130010e8fb7bf24b5b356d55b2b6cc438f7e83d9761f734a495c65

SHA512
c4394e81b2936ae61815ff24bb7a32d3fe9257af302a120a72848391c427cdeb72fe92df92ede9fc7233a628f265f9f9346cb8159bf2d772d5f897cf096eb635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
35fef746ab0f4e283515ade161c70c40

SHA1
236045e2b0f85e959e211878d8c9d5dced179568

SHA256
f428a656e2844a9211a48026a5594885faa301f8223be7bb2b59c58e18bbe4c8

SHA512
6701f3ed6b06b8c1f05430ef277224d200bce85c865817e7c5c137185f8e42798fa2373f7713959cd436e30b89fe3ee4a456365c78732b97135d7f07625b6a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
b6888b90289d22307c37cb407e78b96f

SHA1
06bf4be94e376dd2cac1a57fb009c3d81e5f6c8c

SHA256
48ac6a2414139272ba5573458c87c9df87b3109fc958f346675c4737aa475a30

SHA512
7434530756f99adbbbb5a0f5cc519290f6a9252065fc828dcc5f0d3b8412c8bc6f90953e1bfc761f859f5b523e7ac33c60986dc66838d282f9735b349e5f73e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a86201223bfdc6d77bacc74ce7109e73

SHA1
1fb34d0c61727d37a40cecdf1704bc3df1cf1020

SHA256
766be7c7468389ce74d033738b7d729b4a824a99c6d1c759f9132f0cef419dad

SHA512
c9e1097046271ee91075462b74d7a89c93bb54e5a9f7445958a7d257c8b9633757b73e3df735cd518f208a7edef5cbeb29de3f1dbe5ebb79ac80e8a26b4efddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbedd751a2c6c8e090e9bdfb41a0b8b0

SHA1
c12575fad2880fa4ea0ec86c4cc2b76d25c9d5e7

SHA256
c69319bf737b24468d3dfa1802c052baa366bc54f506ca3011868bde103df48e

SHA512
6db44879ad66c4c91aadab85e6e081bb329fb42008953c53ec7d1a2304bbf9cb0c84eadb3585059ed205eb6826ca602b633b997693ea3bc7f87ae81a9a184f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14f88018fbd69dd3a570b46ccd5887bb

SHA1
31b5efa01a5ecd1880f0ab9c28a97abd6cae7cd5

SHA256
1500380a8de325748042e45f79105a2745d5fedf99278ec4367570455d329c48

SHA512
9b478d34b8845fe5ed53449a56d60dd37c55d62362093d5fa169d2943b4bd2ff8648e04c684204b972c9b748125ddd70fc788b6a9cef62125146b35b13466af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
4d91e98252c3d6e3d6a26f363ac598a9

SHA1
9d1cc0b15beee8b715d17c3460295446d1b981fe

SHA256
de0ea4a756c59bdce66a0158f04b2d8c67c8feea571526de0000242c43b6b024

SHA512
372a72d4f0f2619a35d383d939549c879e9e124fefab1d1c8bfc4c5239bf1a711c00c52288c9f149b655f93d48757fef3cab36d1a6054ff9413a0ef95c78c876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e3cf1a60ed14bb05b6dee969870b29d5

SHA1
1505098295950897e4f1a9f8698c2e242cf7250d

SHA256
ea50bc1700f458dc285102d486ff158a2ea66bf98161fd1b2e464634f91d7044

SHA512
eb51c94445d44009cb3d4bc1e6492198efd4a4bd41bd354a019e80eb669b545b24492de5949267ee9abdb9be20be03783844836afa297d4b79bd2ca0498b71d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
71fa4795431faeaa845edbadd2aff904

SHA1
884453ed30855a44fe13adec82d24e5820c56ae8

SHA256
47a6f26cab02c2359cd5b33d0df95641f791faa3b4a9a465432c0624581e5cf7

SHA512
42aff31fce97bb4f241a5948ccfc720b20e4adf18c4fb081397a0bb8731e2614fe34aeefbaa3383c3d2ad43bec55a8cb650a693d694f00ea005c5214ada8c644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
47f9fa428a84902dfcc10b68d4ea8e46

SHA1
4c465ed899b35b32ccaf1b54ccded529a9893193

SHA256
78ac0a6d251c54ad916e7c287da615c8e26ef509dceb57fa07da6799fb3bc747

SHA512
169f8ebe1b6b0e2e48e8689d0a2197bd2ad7de2a8bc2a3d478eee467ff5fae4324e967c2af54e26fadf3a75e3422e13aedf6ba40b0c224d37c3dcbb5ee4af7d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a1fece445b1b390545921ca2929ff9e

SHA1
74e519f6cd3750f984328738a084388ddc22f76d

SHA256
78b8ad2d4bd959f4dda9c693347d68821461d78b2e46fa18279948f77154b787

SHA512
df24ab0208eb6428a28b2166393855035c564f51d9f5a652d6fe00f397cee363946b068f9c3249379cc865b55964662b1ee5a44d65a2cbdc78e27720a39f2453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
3601160b02ba5b8cfac5372ba7fa270a

SHA1
2151636660e67eac1e4908720e4ba556dba6dbbb

SHA256
96d57a8c939fc855ac3e0496dfb5ae8835457a160fa6e5ace068a4f8b25153a6

SHA512
13f7ddc2a402c71c9eacb124f298893b7926a98a22ebe4acc1fbbab48a57f10a43bcf9c142fa4f17316559ddf274585add4323ef5bfb14aba8eb4807996369a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d973393173995da6a2d3f6f0663bcd30

SHA1
aba49b03b799d108ca965103432e6f2ecc29f63e

SHA256
3333310ded92a9de8151fa89923059e3940c19fdc0589d3d7cd351daf73e4086

SHA512
b453b1f9943f3f64d0224732ca84256f1d5e98cbc67ad6198db102df4776c3a032799bee64d535eac5d3863de9671584cf24f385340d1d061a4fbeb9232c0523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
86e3de0c0a5df5beaf0f4af06aac8dd9

SHA1
97bc333b2dabe88976d00ec87766103fa913df2c

SHA256
d91caaaba16756f79167384e5931c4dad177e6aa059c66d64b8a557d1130b57d

SHA512
5d930906e16441fa13034c4a69c4b4955eec1c3c6a74e2717ea802a31cc23f881d86bd0bc041053abd4a2b09580478197ac8fbedd9a7cc0e791764690f240e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
0e225a3a15f79c57eb5de0110ed65f7c

SHA1
18cb51a39404cb387b3696626b8278b29f74ee57

SHA256
593ee38a8f4ac3f69592d5fbd4cc6273073bf3be58646ba8926f96b0a291417b

SHA512
1597c476e2525eeff5112197cec8c59966c43532bebceb000d523d843ba3178e8069c11c40a646b0d1c6d308f529d7fea8bbb196b67a02c7afaa91b792ccc618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c45c22949d629dc44165f6547a5a3eb6

SHA1
db936f55e6d85908a5dbe3584720e461aec9b7f8

SHA256
31bdcebd9f919fe3d19ce08389e9b3a036194bddd681ba4c20d37ee8458956d4

SHA512
bb96ed62830107c84acdd9b178030a55453383528ab0b7bfe73fc648ae49b1ed66632c32a15ba3e0e04dfc9005d090f6cdbb2f44dc3540cb85b70f085842ea0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5cbf8f.TMP

Filesize
48B

MD5
00bc88de818b5e0fb11d46f0eac6365e

SHA1
747449192ab7189fcbbcea1aaf1d8570856f41b5

SHA256
00e39f4f3916ab6ac3cc48c29b8075c03aff3e0f0ea50b8700486e9328f7356f

SHA512
315ece5a814e03f9c4cbf000894b0e10df08fe003c7fe42f4d9eefd1b20df66b6bbc15290f0990fef5b81dd96985a51b17c4e19884e4b96d85e891842d9b17b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
d272d17d2cbfb7d89769d735e66eb1a4

SHA1
babdacfa36cf037e6294b6f52a5de2f507737a85

SHA256
280cbd5503e3fc539bb177810861b6e17c19209d44acdee89c1a141b6dd68abd

SHA512
3a66b675d9a6fcc4f372849e22d8b4c0a220e76a4c81120d26fae5a883e917126d71d3ec52685e67162b428cb430bd27629a269986465a3fcbd14003a509acf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376604102269389

Filesize
1KB

MD5
162d8edd2157621a7d999de008d7f268

SHA1
be57c80ce9888fcf84a83ab63f6905ad3297e695

SHA256
fabc2ba12b06d592547b824699a892111ea4797c972cc3a3feb20d308136712c

SHA512
9c6f19316eb6ea6c8a63e754fee123c743a9675f637e8d8ea3e51a380b331292d862cd65f89fe18e5914ae68d1be436d38cb0a3a1a63c1a6f61ad87b5a84dd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376604102503389

Filesize
1KB

MD5
7ca1db8a2846d83245145ae7243d10ac

SHA1
cb9e595e87568d94f135aeec054497a6e9684581

SHA256
0bcedace041914a4dd7de5dd313dad117e211569d3cfb20ebfe38c3f546d05cd

SHA512
b357d976c80d8724cfa6cc3f54d22932a35829c05ce077cbb67c0c9715f0bab4fd4fc8a4220f94fdc4af979b972bb74c842450dd29cec54334d6cfce8b70bcff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f185e1ff9c98534f804f86f99b2fa44d

SHA1
2da03b43665acf1ac99642f267c8411f486a7497

SHA256
b6190ba994f28479f264d7f33c36af347be04ddfb946e8e0e6a79c110f39ea65

SHA512
04fab0f537fe2a8564d3cfadb0e7c88c1bbb5dfa8661ade204a6241b17498df08428adbd2d43f80dfacf9cdd11d67ae4a35011ddaed5d8d3af65659f7c3a57c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
7025ed5fc9a910d8a408be990393a4d4

SHA1
80a7f1be9d378142425e45599251a6896e0fa650

SHA256
bbf9eefea46de0342d57a1384f975f3b4fc6d1fa414f5041f242d7a41b321faa

SHA512
1a1808f9e8d266e9f351fa90ff2ab68a5496467874c9fb21e52965c951be5e138e0f05828d575569a1fd8258c9310f66f27c5de93cbf5cfa502371efcb79e88f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6796eeadfcac4296baaccdf6c473cf05

SHA1
df3377fdf8f3ca5b191fbf0df2c3b8b55ebb1afd

SHA256
319e85ed8b6ef33668909ddca112156de1bf3b5e01f3772f0021bc39f80e7f2c

SHA512
705ac2c3455a3faaa408fe7d300456d646e36864999f62171fb07ec87b9b13956ef597eaaead2aca9c3d168e5dbc34809aeea4f1082e8910efd528dcf66502be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
521ef0cf89a519abd69c9c965f15d50b

SHA1
4d8667c0572020122f0fe53f724d23b9de2dffa2

SHA256
4b4852ea8b979f59cf373b63303da1b6aa9f3953e5630c3446bae2b5ee5d0d9f

SHA512
f3a758e3c556897af8396da9d8627ccf8f8bf7435d3206cd6911525fec8fecc2bb280b80733917aa6400240e07bffd83e0a9c4fbdf1529acbff9bee9256f8bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
998d89c195edd5a41bfc93c1ea7794fd

SHA1
f089b1787dc96a91dab54e916c22548743ff5934

SHA256
bdc54bed51aee88cfa95e5c867865682d42a585cca2aa6e0aabac8855352230b

SHA512
1dceff2dbc230557a38319c2b5817e20f05652b3114d7a60a5ba7209e429a6f17db7b1555f40f137182cd3ca035c4162a75dfd30c0fa0ccfa06293e9620a3764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f66987221a0882da38583656004944ac

SHA1
7b10be42723d64c37016e72a79e3e52c3ce0afb6

SHA256
4d91b5e8320dc5bad55b230bef30255299b94c1dadda6aa731a34c75e23093d0

SHA512
8eec470d07e1e295fa8364a697e13fde211b918b22b529846b231a61a1c1c8140330e9eb19ea68ba0268677df86948f4ffc706a440029f39bcbd189612a78549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
863b8ba466cde042bc8cda26a204c53f

SHA1
db562eeb4868ffa33d31327edae8398a9d3ba7ee

SHA256
14b7481e72aa59eb1e1df1534672c47299b193f5bc185465a67bc2be2a9a1b85

SHA512
e17ebeab3b3a873836aef75f7ce48bd9b8da476cce075ebfcb41c507427adf44ba07882f4a76eaa909bfa20dd15c7754fe52e882984abdac8abc9670d450420b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c5570ec685bd8763a2ca605b6ad6d206

SHA1
8f417d4433ce2297700bde1d60c04c97be40dbe4

SHA256
6c4f3870fc309012554a7d8bd9aac72c799b9883ce44bb40d7614f91dcba1560

SHA512
1e36d7fc645a14bf5759c58008e62f914a59d1bb7f35670326df199aeb981255f2bf80e5322115791b8f41d9cbccb9fa873f3a8a79c974e48d3eb14619aeb173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591f46.TMP

Filesize
538B

MD5
69cc43caffc2f4d429f9354352e30346

SHA1
0dfbd0b7b4fc027911116a3ff0c870cd071d4622

SHA256
3e95c12bf95cec2b75a7588aef48ea690f13c934bff2614fc89cf9c505239c6c

SHA512
f4b36dcbd3f001e41248fac01030d5fd17a71ab6006be7346ba9287b5a7fe975d7b3143db21b01b4144535587c25de60d5850e94059c8efd994f5f9ca4c7d489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
c3579141add2c5e640181d85c6bf9ac9

SHA1
02f64c6f43388f663f8fd9d3e257fd40c17c2b51

SHA256
f6523a062b48a6251a9c029c7f1d762178268e59ddde34ffd3746ff7da0a4ae3

SHA512
226880a61a4f07573480e2f37d2357b4fbcf597a3bd82767a0678be479a59691be05ed8d717bf11708fe93e0c3f2db8bd7f6744fb6506e43fa305b433071b50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c7cff462-78f4-478f-bccb-8b6717a45ed6.tmp

Filesize
6KB

MD5
6e9dad65afea3e86aae4d704c72842bf

SHA1
8df071de7289cd7c31345db3075febe78e02f965

SHA256
cce257a8266464be1396fe3e3a42655113c0abaee7b28e42443bc056fd7f7db3

SHA512
ce1320849aa0c16e28c0852b2e9582e2a011705e00d3bdfe5022cca5020f922b335ae4967ef11959fda92bf0020a67d32042e13bb61c77ac3e4e62c251d75d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
5cec102ce0792ca8f4264b2e2ede545f

SHA1
85f1ccc6151ef67a34c36504c74290e506378ace

SHA256
2067e7f8ed466487b9b2992564922753accbb27702ac4926ae397df1e2d7f68c

SHA512
136075f08cabadccd2e3934f7e71db3d7ad365825a5bab88c02050e77c91535471ffd681d1bfeb977bb13684e94c7bad4694a3be5c32edc9e9479cba1c1e456e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
a96f2a7ee440ade122c0c56edbf3ffa8

SHA1
2e6acc89ca16ff9d3523995afec801a7e0c2b859

SHA256
baf0527091dc56fbbddaa0da6e18c0cd98366ec49af02cbb13520d08be51aab9

SHA512
7d45143916223483b0e57119a345c9cbe040e556c794797f74bfd3446ffe507c12ffeee0284ad74350b624b193606862070e0dc42cd25795e6bcabd2dc109dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
5cf628a7b61420e310b62f874e94fa55

SHA1
f93bcac2a8946a55aada52bdf3bbb302bebf37bc

SHA256
847af3b37994fd62e822befc93b533da755804afaba9b819a69c63f1c74f422e

SHA512
3a206a69c9f34bb816372cd8def42ea826f287cbd1389d7201d2f286e1126ec3aefdf18583bf6023137a9a9433f6c9cc6afa6f6a1808bcf2292a28c73724f8ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
d7fc9f30ca391e62e43b7a944cddced5

SHA1
3e84a3f5bdc3cb7fffb161e0123cf821acce5b1d

SHA256
37a0e518a1cf19ea8ea6219f9c55375e539bdf937cc52060d5bcb31337d497eb

SHA512
741efbe34fe8be0053f7053fe76340032a563b8304043fab9396309e719b55103026d6a4048536da8f38622b2b01c33906fed6bf8282860b5cd34914cf88518c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
5f20989030f08065a11a97211289dd7a

SHA1
95e39d71fbaf8c1cf8bdefd1755c27824cb4d421

SHA256
eae620fb8cfaf290561bcaa01262162bf0936855b161ca3c36c7be8274e0077b

SHA512
97a46b4c0e47a86a9585860b3756f5cbd0d79cbda9cd844077f0849c2fe253692031ada2a82ef2c4c0c9d061a4bd4005064de0204c736e545429ee027f3dd4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
ee3b8852bbda1f47a76b92ec5c665b54

SHA1
e3728a0d876d4a6d844e4e3c906e0391152daced

SHA256
414145118debc7a5a8835bb5b755ad6dc1bed45ee7d676f9ef1658876b62ac1e

SHA512
d8ebafc8f9426ece9f707b9d9c7ac7b64da0c54c085dac03bbb6fe793c1cab5fe6c0c554566b542d0033e715f6085c9d58e81f68f364f48544c63e56e3c48086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
9041fa186704da4f9c72c284b774675f

SHA1
94bfb8f6bb9e955a37de2822312f69d2bf72288d

SHA256
c3eb8b53a2d2067d56959135225f2343f8e7255694a031df59905f38bde7aa33

SHA512
5039b7b36d2ec45b1f625810b28b0a83ff52353da43dd9807438652ddc90c7220794583455da100490a600b305491577e2d2c3c1b9262ea14af73131dee85f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f8b76889b1c059129727d48d9f3cc76c

SHA1
fa00a68a41bb846496a6af045831a69821efb4c5

SHA256
5bb9ce28b979635068185200a5fc0d29dee3ff56bd4cd4474940c901b488ef39

SHA512
46f0b7a153ffef473dfcdfc6ad2fa3f25a76d656da0c78a58ef9fb7901cec6da23914abada8533789c42363f9a7ba16507bffe01f26d6671159ae14e8f8704ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
9ddc73eb1ec87261586a48cc0e353abe

SHA1
6b29002bade65f27fa64d9d044d6b905997786a3

SHA256
719ca9efd17ccc3403e3900bfaa9224d216db84d45188eb55d7cf9bee4889a8c

SHA512
f4b3ee44fa1c94ee8e4ee86d3a95c685ea2d1a54af894830f1e72eaf486edebe6cde2f2c1921c8b0ee027642a04424338b69e888436b352c49c9aa585eb4a4dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8eb1ddc38d794ac01573c826f745d283

SHA1
5b8ac79c9213c3374e2fc6486a3341a6a41ec047

SHA256
eeab9265786bbd285e0466e0260e8695493e4aefdcec1f57073787565a19c2a1

SHA512
da7d54886cb6e39a294ec021b8b4e7409178ad8941c059f29782e4894cb8804a972b7a77c01d13a6fd8bb41f5e7a387fabc0a3c69dc771a5243454b3fa857f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4993faaca13bc857139e780fbfa2a157

SHA1
64f9187f73ca66cf775c08b322457aebaf3f59ea

SHA256
04b28cdddb2e8856ca0b9fe5bd56c9e7b7f492860ea5e820768c88694f335583

SHA512
a724556dbe4cfd3afd036fb69b8f29684c63155eb485d1cada958c4f4719fd3de2ec1a50193861e860c345c11fa21cd47410b080f3a76a752086484165948abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9933858babf013483410b24eed0505e1

SHA1
9c755af8aa2c127a2663375b02b5901d9ae1a880

SHA256
a43160a08add9cc3906f11752fdca352870ce8931124f85f4013da5c7fbf0101

SHA512
d563889eef8f31e6efddab14477f405b32418e66801b590aeecb90f49e160f54a58ea498deb3543d1bce03ac9ff3be3398bc3078961ecbc576c9ce4a1c2ec77b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ac2e20d20d1cbf97a21883b75e27fa9f

SHA1
ffc7beef8e05300dab794063d6e4510c15c27a0c

SHA256
59fd4c0050b22158007322291bd48b821659e932dc5a962903f0cd1cabb58419

SHA512
81ff1e6871ed56742024cc0568e553cbb821fa3516a5b338230a5363d2a00e88f565311a4622204346fa32a40fde956a64944ecfadafcb08ed5f0c1d70763b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
750f8c68c5dfe569ea73baeba6bd7358

SHA1
87e1e4b8603d120091865c4eae798a5655d6112c

SHA256
dcba717eefececbcb1f48331c51df65514e35d26133c51616aeef3739918553c

SHA512
82183a3d7753de18052bbaf2be5fb9222e7373d73136e07a4c7e6d239d80c765f394e3c39b79da3786f033f2778cbb3ea2cb647fcbd814fb29f23470254b8002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c57a5b173d50f86d00478282f15eb6ca

SHA1
7958befd73d59a21cea64137d5e9de1e8c208dcc

SHA256
4ebed98fcdf30aea2509cdf26522d51c6096fe7b7e2d5e127a59df5dd01f2ec3

SHA512
5152c79eb1c1f64093ff3635d35f2f18c6308416062e6760dc7616994b93f84d7d1cc75abb6fa81a4b2199a5f7cf8ce70206ae81388fffaf880d4b72e4a520df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
d7e34580da80c02ac057afd1d44cdfa2

SHA1
f2ba6f62a6459bd3c10899dacef76409e253b330

SHA256
79730d4c39bd8714c73259eadf36b80a6483cee31b74c72fd59edb181b59f274

SHA512
01f2e4181553d795c7aca628309f17f6ec8cd7f8f2b0498ee7a01eea52112d24bdae292a8fee70c8bf80db0f94b7dc4ac17a385645129ad55682c3ce7524d058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
da28d32beb636dc1e7cc2aa019ad27f7

SHA1
0203a14e2dfdaef3bd56c7b7970a2262b388d6c9

SHA256
1338fb7bc93c194919874adaf936afb03b1aaa5f92279be2d6fb2e2e75201b16

SHA512
e58cf53bf5fcf5d004ea1d5a0daf774b5191cc6582d2771ebb418679d785e33f727665db14d7f790c66573f8f4c459e581c7d965772c650f6120720248f361fd

Download Submit
C:\Users\Admin\AppData\Local\MinecraftInstaller\deviceId.txt

Filesize
36B

MD5
b8c027f5bf3d56ee03c63e909a1d8efe

SHA1
eeacf05f7db6ba9371b09ca6ff5c2d83adb415be

SHA256
80a97b9c7450375d838b2ce5543c0c65c81a6202033fd6b9dcf2d69427344c3d

SHA512
a6605ab571283501598dde8e2d85e3af94fa4986a30c5be0c51ba8151570c55484ea9baa0b2256a73a787230c50a589b5fa29553ab82821a7ebd4e21914bb851

Download Submit
C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe

Filesize
557KB

MD5
8a4e72a29c08ae2cd13bc8ec414b8fc6

SHA1
26f8d73bc6f5ace5cec6e3652fc6410a71298498

SHA256
6513546697c3c9deb50d8dbb0cc9aa0be55487538ed482ec16b6264579de1539

SHA512
77eba566c65de1327bcacadb1483f538b4e5da67c3607398d745173ade25e987f59524a5ecf065dd5f95e26654cbb5a48dc80fae995d5d2dd63c63b2cd98fb98

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG3015.tmp

Filesize
9KB

MD5
fe26506e7b385faec5cb49646f8a5130

SHA1
7a2d49079c1348ed0c36dc11841e40f5b59cde99

SHA256
3527088b9a8ef931fb2534678f3bd0f8c61217feb3d2c09767a2f2831a14ab74

SHA512
323d76cb157057002d91a6d1b88dff4067e47e7172df2119518bc9b0ded618feaad7a96f18a024752e6ab0107f4cd6885a83ad69aa01c15344b89a149a4d7293

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG3015.tmp

Filesize
270B

MD5
edcaaed49057b04d804ef38622dcfeca

SHA1
200458ae3a380983860136acca9b18d62c5bac76

SHA256
b9532ca922a984f207d3a82499308fa038e1d78169b534b8d7fc116aefe5a05e

SHA512
052065767b3bf96cf1314dd8c42940ace0d256eb7f536de0b642f5816dc0b5e6db3ce9a10450e9564b7c932e9261a9d78ca7929a4537646cbf7d5ee8c363b5fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG317C.tmp

Filesize
598B

MD5
55296e197039f43f512bac40d74fbf7a

SHA1
0b38cb080d47f2a7b15522bf293fdecb4ee63505

SHA256
b68f9ac6146df7abf1975420cea3792068d77c90c87879d591c7ed249d00dba5

SHA512
1dfefcf38726c7d9571eda9e0120253962ad1064374a4d1a0c3c59e53a31db2c3dcfd1f83162ce98d0b5911ce059b5d881d5665727fa157599e88a27f0cbd46a

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG319C.tmp

Filesize
431KB

MD5
2a7e0661646e3b4f3d09a9c6058b09d5

SHA1
18a33ee87fb11cefca9382ef62d521e174fb6880

SHA256
1249fb788267540919cde29f29a0a33faf6b36b809d4c72378aec6435e81a32e

SHA512
9fb4548ea6276ece3126abc960d2c19bf4b68f819929ad225bc7b753045c8446e41ea0177d4a052ff63aced236860d22c746ea9d21c1f580a09890957a3b2cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG3267.tmp

Filesize
4.3MB

MD5
5ec9564d140d9bd639744df8898d0e1f

SHA1
4a27f51155adc3ad14a13656a9d9da81e2e758fb

SHA256
750081813b5012afbfa8c85ff0d371d824f1520e2770d54aca952ddf64ff0f10

SHA512
3ff76d812f0c5713b462bad87b50126a52ee55196d9ea73086b671aadba88419e50c712fb628318ea843766175c7794398b551b7e3c2ab0376b53ff58524bb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG347A.tmp

Filesize
374KB

MD5
e7c339645b370874315686d6a7294b5f

SHA1
40b847d2f070fdff308571c05a13d05f1f926b34

SHA256
dfb5b409f4284cbcc156599311f4ab1cf7d418040e9ca53f0602b817fb05ce9b

SHA512
dd968df2926d7f97753f8f7f05b131245a67b5e6eaa32a4b5ea351689a6cace9b1ca5d89b0c6d327719f02d8d004034900e4d40e41c1d5c0137792b0bc0cfa81

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG3535.tmp

Filesize
11KB

MD5
e8439c4e8015208e2f4282657e423ecd

SHA1
d7c5a264eefde22b2640dd349a4c5bdd49e2bd9c

SHA256
5ea92e4430ae7476d77839bc8af9a62a27882f51594972bf858abedd77ee94f8

SHA512
2b4b87406438c9086030ab1f70f381b002bb82c8b03e7b2c3b519c3eed6a8d650d1c974816c1415c51eee84ce681f312569624bb91bc276bbbcea5b6165d2305

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG35A3.tmp

Filesize
740B

MD5
5b20f739acefbfc6237c04f216466883

SHA1
738af05cf8a177e14726ae4c4affc6d9b94da6a1

SHA256
f787f543d052d4000d007bdcd71bb6b7024293f2ad2d543b02b4121b1da3ebf8

SHA512
c82cf736af02ffe5e76b88d802e7800787826bbe5cbc59b64b4f77f9ff1168f9ed43a9c68e3a9d13407e38f16822755660d359b42ae339d0d2bac754f192651f

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG36CC.tmp

Filesize
3KB

MD5
f90a03d152e8202c3eb57c6e6eb710a8

SHA1
cab5b11304ebbb9a1ca9c191fbc737082bcb49b9

SHA256
89eb956a0ac5a7ebd558eaaebe485c87c40c47baf1954b272b26b0b8724a6352

SHA512
2e3e8c359ee1b97e5a01aff6192fd39236f14cd75812fb9ec2488e938c52db294c859062d89b84f6593d3c492d310fe6b514df235b52dec189e7b62e02bd86fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG36EB.tmp

Filesize
3KB

MD5
cca36a379e81a944c607e4f4d544c565

SHA1
d09aef7d6cf0bd140f121a85ae2b92307119db89

SHA256
8975303228de2bf10d7a55bfbd591bce14e4a124910265eefbeb58229347268c

SHA512
8a851c8054c694dcf0b942550de764915f0c860277f910fa0fa6d66962f7e6c7a7c8498a0abd55e51e6725fb585820a957c079351883429242e4c0abf7f79158

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG3739.tmp

Filesize
4KB

MD5
9a6b92b10fa585333d0291ac3d87537f

SHA1
9536e72a6f059ff86deaefac6676305fdb23530b

SHA256
713b38ef078f28703e15256cb30ccdf5e496256f9b0e92768d0a63be39c3e825

SHA512
28605010c1a45e8d08e1b4ab82a697694ed977213902707a03f6da0570b37cfdba00002e29ad072273d3353e18200d763e2f05cc504c36fec53778288ad5691a

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG3758.tmp

Filesize
3KB

MD5
79d558a3f5a649a98ac348ed8a0bf6dc

SHA1
5cc1a6a3339b3104af499a8d44fc426d54021e85

SHA256
23237d250e185d524d26dbdc6ce16adffa9a0b65af35fefac3bf0d01004d5bd5

SHA512
6ff24db910fd94551806670d922c31802e4f49dc68e1fc31d33cae1269822c6324563672804f0eb8fccaf2191281d860f74f243b0effcb844ebb3ec8044f85d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG3778.tmp

Filesize
10KB

MD5
b0223e1939178bf83ef084f4d98d27fa

SHA1
5d1b1aaa0e159fb6ab3370c473f38c7910b28663

SHA256
beb092700ad0e8e12c2d46c23b5f56c78fccdf25291f92fbf9f56f205f59f10d

SHA512
707d24203e0adeaa521d62f3e7b4bf4b73f17849294a7f33e8dc89d563c942a7cebc08bbd1d55d9ca3d46be835983e9310386c2339cea930a50ee862f97f01d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cggq4lut.xji.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb995B.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb995B.tmp\image.gif

Filesize
997B

MD5
1636218c14c357455b5c872982e2a047

SHA1
21fbd1308af7ad25352667583a8dc340b0847dbc

SHA256
9b8b6285bf65f086e08701eee04e57f2586e973a49c5a38660c9c6502a807045

SHA512
837fa6bcbe69a3728f5cb4c25c35c1d13e84b11232fc5279a91f21341892ad0e36003d86962c8ab1a056d3beeb2652c754d51d6ec7eee0e0ebfe19cd93fb5cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc34B5.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc34B5.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc34B5.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc34B5.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr3476.tmp\NSISFastLib.dll

Filesize
137KB

MD5
9c7a4d75f08d40ad6f5250df6739c1b8

SHA1
793749511c61b00a793d0aea487e366256dd1b95

SHA256
6eb17c527c9e7f7fea1fdb2ea152e957b50a56796e53ce1e5946b165b82deaef

SHA512
e85235307b85ffd3aab76ff6290bee0b3b9fd74c61a812b5355fe7b854d4c6b77bd521e52638d28e249a43d9ec7aa6f2670af2b1c671091492c7fe19d6f9a4e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr3476.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad\metadata

Filesize
114B

MD5
677a91a1584ef783f69a2295042673c9

SHA1
6e1125ccd11c7b033d3ad1d4f77b0431ec83147c

SHA256
3e7a1141b16ebe8293e8c5290dfdd12dd01b0d3ee554f948798e1d7f204f7795

SHA512
615c78adac2c77b4b49d43a31b1aea09301755d98064f31d0c02e0cfa19a74d03d65b03f1197a3f97ae02403192edb5312283c75a45db029621b7473e2c30f84

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad\reports\ac2e3016-c285-4969-ba8f-733639feb7ad.dmp

Filesize
1.9MB

MD5
13c42927649b2d3b6ee2d1257e24d705

SHA1
e4f74b5aa870c9aeef9f454567eddd26ab3afc5f

SHA256
f8faa996d4cd5d2c05316aa4fd8f8b76ec785137b125897f897439746ca85542

SHA512
1947c2ee74448dc4ace652a17070ae13ec3aa36ac2cab3046df43b8f505de248c29e3bf5eabbded6dd225d29132473cc70d51f94ba1b13debf880db10c7438c3

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\80250a45-110e-429f-a37c-8735fec35c84.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
47KB

MD5
8e433c0592f77beb6dc527d7b90be120

SHA1
d7402416753ae1bb4cbd4b10d33a0c10517838bd

SHA256
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

SHA512
5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f5eddf00f804d42f026b147605996dac

SHA1
62cd1831d8bf66bfffd8c741ecd3c49603588d75

SHA256
db5513e05c3af2e16ef570945084f3cc48764f0d0780923ad55330cc63cd6a69

SHA512
b4d16c7bf3cfc9188268966fede30890edb44219a13144966727dbdc99ff96b7fcb42e3ffd9eac7b42163cf3ae1d5a8ebde3743f1c0384b7d23cdc493b0d17a1

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5d29b2.TMP

Filesize
48B

MD5
61c1a56b0fa4fec58cf2f7c1237b2f08

SHA1
2364679fee383d2906ef6205a8b59d9143499901

SHA256
f164fbf917246b06876e92f7af11a6dedc8a835289e6f8d31da6346d6d3de39a

SHA512
e1e085b3b2cfccb8a8224ae85dabead0bd6434706bded3fcd6617a5d88fdd7f2f6518b558c56bdfe712435955fc1cd49f781ab2b5aa79191101ccac656aade95

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
0c852a46eaad460b16fbedc329e79003

SHA1
0599cc9e5e16f2c148a87c946f2b2ac71611f04b

SHA256
cffc3c1edb696839fa1772b3b305339ecc2ac00310d070a69f0b633a67d91e18

SHA512
e28dfe9ee24b09793377ba87d9667f0422ca120604b87b41b9774a6870fef6565b0d59f9c6ccd70fb8fd5a03943c922a1bf8dfae4d641700095442ead9f72906

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe5d3bf2.TMP

Filesize
523B

MD5
80707993be101512c66726f0085adc33

SHA1
878e1ea53fd4308cb81f2a5869d75b1e87074420

SHA256
5fdc799857c6d4346b124cf1cb61eea7dafaa4c59d25eff66baed940925074cb

SHA512
cf98a072e946c4ab440c773b5640ec0d926763cb9e6b50aa66b19ff05051619394863d3740e92c0d6f65ec831403eb52c4d10eca944863bf73bc20c4ee7508d9

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
967563f58813814d49dd5cffcb6ebe8d

SHA1
a50874a13e3f6d762f4c342b206fb37492f5cc79

SHA256
0ccbd74142b60016ded2c6c5fda6f7b9107e48a814b6179b9cc3d721b1b50b92

SHA512
b1e01f1957d0a9791249d52bf8c2dc01f12d63a3671341fb82d3d67752b37d83bded946b66acf677a0b0994f73ddca9cb953624104577322f9f46be7e1a2c6a5

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
2d0805acadebafb2f67812c1f79b0397

SHA1
12c76603590b5ee1cafd56b896792246798d7854

SHA256
0d793377fb3642700ce8428230b5b962350452285405f55add7ccd04242f215b

SHA512
b0c3c8c759ecea17c94e4c21a382acbbda0af236a3e6540320fc8aa9a012918f62b95ea67dbe656e18e926382a4c460c5fba02b6251a96d7043d408f0a30720c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe5d1dac.TMP

Filesize
4KB

MD5
122476b4b5594b9f853e0d9aca8a6c07

SHA1
ef7e6aeaee92fe48c1abbd91abac4e17dc335788

SHA256
e8fa5009e1eff89acb4bbc7708072447cb87a4a2764b34786c091b030f358975

SHA512
c8fcd673f68a3c663883b35b148caa3d4b588a2acbf6a86ef0ccce9c52f350745780220b1ee6f36b654e44ba9355e482ad06eaa3e92486a855c16c8ce9de58c0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
03e9f614a008075733c76883156b568b

SHA1
5f9cb1b06928487c4b836e9dedc688e8a9650b0b

SHA256
b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416

SHA512
7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\d45fb185-9582-431b-a0ab-b05eb25fb498.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
2KB

MD5
7a7922f30048876210f3aedada2a8e06

SHA1
e2e0e51f55da0c04cae45f701b2b241033e258da

SHA256
9511620d3b3caceff9e617ceb1c5c0f71de3739b21845b6064af787164da91ba

SHA512
da5487bacaca16fb244403c670b92c7be12631664566543f2f06f313989907cd61c857244965401c1a7ee2a3e32f9f89197e5aa21d7038488d88aa3c7cfcfff2

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe5cf3dd.TMP

Filesize
922B

MD5
26054654e04ae5cf1b499d2a9c841499

SHA1
23b9f84a033fab4e5466b3e9e2d9a741243bde82

SHA256
21f945317cb2e566affaceee54ebc7e90ff46432ae90867f547878b47d226a50

SHA512
7586eccb8c0675dda94a911684af5ed4ce9d27d2ae86bad873d856935289c4051949bf47a424691eef70c5e8502b3bcc8a3e0242f84b305d2088e03e27717b82

Download Submit
C:\Users\Admin\Downloads\MinecraftInstaller.exe

Filesize
32.3MB

MD5
4f02ac057355b5dc73ea28aecd2d56b4

SHA1
32591cb75779a3e308a44e75a76f821e7dee11e0

SHA256
83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4

SHA512
9eb08f85559df6af9192bec8904097d4e43a832ba9e9cc1c7be1a366af8d103c3a6db3886f00927ae5eb62055fbc770c7b5a3d2a122a0b460b51136083015368

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
185KB

MD5
9ddaca878b160b9850901eafe43ced70

SHA1
73c9c0f5c353ca2065fbd3bbe7ec090247f5cc04

SHA256
0c6eb69629b79dd6e542d383f0f9a3a722d2a0d07c5d0c1d91253369d8697d4c

SHA512
32b40a0dee6566f49073b0536e8c502d1bcec4180a0f341ff86e4caca1f2be9b3c178dfe2d5266a89a61f4d83e9138420260acf9b1c0094022a1f91bd67ca0d5

Download Submit
C:\Users\Admin\PCAppStore\download\SetupEngine.exe

Filesize
118KB

MD5
85f2849f25944fc15e58521a52b800ff

SHA1
718d11673de4743835523983ab5e06f88785a03d

SHA256
c4942bad2eaaca0bb5ed7e6900d6c85f12f0db6de790072838ce3f854b9ad677

SHA512
f5723f93695e84fc41f48f0153f024249e9abc9fd03d788af1c31d6084acfbe4c85a76de55ab8be4f68d16807bc0381c269cc3834510d538e9710f528b04beb7

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

Filesize
1.0MB

MD5
82d7ab0ff6c34db264fd6778818f42b1

SHA1
eb508bd01721ba67f7daad55ba8e7acdb0a096eb

SHA256
e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db

SHA512
176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

Download Submit
C:\Windows\Temp\SDIAG_3bbf9d80-7cd4-46f0-afb5-be8cba99c884\DiagPackage.dll

Filesize
77KB

MD5
fc7504df42668c2918657d1b9a3102c9

SHA1
5f9a70a31678e2e8b9a10849ea8657702d0cb53d

SHA256
159c4d4621f4ce1f4da14246401d85a00b40c0090fd0b2640446a896127ac646

SHA512
c844f9e5ba72eddc6aca73e09214bf8372ee5676124077983b78b10b9830a5e5eabd9c9fff2650858836f995ea79b1f0502609a428797b838ac7cda3f627c0da

Download Submit
C:\Windows\Temp\SDIAG_3bbf9d80-7cd4-46f0-afb5-be8cba99c884\en-US\DiagPackage.dll.mui

Filesize
4KB

MD5
2ad9d1abe41ad048186f196b58fd8e9a

SHA1
d9c66f6ef89ad126ef2bbb36e0bcf6fc8a0e34af

SHA256
9b9acb69e01f79160d368cdcd8a4dc81f18da6398f920b6f663938171f5f718c

SHA512
4c4e1e5bbe173dfd37c65fff64a029883b2f719a360a9f5ee0772b304a518839605528b97b1ac0319b79a6d7f284767ad6c04b3b769559e2b14600c467947d61

Download Submit
C:\Windows\Temp\SDIAG_42d86b37-2b20-4725-a996-9204a35f7ed5\DiagPackage.dll

Filesize
77KB

MD5
458bc0d439cb0d955120ae319c6ed91b

SHA1
b8899daffcbf912462d7e089d126d664c1a40216

SHA256
9454ec899ff78ff14c4c5137ba23d99dfaba079c629afd790640d0f07724201c

SHA512
fda4a2641db70fabc10d73dc28dc13f3b85140a382e032fa7a46abd5eb72e076f96794ccbc0f344a0cc88222fe27ee527a3587eed286e3e3db338824950369c0

Download Submit
C:\Windows\Temp\SDIAG_42d86b37-2b20-4725-a996-9204a35f7ed5\en-US\DiagPackage.dll.mui

Filesize
6KB

MD5
84d58b706a4a16e582a140f72110b7f5

SHA1
bb7a3f254dde61f948417eabdc5a0883d102d873

SHA256
4b012aeaa40324691c6af926d5bb27409232fe8c484fd295d64925fc36f31060

SHA512
9f520c9d00586d9fb8a87b904d75616ca18b6dc3badd1db71ee85236a6bba459d56eee6ba29ae8cd2139fda8e5df961b232ad87a17fb4dbe61dd4422d804c508

Download Submit
C:\Windows\Temp\SDIAG_9b24dc21-12d1-4100-bf17-109be614560c\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_9b24dc21-12d1-4100-bf17-109be614560c\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
\??\pipe\LOCAL\crashpad_1068_RIPZOKDTDQZETMZA

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5672-1154-0x0000000000D00000-0x0000000002D56000-memory.dmp

Filesize
32.3MB

Download
memory/5672-1197-0x000000000B990000-0x000000000B9B6000-memory.dmp

Filesize
152KB

Download
memory/5672-1196-0x00000000081A0000-0x00000000081AA000-memory.dmp

Filesize
40KB

Download
memory/5672-1162-0x000000000BA10000-0x000000000BA1E000-memory.dmp

Filesize
56KB

Download
memory/5672-1156-0x00000000079C0000-0x0000000007B82000-memory.dmp

Filesize
1.8MB

Download
memory/5672-1161-0x000000000BA50000-0x000000000BA88000-memory.dmp

Filesize
224KB

Download
memory/5672-1160-0x000000000B3A0000-0x000000000B3A8000-memory.dmp

Filesize
32KB

Download
memory/5672-1158-0x00000000085C0000-0x00000000085C8000-memory.dmp

Filesize
32KB

Download
memory/5824-1703-0x00000220CBAB0000-0x00000220CBAD2000-memory.dmp

Filesize
136KB

Download