stealc | hxxp://www[.]cheatsgood[.]click/Redmatch2

Analysis

max time kernel
1040s
max time network
1042s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2025, 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.cheatsgood.click/Redmatch2

Score

10^/10

stealc default discovery execution persistence privilege_escalation spyware stealer

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://micfriosogprodnorthghostcom.top/kjgkjlKLkjfjkrhjHRGHKLNMREJGHKJnlGKL3454345BFJKKJnVBEKERJKRGEGREGRGERGERWBFDGGBTfgfbergsc4334ggd/lice

ps1.dropper

https://micfriosogprodnorthghostcom.top/kjgkjlKLkjfjkrhjHRGHKLNMREJGHKJnlGKL3454345BFJKKJnVBEKERJKRGEGREGRGERGERWBFDGGBTfgfbergsc4334ggd/lice/NLOCK/

exe.dropper

https://micfriosogprodnorthghostcom.top/kjgkjlKLkjfjkrhjHRGHKLNMREJGHKJnlGKL3454345BFJKKJnVBEKERJKRGEGREGRGERGERWBFDGGBTfgfbergsc4334ggd/lice

exe.dropper

https://micfriosogprodnorthghostcom.top/kjgkjlKLkjfjkrhjHRGHKLNMREJGHKJnlGKL3454345BFJKKJnVBEKERJKRGEGREGRGERGERWBFDGGBTfgfbergsc4334ggd/lice/NLOCK/

Extracted

Family

stealc

Botnet

default

hdkxbax.click

Attributes

url_path
/98e3554588153cc4.php

rc4.plain

Signatures

Stealc
Stealc is an infostealer written in C++.
stealer stealc
Stealc family
stealc

Blocklisted process makes network request 2 IoCs

flow	pid	Process
258	1200	powershell.exe
259	1200	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5060	powershell.exe
2416	powershell.exe
1200	powershell.exe
2352	powershell.exe

Downloads MZ/PE file 3 IoCs

flow	pid	Process
258	1200	powershell.exe
258	1200	powershell.exe
206	3260	msedge.exe

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	powershell.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	7zFM.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 12 IoCs

pid	Process
3272	7z2409-x64.exe
4392	7z2409-x64.exe
4284	7zFM.exe
5492	Setup.exe
3348	Setup.exe
2192	Setup.exe
3288	7za.exe
5088	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
5980	M0DRISPC.exe
6056	Setup.exe
3348	7za.exe

Loads dropped DLL 6 IoCs

pid	Process
3524	Explorer.EXE
3524	Explorer.EXE
4284	7zFM.exe
2192	Setup.exe
4516	msedge.exe
6056	Setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
402	raw.githubusercontent.com
403	raw.githubusercontent.com
404	raw.githubusercontent.com
405	raw.githubusercontent.com
406	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\mapi32.dll	Setup.exe
File created	C:\Windows\system32\mapi32.dll	Setup.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5088 set thread context of 3204	5088	0G8NI3UJ.exe	162

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1203153023\hyph-ru.hyb	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-notification\id\strings.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-shared-components\pt-BR\strings.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\wallet.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1203153023\hyph-pt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-hub\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-shared-components\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\wallet.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_97435511\manifest.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_846499599\Part-NL	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1185207236\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-shared-components\ja\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\Notification\notification.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1203153023\hyph-de-1996.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_846499599\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-shared-components\ko\strings.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_687392617\manifest.fingerprint	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-mobile-hub\nl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-notification\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\Tokenized-Card\tokenized-card.bundle.js	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-hub\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-notification\ko\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\Tokenized-Card\tokenized-card.html	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\bnpl\bnpl.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-shared-components\ru\strings.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1185207236\edge_tracking_page_validator.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-ec\da\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\shopping_iframe_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1643975092\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_846499599\Part-RU	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_212630290\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_212630290\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-ec\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-shared-components\cs\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-notification-shared\fr-CA\strings.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_908914590\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1203153023\hyph-tk.hyb	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-mobile-hub\en-GB\strings.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\webui-setup.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4516_687392617\keys.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2409-x64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7za.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7za.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	0G8NI3UJ.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	0G8NI3UJ.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Delays execution with timeout.exe 4 IoCs

defense_evasion

pid	Process
5852	timeout.exe
1064	timeout.exe
5632	timeout.exe
5008	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133896273249686374"	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Explorer.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 1e007180000000000000000000002f492640692fb846b9bf5654fc07e4230000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\windows.immersivecontrolpanel_cw5n1h2txyewy\ApplicationFrame	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\windows.immersivecontrolpanel_cw5n1h2txyewy\SplashScreen	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\windows.immersivecontrolpanel_cw5n1h2txyewy\ApplicationFrame\windows.immersivecontrolpanel_cw5n1h2txyewy!m	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\windows.immersivecontrolpanel_cw5n1h2txyewy\ApplicationFrame\windows.immersivecontrolpanel_cw5n1h2txyewy!m = 2c0000000000000001000000ffffffffffffffffffffffffffffffff280000002000000058030000a1020000	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\windows.immersivecontrolpanel_cw5n1h2txyewy\ApplicationFrame\windows.immersivecontrolpanel_cw5n1h2txyewy!m = f401000040010000	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe

Runs net.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2852	explorer.exe

Suspicious behavior: EnumeratesProcesses 48 IoCs

pid	Process
6000	msedge.exe
6000	msedge.exe
4284	7zFM.exe
4284	7zFM.exe
4284	7zFM.exe
4284	7zFM.exe
2416	powershell.exe
2416	powershell.exe
2416	powershell.exe
5060	powershell.exe
5060	powershell.exe
5060	powershell.exe
1200	powershell.exe
1200	powershell.exe
1200	powershell.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
5980	M0DRISPC.exe
5980	M0DRISPC.exe
5980	M0DRISPC.exe
5980	M0DRISPC.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
3204	0G8NI3UJ.exe
2352	powershell.exe
2352	powershell.exe
2352	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4284	7zFM.exe
3524	Explorer.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4284	7zFM.exe
Token: 35	4284	7zFM.exe
Token: SeSecurityPrivilege	4284	7zFM.exe
Token: SeSecurityPrivilege	4284	7zFM.exe
Token: SeSecurityPrivilege	4284	7zFM.exe
Token: SeRestorePrivilege	3288	7za.exe
Token: 35	3288	7za.exe
Token: SeSecurityPrivilege	3288	7za.exe
Token: SeSecurityPrivilege	3288	7za.exe
Token: SeDebugPrivilege	2416	powershell.exe
Token: SeDebugPrivilege	5060	powershell.exe
Token: SeDebugPrivilege	1200	powershell.exe
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE
Token: SeShutdownPrivilege	3524	Explorer.EXE
Token: SeCreatePagefilePrivilege	3524	Explorer.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3272	7z2409-x64.exe
4392	7z2409-x64.exe
3524	Explorer.EXE
3524	Explorer.EXE
3524	Explorer.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 4260	4516	msedge.exe	85
PID 4516 wrote to memory of 4260	4516	msedge.exe	85
PID 4516 wrote to memory of 3260	4516	msedge.exe	86
PID 4516 wrote to memory of 3260	4516	msedge.exe	86
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 3108	4516	msedge.exe	87
PID 4516 wrote to memory of 2724	4516	msedge.exe	88
PID 4516 wrote to memory of 2724	4516	msedge.exe	88
PID 4516 wrote to memory of 2724	4516	msedge.exe	88
PID 4516 wrote to memory of 2724	4516	msedge.exe	88
PID 4516 wrote to memory of 2724	4516	msedge.exe	88
PID 4516 wrote to memory of 2724	4516	msedge.exe	88
PID 4516 wrote to memory of 2724	4516	msedge.exe	88
PID 4516 wrote to memory of 2724	4516	msedge.exe	88
PID 4516 wrote to memory of 2724	4516	msedge.exe	88

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.cheatsgood.click/Redmatch2
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ff9e660f208,0x7ff9e660f214,0x7ff9e660f220
    3⤵
    PID:4260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1872,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Downloads MZ/PE file
    PID:3260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2260,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:2
    3⤵
    PID:3108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2452,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=2932 /prefetch:8
    3⤵
    PID:2724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3492,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
    3⤵
    PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:1
    3⤵
    PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4936,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=4992 /prefetch:1
    3⤵
    PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4832,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8
    3⤵
    PID:3644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4848,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:8
    3⤵
    PID:1908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:8
    3⤵
    PID:2532
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
    3⤵
    PID:2364
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
    3⤵
    PID:5164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5996,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:1
    3⤵
    PID:5592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5020,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:8
    3⤵
    PID:5840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5100,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:1
    3⤵
    PID:4664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8
    3⤵
    PID:2932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6684,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6700 /prefetch:8
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:8
    3⤵
    PID:3568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5732,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:8
    3⤵
    PID:6136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6184,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=4912 /prefetch:8
    3⤵
    PID:5388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5288,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:8
    3⤵
    PID:4016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5240,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:1
    3⤵
    PID:5712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6704,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:8
    3⤵
    PID:5208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6924,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:1
    3⤵
    PID:3500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7072,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:1
    3⤵
    PID:3240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7024,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:8
    3⤵
    PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7292,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6988 /prefetch:1
    3⤵
    PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6976,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6948 /prefetch:1
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7412,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7032 /prefetch:1
    3⤵
    PID:3732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7452,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7648 /prefetch:8
    3⤵
    PID:2296
- - C:\Users\Admin\Downloads\7z2409-x64.exe
    "C:\Users\Admin\Downloads\7z2409-x64.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:3272
- - C:\Users\Admin\Downloads\7z2409-x64.exe
    "C:\Users\Admin\Downloads\7z2409-x64.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:4392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7728,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7796 /prefetch:8
    3⤵
    PID:1444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5228,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7796 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7456,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:8
    3⤵
    PID:4888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7896,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5408,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7992 /prefetch:8
    3⤵
    PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7596,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7904 /prefetch:8
    3⤵
    PID:540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2292,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:3
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3292,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=3280 /prefetch:8
    3⤵
    PID:2852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7840,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:8
    3⤵
    PID:5796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3212,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8112 /prefetch:8
    3⤵
    PID:2364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7972,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=868 /prefetch:8
    3⤵
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:8
    3⤵
    PID:1392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7348,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:8
    3⤵
    PID:4772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=8076,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7996 /prefetch:1
    3⤵
    PID:2396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=6928,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7984 /prefetch:1
    3⤵
    PID:2252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=7904,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7364 /prefetch:1
    3⤵
    PID:2060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7544,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7180 /prefetch:1
    3⤵
    PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7356,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7460 /prefetch:8
    3⤵
    PID:3100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=8128,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8172 /prefetch:1
    3⤵
    PID:5140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=5348,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:1
    3⤵
    PID:5596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=6936,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7568 /prefetch:1
    3⤵
    PID:2852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=7872,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:1
    3⤵
    PID:6140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=7488,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=3232 /prefetch:1
    3⤵
    PID:2192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=7708,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7612 /prefetch:1
    3⤵
    PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=7012,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:1
    3⤵
    PID:672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=7900,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=7364,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7656 /prefetch:1
    3⤵
    PID:3532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=7704,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7652 /prefetch:1
    3⤵
    PID:5416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8276,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8
    3⤵
    PID:3632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7724,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
    3⤵
    PID:2992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=7892,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:5992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=8184,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8440 /prefetch:1
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=8564,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8548 /prefetch:1
    3⤵
    PID:968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7032,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8260 /prefetch:8
    3⤵
    PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7584,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7164 /prefetch:8
    3⤵
    PID:876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=7464,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7004 /prefetch:1
    3⤵
    PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=5352,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8208 /prefetch:1
    3⤵
    PID:5564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8604,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:8
    3⤵
    PID:5656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=8840,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8804 /prefetch:1
    3⤵
    PID:1496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=8264,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8896 /prefetch:1
    3⤵
    PID:5268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=8624,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8136 /prefetch:1
    3⤵
    PID:2856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=8552,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8808 /prefetch:1
    3⤵
    PID:6024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --always-read-main-dll --field-trial-handle=8796,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=2576 /prefetch:1
    3⤵
    PID:5588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=8772,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7812 /prefetch:1
    3⤵
    PID:4508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=8208,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8240 /prefetch:1
    3⤵
    PID:3920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=8644,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8756 /prefetch:1
    3⤵
    PID:4800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=5344,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=9024 /prefetch:1
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=8780,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8812 /prefetch:1
    3⤵
    PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=8792,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=7612 /prefetch:1
    3⤵
    PID:1020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=8768,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8568 /prefetch:1
    3⤵
    PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=7832,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8556 /prefetch:1
    3⤵
    PID:1100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --always-read-main-dll --field-trial-handle=8060,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=9212 /prefetch:1
    3⤵
    PID:3080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=8804,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=9052 /prefetch:1
    3⤵
    PID:1292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=7056,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8388 /prefetch:1
    3⤵
    PID:1532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=8940,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:1
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8244,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=2740 /prefetch:8
    3⤵
    PID:916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --always-read-main-dll --field-trial-handle=8656,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:1
    3⤵
    PID:3572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --always-read-main-dll --field-trial-handle=8812,i,5694819290044339778,11462534525217557053,262144 --variations-seed-version --mojo-platform-channel-handle=8764 /prefetch:1
    3⤵
    PID:3752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
    3⤵
    PID:3232
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\archive.7z"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:4284
- - C:\Users\Admin\AppData\Local\Temp\7zOCB0EA22A\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOCB0EA22A\Setup.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    PID:5492
- - C:\Users\Admin\AppData\Local\Temp\7zOCB02331A\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOCB02331A\Setup.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    PID:3348
- C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\Setup.exe
  "C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\fxf.bat
    3⤵
    PID:5796
  - - C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\7za.exe
      7za.exe e bin.zip -pYOUR_PASSWORD -oextracted_26267
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:3288
  - - C:\Windows\system32\timeout.exe
      timeout /t 2
      4⤵
      Delays execution with timeout.exe
      PID:5632
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K "extracted_26267\sss.bat"
      4⤵
      PID:2892
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        
        PID:5528
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:3352
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\extracted_26267\script.ps1"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2416
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Add-MpPreference -ExclusionPath 'C:\'"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5060
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        6⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Downloads MZ/PE file
        Drops file in Drivers directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1200
        
        C:\Users\Admin\AppData\Roaming\0G8NI3UJ.exe
        
        "C:\Users\Admin\AppData\Roaming\0G8NI3UJ.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:5088
        
        C:\Users\Admin\AppData\Roaming\0G8NI3UJ.exe
        
        "C:\Users\Admin\AppData\Roaming\0G8NI3UJ.exe"
        8⤵
        Executes dropped EXE
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        
        PID:3204
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        9⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Roaming\M0DRISPC.exe
        
        "C:\Users\Admin\AppData\Roaming\M0DRISPC.exe"
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5980
  - - C:\Windows\system32\timeout.exe
      timeout /t 2
      4⤵
      Delays execution with timeout.exe
      PID:5008
- C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\Setup.exe
  "C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\fxf.bat
    3⤵
    PID:4308
  - - C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\7za.exe
      7za.exe e bin.zip -pYOUR_PASSWORD -oextracted_27047
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3348
  - - C:\Windows\system32\timeout.exe
      timeout /t 2
      4⤵
      Delays execution with timeout.exe
      PID:5852
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K "extracted_27047\sss.bat"
      4⤵
      PID:5820
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        
        PID:5348
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:5936
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\extracted_27047\script.ps1"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:2352
  - - C:\Windows\system32\timeout.exe
      timeout /t 2
      4⤵
      Delays execution with timeout.exe
      PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2688

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault81ced4d1h67a2h474ch9e74h179e85eb384b
1⤵
PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault81ced4d1h67a2h474ch9e74h179e85eb384b --edge-skip-compat-layer-relaunch
  2⤵
  PID:2536

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1c9d6370h5e4ah4a5ehab26he2fadb560527
1⤵
PID:5616

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:4496

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:2852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x42c 0x484
1⤵
PID:376

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
121KB

MD5
a7ba50e8a23bf4a17f827c69bdb8f6ab

SHA1
17db88d7fa4bdb042897cf1b8a8d6620dc4f3b07

SHA256
94561a6dd2e91b42d566846270b9d8915c30dd9200e7aab3a4e37547c0042491

SHA512
16598f7fe5dbad5abac11bbf84fce5a26dd686c1786ddeea7b86ea239fd1fd06587755eee7d376f4ca01a0c61f8b8babf5928222009160949a332fe5e985964a

Download Submit
C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
88518dec90d627d9d455d8159cf660c5

SHA1
e13c305d35385e5fb7f6d95bb457b944a1d5a2ca

SHA256
f39996ab8eabdffe4f9a22abb1a97665816ec77b64440e0a20a80a41f0810ced

SHA512
7c9d7bd455064d09307d42935c57de687764cf77d3c9ba417c448f4f2c4b87bcd6fea66354dfe80842a2fa3f96c81cc25e8bf77307b4ace1bbe1346cbe68435f

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
c4aabd70dc28c9516809b775a30fdd3f

SHA1
43804fa264bf00ece1ee23468c309bc1be7c66de

SHA256
882063948d675ee41b5ae68db3e84879350ec81cf88d15b9babf2fa08e332863

SHA512
5a88ec6714c4f78b061aed2f2f9c23e7b69596c1185fcb4b21b4c20c84b262667225cc3f380d6e31a47f54a16dc06e4d6ad82cfca7f499450287164c187cec51

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
967KB

MD5
4eaae49d718451ec5442d4c8ef42b88b

SHA1
bbac4f5d69a0a778db567e6978d4dabf2d763167

SHA256
dc4fdcd96efe7b41e123c4cba19059162b08449627d908570b534e7d6ec7bf58

SHA512
41595b67c8506c054c28ce2b5dec9d304651449464c6e1eb092a049d49326594584900cff4e9b8210ca3ad8a23e9c22d8df1ae8af15f44a69f784cc546fcced3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1080808238\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1167407702\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1185207236\manifest.json

Filesize
145B

MD5
207f8230e8e90b79c9a957fcecb35037

SHA1
838fd6a9aa7ac1083a1b0cdaa29ed39e7e593a51

SHA256
fcd7d9808d01ba6f20fef9d34aa6dfaed249bfedf85cf12ce8299d58df3250a1

SHA512
8cf890bcb56d20f45a91b6d46940f7a5cf98307cd80ca05561704a2965f2984634dfd3a07d3aac089cbb2c8fafdf74b8152fc1f6c1404fe338c5eac4efa5f5f2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1203153023\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1203153023\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1203153023\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1203153023\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1643975092\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1643975092\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_1759238395\manifest.json

Filesize
119B

MD5
cb10c4ca2266e0cce5fefdcb2f0c1998

SHA1
8f5528079c05f4173978db7b596cc16f6b7592af

SHA256
82dff3cc4e595de91dc73802ac803c5d5e7ab33024bdc118f00a4431dd529713

SHA512
7c690c8d36227bb27183bacaf80a161b4084e5ad61759b559b19c2cdfb9c0814ad0030d42736285ee8e6132164d69f5becdcf83ac142a42879aa54a60c6d201b

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_212630290\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_245074438\manifest.json

Filesize
118B

MD5
78b473ee6bb38cbb39886624887efe63

SHA1
d40fe3eba931ed08c8a68907ba20773a9987b3ce

SHA256
3a4a45d0995fcb759016fd1d875e1fc913a14236e8f7d3ae31930ee3f0477329

SHA512
92d03db5c60d0a805c896865e245e25ca43675677237e2dc38e82336cd3ac239e0dd878046d5bbfa50ec3206392857ac3305d64da6d1605e22b76a4f3e69ad18

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_469851231\manifest.json

Filesize
122B

MD5
0d77c27baa669b0714c49b73e68447ea

SHA1
65103c9707e083c5503ad9979560ba1bb7634ae4

SHA256
c853d6a286d9d31a382c6d3fb109d5336d275651950f22b8243289eb6125b516

SHA512
1f011c405ec558229a1f5e2923b38b7054144c66d4c69d658c9c2c371f6cc365317485c274cafcab80bcb88f989b0be4c43c763933de3f86362a79ec1e962ff3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_687392617\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_687392617\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_846499599\manifest.json

Filesize
116B

MD5
d20acf8558cf23f01769cf4aa61237e0

SHA1
c4b21384309b0ff177d9cd3aa4198ab327eb2993

SHA256
3493b321a7fc5e183ed6f223ae55ce962541717d0b332d16bdc7cbcadf7e6f78

SHA512
73d082cbd71f6d0f06c7afc1bf63ee41c9a8e501df3e56f21a551b2d369a0afc8306894c8e0a38d0324e2ac403ec506ac1ecd8e9b61a9cb27134a229ccb13725

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_908914590\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4516_97435511\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\v1FieldTypes.json

Filesize
509KB

MD5
c1a0d30e5eebef19db1b7e68fc79d2be

SHA1
de4ccb9e7ea5850363d0e7124c01da766425039c

SHA256
f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

SHA512
f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
7KB

MD5
1ae19d80878f9b84e16370b12b697732

SHA1
0cf841978400cff72ac89a1f399ca46b446dad5d

SHA256
1c128ba858fdaf7bd86f452aa5c14a32822cbb5c5ca55abd4b620b045a9d32e8

SHA512
e25096b3b2db9fbb261a287a33801ca53b3d5aedd708e7d9f4fad88ce43ae8423df7407c5201848a430e16f7c25b3f60f677026c200011420be63fdd2e2a4fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
357B

MD5
3674e792cd91b90a0bb5d5d484e4477d

SHA1
54ac080344e2a2dc532eef19a44fcf2f6573554b

SHA256
3a95b5de28f7c11bae35fecc7c9d41244625c643824ab9b5a091eb0184719af7

SHA512
02f3d63a4183c72a4a007125e2d78aa0e05e8a50e7e24e6713af5d5f9e7759267f01f293289be1647d4178f8195a4d33265a9a3151c10f4938527e748180c1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8765961ba201d312f7aad724bdf16fc8

SHA1
95e0cd57420a6ad51359ef11e5d8f8544dfbe1ca

SHA256
5fc879de4e05a18330104863c97e6531628820b000fc128902296142c3c2aa76

SHA512
6d8ea390058ae1e3b498027b0be1faa618e1fc38130088a70c9ff5e2805d5e8642fa1cc51f23cfc36f4a74cd84d572dde8e2111bde763434ce790afaedf264a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
259979e76a4e6802c67f5ce53d0fc06f

SHA1
e976b92740deac6ec9e9aa2ddc32f5782737ea48

SHA256
48b787d409bcb75a04434c2131916915b2612cf568baa7165c70820ce8b953bd

SHA512
cbb57db4a5b583b6fa5e661984a14d7226ebb83e6c395b215062bff5254123ff8087ab5dd3b9556291c0af3c9c364926f674a2c76617abaf6e3dd28a69c778b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000da

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb

Filesize
123KB

MD5
e8dc20a7f178e2364fc086ac71208463

SHA1
8505e689539ef01980ceda0b357e9178dfa42df4

SHA256
54ae35e6b245301bd6dfa7f16754c75ada6800cac769550478a12be55e1a66f2

SHA512
90a8cd0bdda59c60df3d5db3b0ba0c5f27bc8efb3e918d788e66f62a4e35c6840870b2180843c2ed334c470afcf5b206fe3da8502dbc0b6b768d6777f43f8be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fc

Filesize
94KB

MD5
6a9fa8935cc5eabef59b763e9900a036

SHA1
80d3f147d31f343d2f24fca53ddfa44254d2ca0b

SHA256
ba615ea8af0a6ff985f73461fe5ad90090808cc9d062d57e538c755ddc8e7920

SHA512
9a099748bdb7c8693c2d0b29db5b5c3dd6025cebedd197d685d85436ad25e8b4633f379de95ce1fbf823a054e620e37924d303e02a512585e778d177529fc814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fd

Filesize
52KB

MD5
054d805c4d4f4f6b1f00c2820f71c183

SHA1
5affb65c5e9d6e82b7f9cf31a28bd9bb38130cda

SHA256
1f73aae8c3fc26bc7b5c389ef71466cd9ffbdd5d24f0cc37cd98ef2ffa49aff4

SHA512
d76eab8cea6d4530931bd1d1fddac3193b0c6fc8765ec52174a2a2ad8517a27d6f37a3261f93e0aec644b5724a0b37762e9de515b0aad871005f7785acdaa8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ff

Filesize
35KB

MD5
816b9eb1bf2a36b691ffef2b73d3b25c

SHA1
5902d275020da8840412fa8e02d6fa04fd11000d

SHA256
a5d848a293efaca3443171deb43202a24e88e560011fe865d0ea56276c2a3dac

SHA512
f77d8069a3b4bdb5f6b211344b6ac201bc2d469141ad3aab4e3152a9da5c0f6eab50c0ff4e90fc3400d5960329eb2ef67ab1c3c08f82729e59c59684fe700b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000100

Filesize
31KB

MD5
128815d07ba8b53108591ccc9c6dec97

SHA1
1eebd88680144b00c55ee9e01c6b2db05ab89c81

SHA256
e8f750015c094e9b7c4501952fe1bd7ff335a4ec698ade59a949a366b669702a

SHA512
24d0c02c7a67a8b3ed4c6b99d9adf5988ffe51ab722965cf32033a7a8a5deda7d822141e7449240ac26e0eecf39be3c1e775ac8b24b1bbe8af7d926a14c2ec0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000102

Filesize
120KB

MD5
573a3d8baf33ac92379b830305375d3f

SHA1
a4073609a4f1cc06e5edb8484763c9b6b917d056

SHA256
da5dc4bcd134ccdf99c351a8242f141a3ffc63fea4d27945f2153fa845339285

SHA512
dd614757f093ddbfa4975600551ca22f89752e98882d97f0760cf7f8b071b7b67efb8a5c30897d3c71dbe0448d07749064320296ee4f89ff5d7f483a3de265cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103

Filesize
49KB

MD5
673f567b2674e0b5569dfa7791f17d4f

SHA1
ddd95f4ca76d7aac1f335ab5931b2dc9eba3d27c

SHA256
36979cf04f9399758d53614b13ec5701bd70215b3f22714c62b45e1c2018021a

SHA512
8082dbaf11bb82048d86e6eed1bc87430aefbdbb7904e68eef360a8e943d1b8185d202bc5805000cb5a3d434429358a712e3769c93332af808996eced782c55d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000104

Filesize
82KB

MD5
12954bac59765d44baa6dfdbee11da0b

SHA1
9d451eb46136473f8bfbc18cc43a25c1746deaaf

SHA256
6167a33d6a115ce8e2d015eb767425ee5a80816448dfdc755e4efbce874e7ce0

SHA512
6930848b7f8aa2cd3e15bdb10454f11e510901583566e0ac8ce32a6767cf431e747d1979ff191bac20cc016dd3e2e46ea361cff8b0225895c0b8d2a7a7d3d96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000105

Filesize
131KB

MD5
6494ce07d8d4f1a08cdbfad4c34e2822

SHA1
9700b48eca97b58e0384db9bc0f9b22564c66100

SHA256
05008520b1c6e77496b517ee6aae897a96175308d3789057b8d130a00ed79a89

SHA512
1f66203a44a0410fdc51254f050ee94b648c6fbf5a07076179c3db90c3f063503e57af9761648bb7e629bf9406708eb4df973ba3896586d40bac60bc0837fdae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000106

Filesize
32KB

MD5
170709ce99e0b3a1c1fed9a0b970d94c

SHA1
7feec1778db9b3665f5fb6fbd9fc4b1d89045e6b

SHA256
d470e47d3019db7be938890b83bc75ae40d691a5e1a8488f3f6b46fe4eb13fe4

SHA512
7bd424c44841ca43ae53d144529feb63c0b14c5e61dd4f07d20f401ca26ac5496f7e48595f715f3ec99fac0c9326ce8aeb37c611ed60b69af1d46865e036e1fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000107

Filesize
85KB

MD5
63279936e16bf0e727a8ccc4eaab8007

SHA1
23b4cb51c7af992e4d4a6e462f3a392ca5e6de24

SHA256
fbf20b1453a087a4fb9f91e8e3d867d1f06278864475e3577dfbd8b76bf8b1ca

SHA512
5ae3ad08738be6641f2fb9ea4d5d3e8e34ca114a478801034cf2b7d973303292f95bf0644bca0071fab30c1c7ced0bbfd07d1271e7f4908098eeb3589ee08be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000108

Filesize
22KB

MD5
504340312beb09157c3af11604f7314b

SHA1
e9e000d59746071d1832f259148a61cf1a6cd04d

SHA256
e7bfab28adda207b0bf9eb622f83d19f88ed2af6f7aadb0890f212adeb0fd0c6

SHA512
5aad22488a9412febe16430cc9b1fca89be5bb8259aa73abd5a153bb479fbaf1f76465dee559f3f9d2ec9ddd914f6eeab8702413f45062e56ad73d57250b025e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000109

Filesize
166KB

MD5
d39eaf2e3e89d53d7301a22e7396b834

SHA1
752d7a3503776eafdf0c17fbe4f41ce1b5c7832b

SHA256
95ac7024358ab96813a52c3a129a084b903c79e4465e8fed1142487e4f98cfb6

SHA512
e91d232a7c2ab54f05c2ff9e5274f773f5a71072017ccfb81de468dd18dbec7c459f27600dc81478628cc6a08616c780ecec2fd5ae5b30fa791a1f616d517d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010b

Filesize
26KB

MD5
96ad24d45c376ee375ce686fa6b43e1c

SHA1
acadf9290e17449fc686605e158a07446522153c

SHA256
28bed76f5529f1a64f87381519d5bdf2c3a915819fd85891fe4eb0ba74c4bc03

SHA512
61bf5dc20e987c630fbcad9460500370a8a7e7a413ec3e05bae1507767e5efe91632c111a285365d85f495b8b1307ebc629d3acff9ac4c3e68614b22b184095c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010c

Filesize
30KB

MD5
c17e5eb839b32c2dbe046310ac25c339

SHA1
3f0a6176db9e68786dfe6cca5156b1959839a2eb

SHA256
b68d06c3daf5b5471f220ed0a187e2acad841d51826325429217c59fab901858

SHA512
d8ba5223b3112f8aa1160148718585c0fbf3a27fb2934fea76345c0888503544dd41ee4c6099ca1a67caeaef978a0ff86dee8262bf8aec270a06202c60511541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010d

Filesize
25KB

MD5
a5cfa1f37fd341deec50cda252bbafdd

SHA1
c3fd06a7245d7d3a6d051ad3917bd797b6fbc2e9

SHA256
bc2365c048866fb075769c0a262ac64f6dd7b5d984d3cf5fb054469fb776c7ca

SHA512
0cf23c998f514a4f49b583cb267aeb2052eb3a763f54dd9c07d2fb1c38cf325920784a7bffea4a1c16cd6d6280b0804fab86cc01fb0cc821837a23b57623f49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010e

Filesize
73KB

MD5
5691fc68781199b3b222ae8eb5685978

SHA1
1240be0742b0b3d4b7f8c2e78054078166eb11f9

SHA256
fae9e0033ff4dcf5b18fbcaf94437c667e047a1ab68a0c17d68f3e4e8f658dd8

SHA512
7df8e68c8144f6201c835e11576ce42eef758cc48714cc6ccc5b3be06aaecb2a573010da20dc5863ff20cbfa297bf5c12ec5a16ffc44c9983effaf9e00734c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010f

Filesize
20KB

MD5
e99d037ff278462e18f004f5b74cc1f3

SHA1
ec9fb720dea438e2a8757798ca077daa81790458

SHA256
875f9f747b18c4230bf8bb496d44a49b2c194ae902b795762fe10e450dfe1065

SHA512
b8322d547ae0fefc9351ba78e391cf08f1b0263ae283304713f9ec77567def789b76ff1c39b952f4ded0e24339175ae60205582308a1fa12f042073378cad673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000110

Filesize
62KB

MD5
f9f02c0737a882fc2fd4c61bc199c32f

SHA1
e0c462b665dfc9defe56ff383710ea7b395f2470

SHA256
7f45eee2684ec4df372e914784c00430409c9206372a9d4f12a076d42dd975ab

SHA512
2e73daa8c71dd8a30507deb1e61e6974e49b4b83e71910e301470db6c809b22a6b5c6fa73fa65a6060b60da5d0e72c0d4b7697446172735b787eaa6695fbe4b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000111

Filesize
31KB

MD5
86bcdfc31410dcdc5dad2866c3b0bd24

SHA1
8862f2f3a32feca5cbb87c9f8a651fd26dc482f9

SHA256
2d6f68fc649f6fea713cb42c87ef1755104c5495fd9c7170fecf412845787b0a

SHA512
ff65cec7b6cce695e459d43d12d3bbe8c2923de2819ac96c62d572ef616168a88471ba519c70c019675f674e911f4cf2da4d518886616b812598b7e9309abb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000112

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000113

Filesize
29KB

MD5
2793b416acec7f1f259805e331b74d11

SHA1
0d4464edf704528122411858d483682f395a2360

SHA256
154e2a4c435c7d0baf6ee6e11c485177d3041c878c6a397ffeb88bc2a040c461

SHA512
8577e3f98bd0b79b9ccc983558611ee90dc147fdd79e432ae8e2878d67c67cabfe361e1176e078e87d541ee3806e78be1e20d88d4e152ac0e2e79b89d94328cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011f

Filesize
115KB

MD5
aa5dcccfda51780661510a3f1bf0c049

SHA1
1b4714b4b78f0c87ab11625e9c837c5f081a4659

SHA256
f16d787ac969d90b63e3b0cffa8679db01863200fc903b13d9f61e837f5785ae

SHA512
682c973563cbbabc9564eceeb249d44e580c6a2553d6d45928d59dd5f55c2b1429572ff4a7540a008a60237b5b413c9693029023185ec77b5e9bca9073a1a8a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000127

Filesize
322KB

MD5
29c2f7dfb4a28a862959d5d80a1c2123

SHA1
84b09157d21fda306bfb5d9ff876c653dedf1078

SHA256
7995a4438cadda3cc5c99e9e2a398cbaa3d2746c9c8938d8ed0cc2cb48e8e879

SHA512
ea970819dccd20f7f4d41e1f43512719a8536988cc0bfd7e274f8344f6c3e9aa0562ba5c89b399974f2e5cad3d141ad39f4c8b1ebf74c661fb84aa887143967b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d19170ee4f7c884_0

Filesize
305B

MD5
fb19fb3a2f26575442995bfea76395c0

SHA1
5c088e8b042d5952ebadf188b22dfcfdd4485a32

SHA256
fb69c0eb52cc90405979b9923f72f237a04be7e1ea0ad2493074b2c52009343f

SHA512
098b9edb59dde7638cd4f7304cf61000b5b62baa5da60d1f4978de7c99a7964087da80054a04acf604eb1a256ea6679a7306f44ce4459901b0a25afa093f3b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9f8f61e556a2e548_0

Filesize
55KB

MD5
6575580717d66f4e238dfb524268b3bc

SHA1
111007024975f2dc92604c0850877a77a5cafab8

SHA256
27db553332163f55db81d7727a723909da1c5657a12a40479e4467150cd8225a

SHA512
ff7c1267a5794ba3db9ad106973fb76187ca6288514ca24eb91863c6eefce0cb65ec7c11df29a69da450b31cd498e583e1584e5cbef841c3f279a10342459f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
12KB

MD5
8bd9f03e9fbe5435e2ef89c0075a09a3

SHA1
c238ab728f818768b5f96b83a4740d50425cc689

SHA256
9339ed57e4d736a970816ecb4fe57b5c2d4b15fa83703846fa5b54bfcd503c7e

SHA512
d8bcae463c3977f871500dfce359565c752556e902cad6ce35e0003ae11e0bd8bfa2a8932256f092cb89553305b8b2104902be8085380e1ba2c5b98cd787e6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
12KB

MD5
b1c8fbc99ea3b4e81ce119b6c7a9b65b

SHA1
8339469500139762e549cfd4035e68213015b9bb

SHA256
50a419e13e6e6c0780217b6dbe809aca7ccae7c7056f9ec6f7953eddcee8c118

SHA512
1c30ea5f97ddc08bc794eac5a3bd934c23a0c5a1941b471b3d7eef2388233fb1990364eddb4762b7f4459dfba2715c0ca5e9a5a78c0e29b54266987530c42174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
088326c35ab7f5adefdddbb0fb315f30

SHA1
a441122750b455d0f4eaae31d9fbf05cd7977030

SHA256
8c88ecb1244246a781ad0a3713e184a22f14d54333237b828eca5a2f646b42b4

SHA512
6c0f174713027e86eb9c8ce589880ba9b2286c24a324ebf19d7309ac4fef686c6f19ac3f9314efb6d118c352ad0ded647b5b84769c6ee43287359e3b3cd75bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c0e99ea510ec44432d3f463cb7d02c73

SHA1
2b000e546e1f6780a94767a3613ab0d5e5a94be5

SHA256
5630f9ffdaa64b0767ab59d6180de5835bd3befee85340f92f40b11fd0997abe

SHA512
24ff99c44aa973ac08475288b60e72618e7144a5689af1cfcc29a075de15b9ca9ac14f3ff31531da10ad999654497209e7f6d9b2bed2b4b8956bd3b4ad1f64a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
13b2a8429e5c3d95defa2a47d99c9808

SHA1
69fb8332064445b8876eb8fc183a397310f90cb5

SHA256
45185b68caa4f78c30670ee04a2a755fea205aa1003d9e59c549d0df5fbbda23

SHA512
66852c5739fdfc1b42ebcd38ac844cc5b4f994c52844bc178be4513003e9a772eafc6d14691cf51f89ade26e8236bd29bfbfdf84ec2d3d87bf4f34c2cd2f5e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a9ec0c22da04a68c3e545843b00e7a81

SHA1
dd5430d9582947872074d9e8930846e00cf8c5ae

SHA256
5385097de7149b171abba8ee41797c35bdb085d683c838cd2fe9c96e227463e2

SHA512
42f4bbac8bd1cef2d6ea8b665f7fd69a9725c55dfea2ee92fd5a6b3c899e719d42fa35116cb68366408fff4b499fd3c731f88cb37a62c8fcc220c7001241a821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
bc39c541dabeab060cd7895150b97789

SHA1
e4b43b9511bf8c03931c0c8b5b3567c8613310d6

SHA256
fd8640390fbbbbfb548086ed0f6098fbd8d5b9bc79105bc8892290ef7ce4ed09

SHA512
c5097d6176de13a57f068e4a41fb8c974d455b13a9024f199d33b07ed18d545f18325ac7b9b2315d397f0af8ec873867483721f9668b24ca4ab68db6f9cfa64b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
683e88cac94c1257ea783d491205c6de

SHA1
bd7db5e4bf6ee51a63150f610597c813956e63f9

SHA256
873ef29ab4e28a3511079915ba3cf551c097cf72550c1b495138a8fc648297d5

SHA512
dcd64b742db0d7b84a21ca87f811c471ceb9491e2651a17385fe45949aa2010c3aab1ee171f01acd00c050620f60562e4e31069ad2dd12ac27245510b867e505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
ae2f07640bdf5062f9ae959679cc0795

SHA1
3b3fcc8bf9d85daf410e3234157fb1265630cbad

SHA256
bca339a7873fa35c4c0063b954e844f81330268ce009f25a5c4e1149ea554d23

SHA512
ba359e910ee25d56018905bf4fcb9b1687ce8339f28586d38ea2538775ba6d7691f4b139b6f298a656fc4065c573a6a8c371159f1881ecfc8bd0628780c3b1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
019d1df4cf3029357a349decfd050496

SHA1
bdf784196a77a2a4e79094076413b552dc4e7b24

SHA256
5332d243fe4ed8f05b29745c8a878d36fa5300d0b8809c5c1705c87a3d580865

SHA512
9dee2b5960b8f03732c8811d25e4cf7267e3909b079163fa8216d842e31d1dca0d3bb77bb3055b379ff039960b6f4e3bbda669077c5c7e262f93931f4e76aba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
8e2b2f28eac94437506dc75071023135

SHA1
2be2473a0a7d260c0a0595516ce17965fd225a8a

SHA256
d73d0d04d4a7e352d43d950ddc691f7c6e7182497381956e4f760dd8e43a1ffd

SHA512
fc8012bb6627504fc868858688e016fc717e1af86d09a8ce361949da8839bca613beb5e065e7af7ab1b31b4c22e47958f9c5715cdd74603cc3860197b2d6e4ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
c7897b252edc640f6c5018486096948a

SHA1
545ad4f96e5085375e30ca88f9d863ee6aabd7a4

SHA256
573a57fcc9c4a34edfa8e204deb5026b510f6e4de0cc4f235690d34818ffe1cc

SHA512
4bfe77775317ef90f412eb0e81e2a14c92b683f796e36fc6765f5241da00a9c271625c9a32c3ba7fb027fb3bc84a275d69e68bf0308073616c001977aeecf5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57a577.TMP

Filesize
3KB

MD5
6ec168d8eec54b445e221e18d8bc6978

SHA1
fe8fb93f407e16f5e3f54b585dcc76745056c32b

SHA256
af6477ab07793f5279efa0f47da26569189ca4309512a85fd0b0a94ea6427fec

SHA512
6208a0895d476bbcde851f5a1c62ddf2dee849f5570665627c9130f06628372124972220b14469e8c84f80efa4814777f6cd2bdb519531b9a085fa4a82fc04fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG

Filesize
341B

MD5
d414b355d74411245912f45275ed490b

SHA1
4768ce81e13ad1fc0362ed9b350f0a5571646426

SHA256
baab1f6eb1086d557bdb8670da051a96e1a906d50e7fab9907922cef8c02e9b5

SHA512
504891b7a2c4ed645abf0a0d3231f6236457967436e1b2eb0de33782d8f9f300e1b3d6c7bbf43040cefe3af6864ef1dc144afc32e74336a6ba085f9eda5bb513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
32KB

MD5
f3a324d77296b7b0c20bb68202b055ee

SHA1
6cfa3eb244bf660309ad640af65b80e74465dba6

SHA256
3aa2188fc0290414b64620850a348f94007ab09ce128d9a47310e0c373e909c1

SHA512
d37cb3ae659802b7941d4c1987824e67dbbc62f56a3942fc033490484c641aab50d6bcfe71d157b2336e1a0a7aabaad65ab8114985e3c8767390a60bb7c0acc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
efc75354bf098ba98416dae81850dc43

SHA1
82f1db0e6b7ea4601db5e770073731bd34e625b3

SHA256
0d79a0b6a37bd441d89ed308f5604647af6f3ab36796ceb833fcc663f701a027

SHA512
c4194b6b3c16cee28c490ca3005fa1bec990f93e60184aa6899772a0eb22322bda7c1136badfa0ca329f0a715de59362f450305920425fb4a6a2e590a2c04c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
cdb0cd2426f0ee12d293104eeb6f4b25

SHA1
1ea20e9fc17e6a562a449ef64ee4cb75f3523424

SHA256
51855f4a8f989f56c29f4963b15f8d12aeeee29bca2648f82fac76bf96d452b5

SHA512
b5aa9aa99744804c426bef3fdcb1d92500a234d45f99c6db3384cdaa6e22fd145434a64310ba69f8b529ba85346c5caa7167c6bf9736e75cfb89bcdfa8d77356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
e965d8e16f5b0ee1df95acd172370217

SHA1
2ca8007ec3f3791b8c7481c5e5a4891cd01f947d

SHA256
b2cdd83ee19ef22f4b63ef91dc73167c934795c3c5019b25510af0d14e306015

SHA512
50509ca09f0d4862c46efb2875b1ec0ef9f012abd3d21fe2c8adff553e4d18519358afed75e278b552a9600c5c9e196c02695b8b9d4028b17aeb85df08838b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
09e288e8940c939641c326a24f1f7e95

SHA1
59cd483d9e9367bf2a34744d6655226c7ce8f94f

SHA256
1050d21c0451bd8e9929e7d764073925051ffb4f3bf5386b2ba81eb6b9a87802

SHA512
f6fb1f3d2de6105a135495e0f8b17f6a411da2ec681ed1823734061291914deb3d4926f4e6661d5352511e87e9dfdb6f664b7cf9af6cdda82210e0d3368d49bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
eddd6145480c83f50b2bd7c3a519f89e

SHA1
34b23382c84899c8d94862338fa3d678f74e1c99

SHA256
6461e836a61f2aeebb66c428eec8bf16334d62813b95578ab9c5615d82275187

SHA512
a4301ccf708a4710cba5c6e18002ec0408a7d4cef4b7b0be6c72eec6766323036b8b32d3b739ce92e2b0494b9706684542c07a09c303024b9f35ed58e197891d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
a2eede4e21837714557db89290249cd6

SHA1
7271f65027b25e2e9da2859ccee04a1dec4e7f1a

SHA256
4ed5b780766e3ef1b072d3977cbea65693f165a8f2b71dab2e5f0206d25d2a59

SHA512
287d4b86bf69f60c82a6e31469410c1c5516c86f4c30c276e6b596c8d73ef462861523c0ae6eda101c093a89d41f9b486798a8d9b5657a4ed1ae10b16bbb1c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
c41d3b3a0eb486bddc4ab9375ba9e1cb

SHA1
e5da57cfb2fdc4b02aad66b057293855528714f5

SHA256
6d51900119527f1ca6927050bf7a2f93c8f32573895f753b6dd8426c2a2e1df2

SHA512
29461d7c6784eb2f7e0fbad209a8b0965bda7f36189b5616b78d8f0845815305940230ffcb9627dd42aa77e3816e38ce2f20ad24b3ff2495037afbc9347d5801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
7b26b638094d92c1ed023ca4fcec5f65

SHA1
aeac5dd8f4fedee9e47dac4d903dc5f531df1065

SHA256
e6a71f9ff9208bdd2584ae86f3f7f9e8a5c7f0a6bcd0c7e8f9849d811bcbeafc

SHA512
1f651a962a99a5b1f5f1ae29e3244ba574b8cc650df21360e901308ec6eb952d41fff14a245030b80ae3baf6c14422fbc3d71f602ed3581b11c4d50941f412de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
82c6fc9884b6178e77ddfc2781673e69

SHA1
60a47ec893cdcd196b2c3cbaadf8a5da610ee8e7

SHA256
bdc4b716298e841b73569b835bbdd96b3bbf17b331ac79179af934b39218f7ea

SHA512
80af7cebd825135d790faeae3d758495bcb8ec5839df7b08407552abe1ca9182a427df06050a5c9cbefafe46ab52762904ceb854743a1a04c0e68f7b39ef9e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
049b9e699fc1002ad3c3cf00a360be72

SHA1
01b0fba2be115f3fe50703fb1b17f31ab6527cd2

SHA256
bb0f107f9e801175171bbda75514d4f12ba72d82a0e08068cebc76eeee2bdf8c

SHA512
bdd99393e375381b98e8ef9eb7f32f967c4ff63cb6dda99a201caf8f6082f79aec2c3b188fd3ce555292946e1fd9492c92697037b7dd5b8e53f4f0a023f848a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
afce62297962fa672e6a4a32f04f53c9

SHA1
054e747ea48f4191557a4ee4c3af22f3db3c4ca3

SHA256
2d4066a8274a52f592ec6af6cf3436bf8c4318be065b90db4d30a6a47fb83dd3

SHA512
b5e8ed6be0df0df4b4b8e0032771d47776c039b38d52b4f5275b3ffc1228a6d3a2d1a8b5f021f782e83c927aedf792829db42842828a0f8a02032713320468f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
61aa5c987585f49675effa8acd5adb4f

SHA1
fe06df15885c961961237564ef3e21fc018a20bd

SHA256
d34c147f53f362a7b91f81ff7b7cfe147385601ef2760d97d07a41abf22f0e5c

SHA512
28bd9d5519e12698fa0266a6eca84180470e1bc474f75acfe1b8de3607c18ccd50be2bb919702bf508073a7c21a2f6b9d18628661c2d30e672fc8a05e125251e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
417KB

MD5
8aa0ca33f75dd02303e12ee28b96ce29

SHA1
d6caf0e890c2a289cfb677db8bc19a33b263ae06

SHA256
4ee9a3fd2918ecdab700fa54da823f23eb104d889420bda78f73466ef57a65c4

SHA512
9a266fa279658bc5975d4e83b011a81d2719b2f026701f8d418a8ec4c128df119e9e60ef93ffff254ba2052a65159afc2c2393d8d1fed6326768f1645cda2ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
417KB

MD5
ea2005d14667784da77b641e8c2148fe

SHA1
26efd287736c5165b613def50cfb6b5e4efd2f27

SHA256
4feed5e0daabd0d3b54998ebf52dd050aea34211f0159be248487be920383799

SHA512
b4e216aa7170cd11bb28a320b29307a5bbdb553474a2de7ec230e50c21a094b44ee69fca514f9c868d36f229a91162a0ca9e3e00191f788f59eae10dca5c3ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
fca84cde27a82cd38fc75e6b1587dfae

SHA1
b4d3660628f2189263afddc05ad74b2fa4da4452

SHA256
67d31e2475edd9a9f8c6972c6567e2dd7870977c789ca0b1cf1d74f07bfd6e86

SHA512
8df07040782dcbd5a8f74ef9fc6f4da54b33ac6dc3df3a598a364c873213d1b3889f2d7b6225f9d235785b4047342bb1d26b224e72ad01703dd7126dbabb8ed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
bf214fc9f6867581e88a950f4c675393

SHA1
132e0b2375d1852a3dfc5c4baf9e7a5c93741dfe

SHA256
7e93af4e36e507268b21dfbb9d27c5142dd0932797275bc314b375de5f5263c3

SHA512
004357b9353184f83be055ca1f14d7b8f6f541b57b71cce970f2b90c17490cafa6569b8541005467ccfb2bf2fa4b4a457ec1c935adc15e7560e89cfbf8e6106c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\094b720a-b27a-4529-99b2-b8efe27740af\index-dir\the-real-index

Filesize
96B

MD5
438373d88d13747444dde6e1826f6cfc

SHA1
93ac40715bb4e7257354a862a2e166d9634f6ce6

SHA256
aa627aad8560133bfb854016ae0df17d9e50097fb12c85a664a40cf8dcbc3bfe

SHA512
ef02f1a74e67a85b685152113fed5daaeb0619bb745d22383144575ded2633503d4a15a7b8df7c7298d967419208e30a9b1e9aef801466481cf6a145c0311454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\094b720a-b27a-4529-99b2-b8efe27740af\index-dir\the-real-index~RFe58f306.TMP

Filesize
48B

MD5
25623e0855c67cafe290892a2ac7e2a9

SHA1
dd2a086d466b052b979f53611b9f3ea1d3f88c08

SHA256
d8673a227df86d4ccd4d85f5c77c754fd2cb0de8727a7f3cb2d64237f4d4595e

SHA512
f7e569706fb3514161cd3f390d231bc52912c3f877092496589358980d34b39193a4cb5f181372393e919439b83bbcf263e640e28bf6dea17c417d655911596d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4ddf9bd8-4fcd-46bc-934c-7de2385b9545\index-dir\the-real-index

Filesize
72B

MD5
8b1c031a883f326f1b091476dc61a9e4

SHA1
193fc803ec3f2fdd6494195a1e079cf0298b7fc0

SHA256
419e3d5c448968d2e462a5f1f9d7281a53e1ee7c785f72543dbe0a21334bac0c

SHA512
7fb907b58ac4afe4251daf86092e562a481824d37d07504c07dae2d1cac7034c9d1152f9d0e11bb49e1c7b31b52f639a84292d9439ebb231e8985d693c7826c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4ddf9bd8-4fcd-46bc-934c-7de2385b9545\index-dir\the-real-index~RFe58f2d7.TMP

Filesize
72B

MD5
49032fb748d281dd19211233f2b0a700

SHA1
78ba87754901b76b6d11d06cf5faa64054cefe67

SHA256
daa0957a138d70971a4f6e8244925759e9eea3541348fb353d2369c6878d5d8d

SHA512
1d5da8ee3ee9eb826424fa76c71818cbf410a2dd69bc7af0e8d103194b1be60cabdbb89a4eb0b6ffdb1a47eb0ec872a930a4be5164f28e41c122771cd0c65830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\temp-index

Filesize
2KB

MD5
6ffc661da1294e84fdc5ac4926dfc776

SHA1
1f25b68ed3f4dbbfaf5dd393b71f0ea86155bab5

SHA256
dc797aca4e382ef2760b98b20d2f566bf1785c74412b984fea7f339b6af496e8

SHA512
15aeafb35af7182335b42bb5ad25334a96959e3227e7b18a04cb59b415e2ea49bb313a1042b6df3fa672cd73fe0f01ae336e9908048bd94f874acda0e1188f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index~RFe590872.TMP

Filesize
2KB

MD5
cf18984cf3cab5e5ba359083c0fb8136

SHA1
f46cf0e23aacd4fb665c93c01348f22b10b89a23

SHA256
28f3081ccfb056a82430434bacfe5ccd185d1d0aae763d9540faeafabd994377

SHA512
9c45d59d6ffa710287d0d796e6ed2236d229f1e26d059c8487047a6ca18c3747be2387a69e138d6890f74e20dafbf2206f71fdc5f828e81380b8f36fb0ed3261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\99d9cfc8-60b3-40f5-86fb-3174ad33a7bc\index-dir\the-real-index

Filesize
72B

MD5
de302b2bc56e8296305147a0e372ca5a

SHA1
f3ed82df608eeb36a01b0106bd1344843247eb2a

SHA256
efa9a5fa95a42021c1562e0c313316dfbdeb24c79704af4a8434d8b738cdc1d6

SHA512
f368218faa542bbda7f2cba34e1ccf7d8b1247534c2affdb64c02602c62d3beb303e89f229d28f9f9ef493e9d2a88a60bb9b696f12b06dec264ecefaec3a23e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
90405177b2c9fa951e7e9973ddf2c777

SHA1
eb42c187c3e3b3345d3c6697e4e90a021658112d

SHA256
d36573b10987e5b24cb859450c033c81c731a5c7f6739225d93ecf83e5ac64f7

SHA512
64d79d558cfcbe903d93eff9e185d3d611f3e1da085b69da229d61b1832b78762d565b80c7895039a2e26dcde5e2133aca34c16efb68617c5ca33f0f173379f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
6ad105440414ba2dbc8b30b9dcc8c5f0

SHA1
61173a978dda3c309a62d48a9190f605acf2f938

SHA256
9e6dc045280f878d69f2e43804e133e1b2e6491b779fce0dbe99c64530c58f1c

SHA512
224f0b7e2fb6cd2e1664c1bda173316b097d3ae1a40a3e1948c5ebdc2915f7aff94465a340bbdd3bc2e64ddaf78dee5c1395db45461e5881b530899724db978b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6b8ec383b581206f5b90629d542e9ab3

SHA1
1daceca214a1f36beae9830398a8183a38e44974

SHA256
56478b9b11d869bfccc02393a825efda61865c502d33e54c94fba013a6e453a8

SHA512
a5d22f6f7fd43d7bc2090e3162d04b45bf616d753d2956afe5f6e9e2fd72417eaf8ef64439a1653de912d6bc504f8b5108da04dd7b546920ae71f7119eb84342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59041d.TMP

Filesize
72B

MD5
0d10b90c186c0ccda0dd358f2e9e2f65

SHA1
22dcbb77b61ef914b269faad4651e59ba8887d4d

SHA256
2a9db9f33346f5416bf8bd87194cb61997d270b0063056f545747bf25b572bc8

SHA512
13b8d427cd3b2571cfaa94c02213099b5832918021252a0b2966b2cd80fe29d2fee67a66faff4a2353a5efa2569c754dc2f848a6ecb9bde1e0a3ed22caca9607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
ca18229aa557980a33f56adc60d96d26

SHA1
af74e1f3604b38c015658a941a861a6fb12bd195

SHA256
4383ea1fb1679b5d2ab381ba22189b72644d48cd4585b3233aad3de43c8946cd

SHA512
e8004b3613b5c955b0a655b38e22e5e7b710d4eb5ddcd6eb899f3ad5b26030f70b6af4940cad178878b58b7418f3b21dad1d166e7519b2361b2636020afef1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
234111f0c490bdef3f9b79539a53a9c5

SHA1
cfd9d17bdfa768ce75a5dc595590091d11d4e754

SHA256
2e4641d26edaf1ab261c236de7e0129da157341f4b168fe5694fd28b141d6fb2

SHA512
53f0f0b2e7716c338f54a005572220846b5fd4f00fb2b5b385772912915ffc96678f027e38c09b17c04eecde829506746334f0fb53915cd4dec59a3bef536b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
74B

MD5
5f932db1c20e969ba0a634be87ee01e1

SHA1
69526c610898af6c5fba1b7773ef484285577b47

SHA256
8d41be113b5f7bb62effb33dfde256eaf48686094e8257b7320a8863d8c2a87c

SHA512
707797aa46915bd3d9330b51d4345928493e1f466e9207729db6ac271ffc33d26eda499a4ba5fe15e7cfa87668cb669f2f9f4932b6cc5b8190d1e6d00b819ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5f0950.TMP

Filesize
138B

MD5
6077709bb93c30011532fc13799bd65f

SHA1
0bddd3fa593084fa44d1a24cd160e990ecbbf40c

SHA256
35b677fbdd0b25cdbfe755b18e33b4a4c34ae806944d3349a319c7430a6a37c7

SHA512
bf33dd3f4ff09cbe52f90d4b6522a9d360f1c870c3f0c61eb15c90ced37e58996a4746f8df1f950f98d0049b68c9b2f43bc16af65b0f178cbfc41078f56529cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
cc1565e9347a2b8389fb14996bca857b

SHA1
e93cea6a6d0cfc9ac6501e0a1ade150f3af3b895

SHA256
a92c9ca281a349fd3691b4eecfcb9568dcc1e0eaf3df7eba007ab811a5c09110

SHA512
3144b4736e321a5899db4c18382b86c6f5899ead427ad65fb4d662097343f1c5165e23d71d8c19b882b3c688bf81de3d05c99041b3aa81266fb370d2b985ae57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
70daa525743e0b76abff30e7dfe22872

SHA1
0f75e89b554295936a5c6b18b027ed6cc77f7929

SHA256
3137bcaa6d2af23ed7ddd1901169219cbcb9018643bfec7befea7038ecf03ea8

SHA512
deb0f6fca306c830450d8e3516bbfc9e9311fa3729f8d34404efff735f3721113707b1ae0c4883fb14ebef6264bca35340a9d3ee14ee4df0509676c8de74d362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
7f9b86b6062b8f2ccbd6f3211f945e50

SHA1
3aa78dab79384164ef7928c8d5b1ab92a2fbbd7d

SHA256
ff4ae26c6ca436c4e3b711870850198744bdde4f04ebe470b311be540f295ef0

SHA512
322011c510d59f3df66327c094586d64dce12412e80b6f8de23105518c2de2947b01e3f31f96bd0fc19e8b48cbd71420567f866421afcb088d9870a6a243671c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.39.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
1db0c159a8afc8073ed9f0a83f782ae8

SHA1
0874d03928cc347db7f5c7720fa6c23321671fb7

SHA256
f7ee28dee8d78ac7456a683cbc673e8b3b57bc9a1ba37c0d6d5d4332a7534d93

SHA512
4fda31e15918efa31ebbd69965e3fa1702daf6b1995af2c010a63e55030ee2f3affb4c45ea6275b7d4c35c0e61bdfbd3051872f392725394489b4c43e8cb3bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-stable.json

Filesize
81KB

MD5
05f65948a88bd669597fc3b4e225ecae

SHA1
5397b14065e49ff908c66c51fc09f53fff7caed7

SHA256
0e329e63d8457bef61d0986a521f81d747a09dadf3b1136f2011942ba14d9fc0

SHA512
ed7b767a741d18c0dd35e0311db752120e0f090d39ef976d541cbc5ae78fa32655cb3f9c27cddef6ca8091ca8bf31513254a748bc8b95353897f6198a667cf58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
60361de9173efcb4cad178c5d167fe1b

SHA1
00742f62df1c6df9d19a6686b688bf8f66f1f42c

SHA256
7af36df2454f59e9ba82f9b2ece17e02462d3d28d443990abe6f013e7124cd83

SHA512
1b99ee2364f09210c449adee4e6e6b4f9db0ae21fa532cbf824a74b6762d74442b605e1acb63d08d02d9fba0e0019c9ecbfd830476ca157eee506368fd34d29c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
11af40aa137ae9ab08902f3b5ba47f61

SHA1
026d54096a091bb35469af4456fcd90b571e8214

SHA256
a974518904a99ed7c85b24d40ebc23c0452b7f058b1a85a677980ba735a96433

SHA512
50b10b1e2a9f68d738b523f601f4ade0e7d446b5feb2c384a0ab856eb0d4e1c4ab95aa92b409b42ec00c5743ce449e5125b2d16368798e9b200f2f368e042470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
8db49e776b88bfb1a786ba60cf7ad6cf

SHA1
def7ebf80508424ff74f453115ec37baa52dbc82

SHA256
d2653d8d0b28f4fdb76c8e9c93015fd4941534854cc677407e33f87ea00559e3

SHA512
1fd52b5ae1ce1044644e765ef1618f5637549e3c1373aad212a3969a74c71a94712faabcfae577ddda7c1047834787d2068706b4fd9d11f26c03189a9f0c9e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
09afb3670e838ba021eb5a6167143c0b

SHA1
4f0f53832c8f984a87afdfddb765eec233d7e897

SHA256
17762354b02fe7a5ad973c8fe74e3ad86ea417b9b3adac0abebd673ff9730f1c

SHA512
26268b1fcf5ccc084b6bb41727641eef53cc6cd9b9768a34d215e8e03c2977fce116058d894c45408b7a60d7158ed545a7724d9cf78a20a973a20ae85a0fb8ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
3cc681cf725cd1e21c86e9c2ba024fbb

SHA1
ff4138a52f62441b94d8dcbdbad79c9d1227be53

SHA256
fe2df8fc16eb82f8369617bc8814c4d4362635766fe7249a910ccbd8e6323276

SHA512
64a4cbc227d902a0e1dfac88cfc17812d0cfc799fb2edf5ea589ee0d867b0f21c68321ab0d6f0016e25dbfa44a7165983f46b04885dc30a646c90a633805c76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
9c2e9d67e0cc7944a3cb5c5725fca1f3

SHA1
3a1e2bd1b59a2f5b266d8accf2a71ae528abacd1

SHA256
7cd6ea315492d6479519e0c9bd1b3426c3c76060d0f91ab4a5eddb7e1b75fab9

SHA512
5133acb603d5161b918f6d65b57f13662433c77a0298141127de582bf8ef6aa213a3419ed6737fe37b0448e745338899cdac0913d9ce21683663d07e6514acfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
fc8315b2151301347c1526566f3f3d2d

SHA1
a54df3e5ea1ade2699ac14d343473c7cbe6d92ec

SHA256
3c89885a4d85cbfaf78be1c8ba2e4fdf06955151941cfd24237b9d2bc3f50a58

SHA512
47df4f968fb21c739da0dfc93366a00744a1b86088705af787140fdb59989947a9afcf8c35d1afd16ec8472bd72a36fbe74453ecc1038879313a1b228facbe88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
410c9ec1cdab5cecafa384d8e2042eb4

SHA1
138cabc40354cf636b16480819cf119436f49df7

SHA256
9b64f183e0966773912f96835e5cd55e742811b21129ec7034b4e1123bc64380

SHA512
94e7712ca12ef798f93aba23eed010115b1cbb9fbe6be369fe3c10b26b50c16f4a9eabfb21fa836a03d697f04933fea71909b8804e9018a7fa1257dddacb2e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
5c2ac556a0e86e2cf864b522ca6c5e3e

SHA1
5bd3b85d5a93c2464ea5a539f924fd97b7df26b1

SHA256
41487aba5e1d8a57fdfba96626fa6edf89e46a9f86798b419758041658613282

SHA512
a0e98027ba5a78630a31a629c82e8d9dafe2826cff4ea6023e73975002c3c3eeef8e52593d1fa38d190e03a5ad2eeabb77ead0441de11ef9dc117d5fa547a667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
6aad01406dd7a7380663278fcd692d72

SHA1
f11aaa2889bf2a9dcf57fc46ca9301d3783d0303

SHA256
fc653b1e8cbd1c4295d75df7e5ec618593425bdf6e3d565d689826b86065fa5f

SHA512
d9defc36a6dc74558263534d2f275721eb93fb8bdc45b555ad80eadb1418f9e73a3c9e794ec9eae747021ce888d02a41338226a16b08a687a670bf770074e830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
68adda558298416f050e6a0d64c1eded

SHA1
3a62a9f5c4ed124394b833b128d10e5e4984f108

SHA256
598cbc8b703d8b9f00d6aae8203f7652a4dc6ed81f13e62b6ab13f91358c9d45

SHA512
fd25bfb82f89f130fae381dee29f62676952329f33e6cdc4fb6d8cf5fab83fc1667c30ebeaaa6616ca4552294c85d23a2e3397ea5f4a92e72d0bbae08f00ab15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
ce1580c75bdbfe697beaa80abb3aa865

SHA1
a0f3d1ad6a2742325457530c36ab5d0c05dcfe24

SHA256
1d3b44cd89207f4d943fc5e5fb732bd99d021c73eeff8eb1c6beeac0ade604e5

SHA512
5aed6549e5288110d7a3e9c682638f6bcdf214347de83f4fe7bbe204492aa7badcf1d1b06738e2063be46d4db888e4c68fb5cf0692fe1ab6d610aa3979b239ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
51b1d13f3c669c667a574b3f92899292

SHA1
64d6e06a1da84b98f7028f9ccce18e70384b8e20

SHA256
f1feef67f37fabff2bde50f80346ac1a7cee9e5c77dbe9201ffc7e04fe830fd4

SHA512
ee1ca9d065e2198c65c0245328c2807085d5148da8d1a5bf662e379de416dfcd690978a6271c1094b415bfc863f809fb14f2025fd543ac09672a58c60cf4b7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
bc5413c72d5ae187e04029d895b3b826

SHA1
bc06a2fac88fbc8e7c416a7abe04d9f2dbdf76e3

SHA256
b5b6cc797f2aa91bcdba4628b02d8e87b011fac1c245828197f3f2c172a4e3a5

SHA512
729334eaaba834f05c07b10a30ed32d5dfbd44fcfd1f0dfeca2545f7fd38e8884460265403227dde534588e6162f4604b56388902cb0ab72598302459bd2899d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
efd4c29c3bd57a52b3eee078063b5b8b

SHA1
a80326fedf9a4003fb818c370dc9c3a03e2f1e40

SHA256
9f3630a4ebb8428517f954ffd963417c3b512aad30ce821964ff7406edb0ca53

SHA512
c469163a17cd36b8f0b980172d6aa3041063edf13195768fafa6eb5b109a6a0384df72af690afc974c67f02f38bc99f3e366ec64b38a642c3c51cac09c38c388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
129b3255dc9878aeb26f04313d9f9ab9

SHA1
8b47f29bbda964bc3d50a5ec285b9fc3d6319f23

SHA256
70e2b0f83f7cec9cdd3355c3b61f3b6c7a7b25ba1d1ce7b93477b1fc3a85a4f4

SHA512
4928b5919abe79b6a56ebfd14750385fe53fd34ab737c76591fa55f9584b62102cdeacee76e3931df36ff9c94c0d277c2edf1273a6d3cc71353e6eb287ea5d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
db049247830f0235895a2fed12566e2e

SHA1
545e9a2eaa48a934b1ca7503e119801c4d84bcc3

SHA256
d46a5d311dae668ca4c6b9972c2f63f71f006a797d71d601236bf3bf398e423a

SHA512
d7ad2f41647f64dc187d1d4f0df0727c72da706b3baf2d67abf1eb302658d3ba97518c62fedfadd06a2dc685874552e697889d46d53ef158d95d187c722095c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
647ec629b59a9803e50afc69fbfbef61

SHA1
b5ecf0b7a167fecd687d6c89a028220bfdbd9b72

SHA256
a6f93b4115f6050cc563ff7f7b8243cb39b5c0dc42a72829e67e57838624262a

SHA512
ea76ab9d51c0a5c7c11058320dc79926ed028901d7f19d812a92fe5e5f177b4a17e5fd5f18b1b2ed73a31af5e244e61539705700c94ba8f4ac447c5e71c453ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
37f2ec63bcda5ff54f67ff5aeef94a2e

SHA1
13979407b2070547f939374d7b51f78a09bab015

SHA256
d68290a6ec0e13811b2ced066e60625ec6a5ec0b3f76746be0fae172aaba04dd

SHA512
4a8c939bfcdb1ea88fccff057f627b8e8bc504930e95211ee17ecbf2a402f3c29e3d2f7cee5ba6aa77cc83bfe9ca84bbd9160542f6f19876977d3ae67f365874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
3d654261dee49eeaa45999c2eacf6d04

SHA1
d1e8ba07a62e0093dbfe089b9ba3a96d865c4485

SHA256
696a0d44e9645e498679e485b6254c9aa3183396b893113e6aae33e885168fa1

SHA512
d5837b61453e8df9d4d985c1ccb3719416efded37ac88d56c60bd8d7f39ea3f11267698802c9ff908c6c6502c0a878f21b301d6402f06c4c8d759df426a298ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
1ecc2fa3def446f57ab48b7b3399d595

SHA1
ba6a1414227a2c230e5eeb095d0745bdf56b83ab

SHA256
9d0df3b4a5b5c5b7447fc5ca77c5e672dc6b69971eea19e5e6a417ca8657034c

SHA512
0ec64e1dcc2dc1a394cc76333cb835ae5adff26e35230b9d8a6152b49d5db1ca8bc2a2b40ba0d837a32a1d2c1df69ddb40577bf7652784377de34b28c986b16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
17341f9131d783d4c9f8f03d3e1a4ae8

SHA1
45715222f41f0e29adc5432a2a68e01655ad330d

SHA256
5cbaef1fec208a8e1a8125b974c3942de9ae745b985274b30b561e734519c23a

SHA512
1c8d1e3bc436e5db52782c09a28fcb050b66055d91d05b4b34a28b2cca8b7955b2c373fe71dbf4af28bae6ec67d18d42476df350fe6667c21fa4177f7cedd992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58ef7c.TMP

Filesize
392B

MD5
216c0978ed5f595808bb6d3ea4fef217

SHA1
7e1ff1e044f27d3a4cd8b858e7540239e767ab94

SHA256
c3d91d98d7bff1bc3fa40ddceb4eb4e96a6104f11a11156ce485a0584f228e29

SHA512
462940057ab0915d9ceea91e27d6113ad0f9e8bbbeab0b11e1ada5d1ea979657df12644d7a738fb66707839af1299fa7f359de7aadbd59d7f664129b651c63ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.76\Ruleset Data

Filesize
2.8MB

MD5
6a62b26b738ffda1414b1e45b3b97c12

SHA1
ff44417a79841f948bdbeec9049f9fb59d16dc9f

SHA256
da3927c997d3bb2326e97a8dd7835c28f50ad8c4a9dd407669f20730c0159207

SHA512
820caca570523600a057dbedd38b7e3b375d6427d716cb74d0aee0825e621268a9f418f135443e5bc6bd7b9a1fbb8eb6676324d46f9111e56404b8953f23de53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.20.1\typosquatting_list.pb

Filesize
623KB

MD5
488a70b7d4621e059e32d395221223aa

SHA1
774b5a2124f5c3d8d210020dc53e5033b04a5f76

SHA256
8c87afec8dba2f1a072c3fbecc7fa8fb81e93a64639bf9c00e24b4bb712b57a6

SHA512
bab1b4716e5faf0054cc93a969d1a79e6ee9d11d054d102afa0ba564142f444cbe9508aa013f118b701e4ca5283b0ef5a3a4859a67709a441bcbb8b25e78ca09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
e18636d19d29bf869ba56d266700ad5c

SHA1
2140f62e2b7b947122f917f245dccd0a7ac6b4e2

SHA256
77748f3c4909452eed1cacf3efa3fe5ead0bcab7658f44200f75ec1a392a5106

SHA512
f04ad6084e546b58a61b7bef0c124d5f3ab927f3cb37826c6db0872bdbab4cd2544127aa5f63aa73cbde50b06f186c94f57db7f0f538d08eeac59b4fcff17990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0bb27a2bcfa03658a46a2234c3740f12

SHA1
27b6dcebd6cc5061377861bae8e31b6c07cb3005

SHA256
da516a025f984c1b13ca140691654d346b156cfd42f9ff21c50e862f8bca300f

SHA512
637cc83c6b7de409abcdb5f5c5a673214f472cc5985dc835f95201e606b57bad15e0d4f3067be58cde3b100ef6286a25f712f628f10c8478cd1fce0e59c61508

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOCB0EA22A\Setup.exe

Filesize
44KB

MD5
f86507ff0856923a8686d869bbd0aa55

SHA1
d561b9cdbba69fdafb08af428033c4aa506802f8

SHA256
94f4fd6f2cb781ae7839ad2ee0322df732c8c7297e62834457662f8cde29dcbb

SHA512
6c1c073fc09498407b2c6b46d7a7e04c2db3c6f8d68c0dc0775211864c4508c48c2bd92e3849dc3805caacc856f9e31e1eea118661a55f526bfa61638f88c3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kj3lh2kn.o21.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\0G8NI3UJ.exe

Filesize
1.7MB

MD5
4843ac2d3c0e53f8f361db55c75c3ccd

SHA1
956b27ce3b86107156fe6999357a8cd390270959

SHA256
332ca78e0423c59a8c45cea8f7ea80392ff1d5a4fbe0d3107096a3d05fba1940

SHA512
0768786cde00b97ddb161c1b7f4cedc45f61aa9c13fe7556be939f8efe857eb38a2de689db569582dec83223ea6d43c3415c78145a3d78815dd62ab828379e47

Download Submit
C:\Users\Admin\AppData\Roaming\M0DRISPC.exe

Filesize
11.8MB

MD5
eca54760f1e96a78e3f6bc537debc6bc

SHA1
82ef61482d781849a80f9f9cff67e2f76ffb7035

SHA256
b9b69e4088f61ce32506078d301f9cfc7db064945d6e608724e213aab5852db5

SHA512
f70749a89d7d66c2089981fc161db8c88cdf4a3ff6ae6df18b2c6f30b351ad9dd33e527ebea0052db2b60896f7caa44ca2edafa9381db689867d2f9806e36944

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
b98df45f2574df4ae270e321f7db98e5

SHA1
45b4cce988958a1a1b3efab0d4a55bb6c3b5f31f

SHA256
74a98db9a54b582cc987aa458977f1fe370b2d5ae5d5f4ba48b3d8ace552c72c

SHA512
e97321105c79122fee5ec976ef3df2c731bb9265afbf875d1ac9bb30f2f2f93a6289a036c61379eb0bce881bb3b630f726e8d14bc23ded2ee8d8ae1f49b7f679

Download Submit
C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\7za.exe

Filesize
828KB

MD5
426ccb645e50a3143811cfa0e42e2ba6

SHA1
3c17e212a5fdf25847bc895460f55819bf48b11d

SHA256
cf878bfbd9ed93dc551ac038aff8a8bba4c935ddf8d48e62122bddfdb3e08567

SHA512
1ab13e8e6e0ca4ca2039f104d53a5286c4196e930319c4fe374fa3bf415214bb7c7d2a9d8ca677a29c911a356cca19a1cecae16dd4bf840bce725f20de4c8ff2

Download Submit
C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\bin

Filesize
2KB

MD5
8ad841759040b754b431c1f6463c66a6

SHA1
4b2daba898fe62d4bf51e2e050212aa9ce887931

SHA256
0ff6a35ea5f1b4af411eb08a7b2a5343954183b4e5e9429d9d87e3726234bb22

SHA512
4ac6c4cf9b3431b9821bde257691e051cbff6a3829b046dddce944146aa9bff474c5dea297fbb9e602804e8e2078a6982740d5885dc77d2affa2c6f79d9c45af

Download Submit
C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\extracted_26267\script.ps1

Filesize
3KB

MD5
0f5965b0cc2105d45772a98dcabbd57a

SHA1
e0c949e0169a980ad7ee420f1e4bebaa1c0b7d62

SHA256
ef97a67ffa78619ee90dce12142ab7a15a78842b84c8f72c19ad102e251e500a

SHA512
9abc32597fec8de69d387144ba6dc74b3a7424643d70f7f93a67e1ea10a52afc1f74d61d2154daee022199fc15e40162954b0dce30607a0bd3824d6df4c93d88

Download Submit
C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\extracted_26267\sss.bat

Filesize
405B

MD5
9ca3883fd45a5a455e64704ac6151ac9

SHA1
e7f89032ce544253a51020d7e894f6919fc35839

SHA256
c981688479756c987d6207e5804ed2b97fb50dfc80469309646c3f79d5ed05b4

SHA512
e5746faaae0680f68295db94f3865a7ec56663553d7401f996cce18bdc67ade23aef10c81018da28992e82a8178dc8a567b5b355479c7ceedfb87e46be9efa5a

Download Submit
C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\data\openssl\fs\dgs\fxf\fxf.bat

Filesize
834B

MD5
a151668149df9dd4cb956a63f435076c

SHA1
7b14f4d96e027d04543679c7eb8d18a0b66c3760

SHA256
ee5a2a171524e81b2db5329dc474ffcc450da0a5f19150a71ecc22bdfafa6841

SHA512
27cc605cbc7d1a9db41d8398a025de5bdb72954c2d9bae978a9c0ec8895625847effbb0cdd6e83a74077e120f144bf5ada8b39b0f8a10b2282ebeed9c6e84c8a

Download Submit
C:\Users\Admin\Downloads\Redmatch2__Application_6804eed23d2a0\mapistub.dll

Filesize
250KB

MD5
3dcd9472c9690fb3f1eed650a21f3463

SHA1
717fa6769031bc545d81ca3bd78c59050dfa6ade

SHA256
73bf2b1e229b211ae202a249faf5b47456fb52c0794c849858d5f62c01f70068

SHA512
bf5b66adbfda161c8e854c9d192cb07e91d04ea7f607fc9c2bd05b09f504330ad071f60d7da873d7c0f16661f80f0d5c7261d02db591b02eaabe061aec484e3d

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
1KB

MD5
7ea7df4c6b4ee4aac7ec400ae4893b47

SHA1
1915658078059591a093009af068eac799423214

SHA256
3466d78ae77a8be00868756d357128752c6c2559ad5de1cfc1c39778156df3db

SHA512
aaaf8056ea9144021db2416817e46220dab35bc844c6c8a269518db8697624e38212310596526c260a2066e3f2e26fbc0294e49919ce0cfad2ce18941fdbce69

Download Submit
memory/2416-2145-0x000001F0A3410000-0x000001F0A361A000-memory.dmp

Filesize
2.0MB

Download
memory/2416-2144-0x000001F0A3080000-0x000001F0A31F6000-memory.dmp

Filesize
1.5MB

Download
memory/2416-2095-0x000001F0A2B60000-0x000001F0A2B82000-memory.dmp

Filesize
136KB

Download
memory/3204-2178-0x0000000140000000-0x00000001400CB000-memory.dmp

Filesize
812KB

Download
memory/3204-2180-0x0000000140000000-0x00000001400CB000-memory.dmp

Filesize
812KB

Download
memory/3524-2207-0x00007FF774210000-0x00007FF7754EE000-memory.dmp

Filesize
18.9MB

Download
memory/5980-2200-0x00007FF9F4D50000-0x00007FF9F4D52000-memory.dmp

Filesize
8KB

Download
memory/5980-2201-0x00007FF774210000-0x00007FF7754ED000-memory.dmp

Filesize
18.9MB

Download