Analysis

  • max time kernel
    180s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-11-2023 05:02

General

  • Target

    5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2.exe

  • Size

    917KB

  • MD5

    f8410051288cc1621e5fb8c3bea36044

  • SHA1

    ffe90e4061ffdd33f29250c93446c1d546bc26a6

  • SHA256

    5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2

  • SHA512

    0324f7d5ccb22f0da7bc14d21d7bf12a30a5af6e5d96b01dd15350091eabebe50f0fe756c7483a8dd1157e94e7af0f3379f46962c36838f77751aa082cac70be

  • SSDEEP

    24576:jyHZE5caeuIsKC/GnLYD4FxBrGWMOayra:2HcletLEGscTBrSO

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Signatures

  • Detect Mystic stealer payload 4 IoCs
  • Mystic

    Mystic is an infostealer written in C++.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Detected potential entity reuse from brand paypal.
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of FindShellTrayWindow 31 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2.exe
    "C:\Users\Admin\AppData\Local\Temp\5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3272
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1620
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:112
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3476
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718
            5⤵
              PID:3824
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7124504774288245117,10865718037985805770,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
              5⤵
                PID:6684
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7124504774288245117,10865718037985805770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
                5⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:6700
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:4336
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718
                5⤵
                  PID:4528
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4443219288201956545,17370441448887692575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
                  5⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:6716
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4443219288201956545,17370441448887692575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
                  5⤵
                    PID:6708
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                  4⤵
                  • Suspicious use of WriteProcessMemory
                  PID:2996
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718
                    5⤵
                      PID:1220
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8820224234328036208,11168590051437523696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
                      5⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:6288
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8820224234328036208,11168590051437523696,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
                      5⤵
                        PID:6280
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
                      4⤵
                      • Enumerates system info in registry
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      • Suspicious use of WriteProcessMemory
                      PID:940
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718
                        5⤵
                          PID:1528
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
                          5⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1316
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
                          5⤵
                            PID:944
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
                            5⤵
                              PID:6272
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                              5⤵
                                PID:6252
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                                5⤵
                                  PID:3620
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
                                  5⤵
                                    PID:7712
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
                                    5⤵
                                      PID:8104
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
                                      5⤵
                                        PID:4100
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
                                        5⤵
                                          PID:7440
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
                                          5⤵
                                            PID:7808
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                                            5⤵
                                              PID:8112
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
                                              5⤵
                                                PID:7208
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                                                5⤵
                                                  PID:3576
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
                                                  5⤵
                                                    PID:7144
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
                                                    5⤵
                                                      PID:6680
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
                                                      5⤵
                                                        PID:7240
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:1
                                                        5⤵
                                                          PID:8068
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1
                                                          5⤵
                                                            PID:3132
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9364 /prefetch:1
                                                            5⤵
                                                              PID:5212
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9796 /prefetch:8
                                                              5⤵
                                                                PID:5496
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9796 /prefetch:8
                                                                5⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:6376
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9840 /prefetch:1
                                                                5⤵
                                                                  PID:7004
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1
                                                                  5⤵
                                                                    PID:1520
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:1
                                                                    5⤵
                                                                      PID:7572
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5776 /prefetch:8
                                                                      5⤵
                                                                        PID:5976
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
                                                                        5⤵
                                                                          PID:7340
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6904 /prefetch:2
                                                                          5⤵
                                                                            PID:7516
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
                                                                          4⤵
                                                                          • Suspicious use of WriteProcessMemory
                                                                          PID:1820
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718
                                                                            5⤵
                                                                              PID:220
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,2962349362266794220,2380799901715870200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
                                                                              5⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:6304
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,2962349362266794220,2380799901715870200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
                                                                              5⤵
                                                                                PID:6296
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
                                                                              4⤵
                                                                              • Suspicious use of WriteProcessMemory
                                                                              PID:3276
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x108,0x16c,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718
                                                                                5⤵
                                                                                  PID:624
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11290518139219687435,16389982640173545607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
                                                                                  5⤵
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:5884
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11290518139219687435,16389982640173545607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
                                                                                  5⤵
                                                                                    PID:5860
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
                                                                                  4⤵
                                                                                  • Suspicious use of WriteProcessMemory
                                                                                  PID:2516
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718
                                                                                    5⤵
                                                                                      PID:3432
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,15659324265795181131,10925420250393221121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
                                                                                      5⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:6116
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15659324265795181131,10925420250393221121,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
                                                                                      5⤵
                                                                                        PID:3292
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
                                                                                      4⤵
                                                                                      • Suspicious use of WriteProcessMemory
                                                                                      PID:1480
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718
                                                                                        5⤵
                                                                                          PID:4148
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16059057698454224547,16312646935363437827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
                                                                                          5⤵
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:6112
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16059057698454224547,16312646935363437827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
                                                                                          5⤵
                                                                                            PID:5916
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
                                                                                          4⤵
                                                                                          • Suspicious use of WriteProcessMemory
                                                                                          PID:4252
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718
                                                                                            5⤵
                                                                                              PID:1488
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13543672565165526063,1884608261014124671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                                                                                              5⤵
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:6152
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13543672565165526063,1884608261014124671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
                                                                                              5⤵
                                                                                                PID:1512
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                                              4⤵
                                                                                              • Suspicious use of WriteProcessMemory
                                                                                              PID:1668
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718
                                                                                                5⤵
                                                                                                  PID:4164
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6027766690563213035,15733284951071437856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
                                                                                                  5⤵
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  PID:5864
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6027766690563213035,15733284951071437856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
                                                                                                  5⤵
                                                                                                    PID:5136
                                                                                              • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe
                                                                                                C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                • Suspicious use of SetThreadContext
                                                                                                PID:4620
                                                                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                                                                                                  4⤵
                                                                                                    PID:5264
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 540
                                                                                                      5⤵
                                                                                                      • Program crash
                                                                                                      PID:8140
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 540
                                                                                                      5⤵
                                                                                                      • Program crash
                                                                                                      PID:7264
                                                                                              • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3pj18jX.exe
                                                                                                C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3pj18jX.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Suspicious use of SetThreadContext
                                                                                                PID:1740
                                                                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                                                                                                  3⤵
                                                                                                    PID:5236
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:6024
                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                  1⤵
                                                                                                    PID:7164
                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5264 -ip 5264
                                                                                                    1⤵
                                                                                                      PID:436

                                                                                                    Network

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5bcba4c4-e8bf-4516-ba77-7fed4f42af18.tmp

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      d5ab8fb5e582f59f1add5cd23b210fa1

                                                                                                      SHA1

                                                                                                      feef761e0f6b84bdba28d145ea52bb2fcddb375d

                                                                                                      SHA256

                                                                                                      5e67bc16bab58b3da858e9218c1be243864471eedb1d8bd35e4b0dcf07e9ae9b

                                                                                                      SHA512

                                                                                                      5cc15bf29eaa72f5c478886531fc90f0b25c1dc50bd7901253de0f8b2c2cfd06544dbcea0d898f47608245506b203115d6c29451ce488c1c14df640f1e97c7fe

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9759ccc2-1aab-4b30-b428-0f3529af9c43.tmp

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      e96b8a3a617c7074164a793fb0851092

                                                                                                      SHA1

                                                                                                      de42ea1d39afc4ca91b34a85dc58937eaf5e5f61

                                                                                                      SHA256

                                                                                                      2c114ee661b84bd14953c04363d4efd14a53ad15eec1aa60ea2fe2b572819da5

                                                                                                      SHA512

                                                                                                      8820e3cfb7bd215efa2cb486c0ae3442d1aa5e4cbc7ec80bbed692e1beb0e25fd77fe8a0d0ee80c46929f19cd0a61957015281ee9dd436b4530f339404e4e9ce

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      16e56f576d6ace85337e8c07ec00c0bf

                                                                                                      SHA1

                                                                                                      5c9579bb4975c93a69d1336eed5f05013dc35b9c

                                                                                                      SHA256

                                                                                                      7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

                                                                                                      SHA512

                                                                                                      69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      16e56f576d6ace85337e8c07ec00c0bf

                                                                                                      SHA1

                                                                                                      5c9579bb4975c93a69d1336eed5f05013dc35b9c

                                                                                                      SHA256

                                                                                                      7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

                                                                                                      SHA512

                                                                                                      69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      16e56f576d6ace85337e8c07ec00c0bf

                                                                                                      SHA1

                                                                                                      5c9579bb4975c93a69d1336eed5f05013dc35b9c

                                                                                                      SHA256

                                                                                                      7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

                                                                                                      SHA512

                                                                                                      69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      16e56f576d6ace85337e8c07ec00c0bf

                                                                                                      SHA1

                                                                                                      5c9579bb4975c93a69d1336eed5f05013dc35b9c

                                                                                                      SHA256

                                                                                                      7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

                                                                                                      SHA512

                                                                                                      69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      16e56f576d6ace85337e8c07ec00c0bf

                                                                                                      SHA1

                                                                                                      5c9579bb4975c93a69d1336eed5f05013dc35b9c

                                                                                                      SHA256

                                                                                                      7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

                                                                                                      SHA512

                                                                                                      69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      16e56f576d6ace85337e8c07ec00c0bf

                                                                                                      SHA1

                                                                                                      5c9579bb4975c93a69d1336eed5f05013dc35b9c

                                                                                                      SHA256

                                                                                                      7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

                                                                                                      SHA512

                                                                                                      69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      16e56f576d6ace85337e8c07ec00c0bf

                                                                                                      SHA1

                                                                                                      5c9579bb4975c93a69d1336eed5f05013dc35b9c

                                                                                                      SHA256

                                                                                                      7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

                                                                                                      SHA512

                                                                                                      69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      16e56f576d6ace85337e8c07ec00c0bf

                                                                                                      SHA1

                                                                                                      5c9579bb4975c93a69d1336eed5f05013dc35b9c

                                                                                                      SHA256

                                                                                                      7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

                                                                                                      SHA512

                                                                                                      69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      16e56f576d6ace85337e8c07ec00c0bf

                                                                                                      SHA1

                                                                                                      5c9579bb4975c93a69d1336eed5f05013dc35b9c

                                                                                                      SHA256

                                                                                                      7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

                                                                                                      SHA512

                                                                                                      69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      16e56f576d6ace85337e8c07ec00c0bf

                                                                                                      SHA1

                                                                                                      5c9579bb4975c93a69d1336eed5f05013dc35b9c

                                                                                                      SHA256

                                                                                                      7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

                                                                                                      SHA512

                                                                                                      69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      0629525c94f6548880f5f3a67846755e

                                                                                                      SHA1

                                                                                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                                                                                      SHA256

                                                                                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                                                                                      SHA512

                                                                                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

                                                                                                      Filesize

                                                                                                      186KB

                                                                                                      MD5

                                                                                                      740a924b01c31c08ad37fe04d22af7c5

                                                                                                      SHA1

                                                                                                      34feb0face110afc3a7673e36d27eee2d4edbbff

                                                                                                      SHA256

                                                                                                      f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

                                                                                                      SHA512

                                                                                                      da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

                                                                                                      Filesize

                                                                                                      16B

                                                                                                      MD5

                                                                                                      46295cac801e5d4857d09837238a6394

                                                                                                      SHA1

                                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                      SHA256

                                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                      SHA512

                                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      0340ec87e766eb41ba1a5b9982b736e3

                                                                                                      SHA1

                                                                                                      3b7f236b7523eb5e81f9357dec1c1871ea5b6516

                                                                                                      SHA256

                                                                                                      92494584752353bf273fe750253a35c2e10979c5fdba3dfce5f2a4c87dc214f5

                                                                                                      SHA512

                                                                                                      663edd807bc2b43e586a77f490ee551762858e4ab0ef389eefed4c5f23cf61bc458f4624c19310e28822113dabc44b6e5f889ac700f4673d8966b9fb18ce7dd1

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                      Filesize

                                                                                                      111B

                                                                                                      MD5

                                                                                                      285252a2f6327d41eab203dc2f402c67

                                                                                                      SHA1

                                                                                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                      SHA256

                                                                                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                      SHA512

                                                                                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      664548c184a673c4e0d1adebb6183d1d

                                                                                                      SHA1

                                                                                                      109adcc82ccaa385e9729b08671b72dd74600f5a

                                                                                                      SHA256

                                                                                                      b3d931716f2a811edfb0899a379e42af704c0e73f57a7800ae6377db969a0488

                                                                                                      SHA512

                                                                                                      813637c75fe1726385e665b3036a42903cae985ffaa8b1e890fb48a09eda7df346db9a71e75754d3cf9994a70e3cf07ffd1912f66e21e5c93cfa4417cd694399

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      5KB

                                                                                                      MD5

                                                                                                      88bb7f0400eba5cebec0a7cc44cbdc7a

                                                                                                      SHA1

                                                                                                      9216caa6ed70231d4dfb00674514502a70c103a3

                                                                                                      SHA256

                                                                                                      07a6ba7dd1e394ea111ed769b07dcd000bfe2c18ad95dda5e94ccb5eaa6663e4

                                                                                                      SHA512

                                                                                                      2157121a66c58af0cea1cf59f1991d652d5aa96281174670f5993e7a0605f89001e85e7ac6570b4dc5a07b366c0bef4265f3aa29f2732aae575348e2cbf9d15e

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      b89571a9d2ce93c1cb272474c72ff03c

                                                                                                      SHA1

                                                                                                      74dd5d7b668289ec3ce67194de4cdc8333241d89

                                                                                                      SHA256

                                                                                                      41a8f178b5ab7795f314499b3b145e1e4f11b1f72f66bcefd8f3c6905399ca00

                                                                                                      SHA512

                                                                                                      0686f11437f1a3fb4d76f0c159b187acce8cc2c43243a65666ce709142e053e5badac9c2b158bcb606eb1fbb533dfab64db113f506506ad0690881315ed3affb

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      9033ca590849d33db0b25cbdd60ca76b

                                                                                                      SHA1

                                                                                                      be226c06a45918cb24a5e15aa84e4d3280235c24

                                                                                                      SHA256

                                                                                                      e47e31fef977f35e14d755429dfa442e5e64f265b0b44f3932f548ea009e5f0c

                                                                                                      SHA512

                                                                                                      8f97c2db36ed81b133daf82371911254e635c51570e55fa48c4d896953f7b028c3518f99d7819d8b70867523ddcb91b52871ec34b08558151bae8a01df675ee2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      f329d686d670ac8846e1cfe141d3ceda

                                                                                                      SHA1

                                                                                                      262ddfd6ff284b5832d232df9c32aac052d0ecda

                                                                                                      SHA256

                                                                                                      560983f5155117857276799e09cbe8bfd19c59d9141b264b56b35ab6c4a79958

                                                                                                      SHA512

                                                                                                      2702d49efe9133dd1b855f3d83c39824949e50de6067f890c5cf5506f3a7dd048fb50f9bec13af950911865728b5bd7052d668e88ac9e42f1cc800337e6928cf

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                      Filesize

                                                                                                      24KB

                                                                                                      MD5

                                                                                                      fd20981c7184673929dfcab50885629b

                                                                                                      SHA1

                                                                                                      14c2437aad662b119689008273844bac535f946c

                                                                                                      SHA256

                                                                                                      28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

                                                                                                      SHA512

                                                                                                      b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                      Filesize

                                                                                                      146B

                                                                                                      MD5

                                                                                                      2e731d47975a258d0b4aa2904b419739

                                                                                                      SHA1

                                                                                                      03db3df29ec0d62feb33971b51fe1dd1d14f1ebd

                                                                                                      SHA256

                                                                                                      cddc0020f99aed7bdc567934f9a95e8bd0c6363c8f1c4940e00e00228e23da25

                                                                                                      SHA512

                                                                                                      52f2b0e024c1c12a78e9cb99b6fb0cb14692e360849e37c4328f0faca7cb54b07288dda44673c30037e7f4e7762c14456e0e1cd1299292cb962244990e558649

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                      Filesize

                                                                                                      155B

                                                                                                      MD5

                                                                                                      b2e446ee8df4e29d25e80b5ec242aa14

                                                                                                      SHA1

                                                                                                      064a18563f376ada7a4a3fb101d37878139dfde8

                                                                                                      SHA256

                                                                                                      ac98f4ef01db18572e396982c2252d8fb21fd91cbc419810b4966564dfded8ce

                                                                                                      SHA512

                                                                                                      7b25989b9078fafbe19f824847391594cb88a6d59f03209f1d7615099078c990a898c0d2ee94b7b7882a8fa100f7275ab8268647fb48cc06b86d354460ca93ea

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                      Filesize

                                                                                                      139B

                                                                                                      MD5

                                                                                                      12b682c6ae2d8eb7ba22ced6d596f758

                                                                                                      SHA1

                                                                                                      818ef01c928917635d16732bfee04b882b217a8f

                                                                                                      SHA256

                                                                                                      a85348fa5a311aaf9701b5c98f4b66b6b0c4571be3e3d71c92feb752545db0ef

                                                                                                      SHA512

                                                                                                      a79fdf685108ff46e00d96cc0c4f2a9b8b13ef37d7544329a6724c651fbce8bb6157aee6f6bb45ea338af896905fb20b3925a4f24fbce86d33337c408f163402

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                      Filesize

                                                                                                      82B

                                                                                                      MD5

                                                                                                      094336ab209c5a2f3621983aa3277758

                                                                                                      SHA1

                                                                                                      2c618ae1f032733a9a387f7643fab6be379c307b

                                                                                                      SHA256

                                                                                                      45fb9b5c6cf81e928b1cbe0c88b7bb47887cdb79c80714f41c91d43ff8fe0a69

                                                                                                      SHA512

                                                                                                      d27e414854db8d82fe2785923bcfacc1d2a73f917feadb64f0dcd0cd0a424d2d301ff396cba40a316c4938adb1086c24561dadc419c23c7ec3cb0ae41dbbc9f2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe597d16.TMP

                                                                                                      Filesize

                                                                                                      89B

                                                                                                      MD5

                                                                                                      33b6aecbf075d59ce0f064da8c4ac893

                                                                                                      SHA1

                                                                                                      a77997324971c6392c514ccda5f2a2160b9efbbf

                                                                                                      SHA256

                                                                                                      69ef6d6ad3efc005c8941c42b649d38cea026578164aca60a7f4aadb2c77821b

                                                                                                      SHA512

                                                                                                      7ac57f1604cf7e11bd464533aa1fc12cef39a0b47d1395a2e2c1d3fb3c92044de0060559149140fdbcf16cc187409139bef6128eac1c13b47b0deb816bf28c78

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\77e21e0e-c734-4d4b-8092-2824a2a424cd\index

                                                                                                      Filesize

                                                                                                      24B

                                                                                                      MD5

                                                                                                      54cb446f628b2ea4a5bce5769910512e

                                                                                                      SHA1

                                                                                                      c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                                                                      SHA256

                                                                                                      fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                                                                      SHA512

                                                                                                      8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                                      Filesize

                                                                                                      140B

                                                                                                      MD5

                                                                                                      3524d4a95c857ad0ce4e0c32acfd02cf

                                                                                                      SHA1

                                                                                                      b2e01c6f39e878ead124a4bf82069f5177d81960

                                                                                                      SHA256

                                                                                                      9828f3c3ab72df148ebf86750ca031fe43fc9632f9f89141db4bae32f4e9b5f6

                                                                                                      SHA512

                                                                                                      39efdcf989a6585fd2d0cd8dcdc76a079ec152b759ad58e0b75d02773486e11b83c6b190467fa94fc4ef9880e7415f6969bcc1f4618e5b6a8676a9a4d0e4f0d3

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe598bea.TMP

                                                                                                      Filesize

                                                                                                      83B

                                                                                                      MD5

                                                                                                      c4bd48b8f3f6c4be918c9c1fe17c4e47

                                                                                                      SHA1

                                                                                                      ae2c6f704cada87af0b4d57c910769cb17f44bdb

                                                                                                      SHA256

                                                                                                      4c6043e6f830cc2341f8deb5b4be093d574ba6ae71e40ae465b7fa5038766759

                                                                                                      SHA512

                                                                                                      50317b7e9a24c53d4bdb925a8470c9c7b81aaeb1124936b404634eeed37e105323218d43ffc0ea7dd3a6df37c609cd444fcca1f0e267d2bdb0760724b0eb8797

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      c47eec14bd6d6e28888ecf43d2dd6fe4

                                                                                                      SHA1

                                                                                                      1f67a8753ec0c0de08f228fb429349478d2ab3ff

                                                                                                      SHA256

                                                                                                      cfa6e69eca58383273e46058b35009b2b0be19b918f6753f0c5188d8a41c9c85

                                                                                                      SHA512

                                                                                                      7e1c92682462349acb7f5705392e916620a10ada8af46d368de1d0f97f4447b907640045da49ce3e4dd1ec4802b12c8e81209bf4bae7495bde3b7cf5b0433e1e

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      688f6451f16b57797236ffb956cd13c6

                                                                                                      SHA1

                                                                                                      6c89631a37d5fa4b8d4d1c064b2c51c37fae36a1

                                                                                                      SHA256

                                                                                                      906372be643cd2b332243d97f9436dcb66c1286b12826396df9243fef774bd8d

                                                                                                      SHA512

                                                                                                      03052a9cc2ab519adf3248973fbe5e17fa20d1d02f9f0fcc0e355ad16d3f9dfa7a92ebdc1b52daf6d555dd3e1249fd35b448245edb7fffa35a1453ceb4947adb

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      9005718909bf757a338724b640faaa85

                                                                                                      SHA1

                                                                                                      98819d109d4438070c96dbf1c72648c3632fd804

                                                                                                      SHA256

                                                                                                      aa37ab3cd4b782ec5eef3fe3ab914dfda509e5977c73bdaf761a90b06285188c

                                                                                                      SHA512

                                                                                                      e63da7802bde0768a2cdf4b8871a509dc2e64c94aeac1ac4583b31fb071d35be8c34de07d8c7cf2e0015fbd4e592ebf2c2ee78a53fc7b4d027db2f6b18ed50d0

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      f96839a6844d514d93e1521f5922b772

                                                                                                      SHA1

                                                                                                      a19390b72268a9c7d1328ebc3f8e261795b6bcbb

                                                                                                      SHA256

                                                                                                      a408bed38a3e899e0bfcf8570f0756c5d43c59b5ecf4b23eba68b59e22a6b2cc

                                                                                                      SHA512

                                                                                                      24ea86b68810cb2b06c6dbcf132f59d9009f611d84192e4319f3c318cebd3497bf93d51dc388578a50803f45e14f5b9d43ef2e4176d5d99abef9a85c0007dcca

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597d16.TMP

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      a18386dc38ab48ea772726b505718032

                                                                                                      SHA1

                                                                                                      db3a3239da708ecabd2380fca4164473a1e77b2b

                                                                                                      SHA256

                                                                                                      2e6c9fb56536fb60150bdc5308e009a444d6e42e7478801fc0a4920f081fea84

                                                                                                      SHA512

                                                                                                      1fbc9f69e42391cab8748cf7c52a7a145bcf759ac31b4977032d299c03a195feb9ea1d91dd9cc5b0a680f57ecb61183619181bf2983a073d77df785aeb717924

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                      Filesize

                                                                                                      16B

                                                                                                      MD5

                                                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                                                      SHA1

                                                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                      SHA256

                                                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                      SHA512

                                                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      d5ab8fb5e582f59f1add5cd23b210fa1

                                                                                                      SHA1

                                                                                                      feef761e0f6b84bdba28d145ea52bb2fcddb375d

                                                                                                      SHA256

                                                                                                      5e67bc16bab58b3da858e9218c1be243864471eedb1d8bd35e4b0dcf07e9ae9b

                                                                                                      SHA512

                                                                                                      5cc15bf29eaa72f5c478886531fc90f0b25c1dc50bd7901253de0f8b2c2cfd06544dbcea0d898f47608245506b203115d6c29451ce488c1c14df640f1e97c7fe

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      10c9988e4cb2834f669dfab68ff84842

                                                                                                      SHA1

                                                                                                      b2f9eecc4479c928c871a00964d48a28054c105c

                                                                                                      SHA256

                                                                                                      f90a3d962db8870d210b23d382b4ed01e9a8e7f02d303e5b99e94fb4daab5e0d

                                                                                                      SHA512

                                                                                                      9b773b747e7b29739c526b847039dfe70664259baa1967967d5d1c1cba01062fc66f95edf5356dd4c67a7fecb967484ab5cb13aa2069d3d0a2bbeba44fdd89bb

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      10c9988e4cb2834f669dfab68ff84842

                                                                                                      SHA1

                                                                                                      b2f9eecc4479c928c871a00964d48a28054c105c

                                                                                                      SHA256

                                                                                                      f90a3d962db8870d210b23d382b4ed01e9a8e7f02d303e5b99e94fb4daab5e0d

                                                                                                      SHA512

                                                                                                      9b773b747e7b29739c526b847039dfe70664259baa1967967d5d1c1cba01062fc66f95edf5356dd4c67a7fecb967484ab5cb13aa2069d3d0a2bbeba44fdd89bb

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      54096c3d796db4a22a2ef4c5a8aeef73

                                                                                                      SHA1

                                                                                                      c20082d4de4e8ee96ae58a0d993d0882ccf8ba18

                                                                                                      SHA256

                                                                                                      7e4bb1b78ba433d140b30ff6124df1fec1c3d268e5023257da343fed7f4fee5b

                                                                                                      SHA512

                                                                                                      3b38aa62a222b8e1b95f6e834d0a8c7510fa07ce4d7b656780365b639c3af02219fac0ea5eb443de3c9330a8e59f413225e2ca0866de4271b4de3b6768ea7685

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      54096c3d796db4a22a2ef4c5a8aeef73

                                                                                                      SHA1

                                                                                                      c20082d4de4e8ee96ae58a0d993d0882ccf8ba18

                                                                                                      SHA256

                                                                                                      7e4bb1b78ba433d140b30ff6124df1fec1c3d268e5023257da343fed7f4fee5b

                                                                                                      SHA512

                                                                                                      3b38aa62a222b8e1b95f6e834d0a8c7510fa07ce4d7b656780365b639c3af02219fac0ea5eb443de3c9330a8e59f413225e2ca0866de4271b4de3b6768ea7685

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      3e69500da1c5e74a79974106a57add9b

                                                                                                      SHA1

                                                                                                      cdda14dfbeec1e3467d1bfc2a9969e774dfec5cd

                                                                                                      SHA256

                                                                                                      6158c1f6fae1551c83abf567db9e05c054e22ed33bd64d268fc4abc7ac0f0b8d

                                                                                                      SHA512

                                                                                                      ff868c134764e4070e2ba05f341a33f21df620d5df7d40ec639a58656124302ffe41e0aacca8e7b3429de95a7f81b74815ed3e748af21e51fb5f0049cee4afb3

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      3e69500da1c5e74a79974106a57add9b

                                                                                                      SHA1

                                                                                                      cdda14dfbeec1e3467d1bfc2a9969e774dfec5cd

                                                                                                      SHA256

                                                                                                      6158c1f6fae1551c83abf567db9e05c054e22ed33bd64d268fc4abc7ac0f0b8d

                                                                                                      SHA512

                                                                                                      ff868c134764e4070e2ba05f341a33f21df620d5df7d40ec639a58656124302ffe41e0aacca8e7b3429de95a7f81b74815ed3e748af21e51fb5f0049cee4afb3

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      27be6d1808df422128f21e9bcb026ae2

                                                                                                      SHA1

                                                                                                      d8a42ca9d141e4e8f67fa4ef2cbcd83c8ff37641

                                                                                                      SHA256

                                                                                                      6c8a92555c4e5de9f4a2b29241a6916da3cffdfd2b53d6ed926a658362cca96d

                                                                                                      SHA512

                                                                                                      077e4f63830e8b0960007adcfd3e59e9c521e7230cfa0ba55acacb567d3032860963423061478c76e0b85c42229589164cda0cdddd855e73c3309678fad953c1

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      27be6d1808df422128f21e9bcb026ae2

                                                                                                      SHA1

                                                                                                      d8a42ca9d141e4e8f67fa4ef2cbcd83c8ff37641

                                                                                                      SHA256

                                                                                                      6c8a92555c4e5de9f4a2b29241a6916da3cffdfd2b53d6ed926a658362cca96d

                                                                                                      SHA512

                                                                                                      077e4f63830e8b0960007adcfd3e59e9c521e7230cfa0ba55acacb567d3032860963423061478c76e0b85c42229589164cda0cdddd855e73c3309678fad953c1

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      d8dddf6221c614a332cd3ecee010a9db

                                                                                                      SHA1

                                                                                                      7091c772af7a40be402bafe5fe97070965ce3fd1

                                                                                                      SHA256

                                                                                                      999829e380bf4213f0a344870b73db9e786d29b5354b90807704ca1a286ea188

                                                                                                      SHA512

                                                                                                      294c45b1792a1c3cd8bfa81806272c08f1c3158a1ac6b7cc510052dd25310521200619e77bb8255e17e37d68fba662cd49b7de72bc7b9fe74f8b01ac7202f059

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      d8dddf6221c614a332cd3ecee010a9db

                                                                                                      SHA1

                                                                                                      7091c772af7a40be402bafe5fe97070965ce3fd1

                                                                                                      SHA256

                                                                                                      999829e380bf4213f0a344870b73db9e786d29b5354b90807704ca1a286ea188

                                                                                                      SHA512

                                                                                                      294c45b1792a1c3cd8bfa81806272c08f1c3158a1ac6b7cc510052dd25310521200619e77bb8255e17e37d68fba662cd49b7de72bc7b9fe74f8b01ac7202f059

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      2a6f723307dece95ad20511c28082b8d

                                                                                                      SHA1

                                                                                                      8a49dfe20a490a86786462d4a2abeca3e3f84702

                                                                                                      SHA256

                                                                                                      de338fdaa79eff7127b1a3a8bc90380206a1e806a59b9177a7282ef462de6fe6

                                                                                                      SHA512

                                                                                                      f305a0a1dee0c7f6d6ae876bf1d4e22947ecb0562d2f42db332f70f105ec17ef0e241f4b8c26019998a35bb47cc3c072b400cd1697df19b3df99b9dbe260ba9e

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      527215ca4d11004cd52e0338761b00c1

                                                                                                      SHA1

                                                                                                      9596e8a7f378688d5b5811d5c804f2e1c32072cd

                                                                                                      SHA256

                                                                                                      f30645bac84d447e4f96c062cc2274e2130f8c60253e49d6c2dafecdc48d3951

                                                                                                      SHA512

                                                                                                      c0691ea076dd40ffe2dc073d3576406029529099c8bcfdaed732a12d848767ae6c94d17a91fd5f428f59de5deaeee1db8425a1cee1e1873c3288e32d6265bb8a

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      527215ca4d11004cd52e0338761b00c1

                                                                                                      SHA1

                                                                                                      9596e8a7f378688d5b5811d5c804f2e1c32072cd

                                                                                                      SHA256

                                                                                                      f30645bac84d447e4f96c062cc2274e2130f8c60253e49d6c2dafecdc48d3951

                                                                                                      SHA512

                                                                                                      c0691ea076dd40ffe2dc073d3576406029529099c8bcfdaed732a12d848767ae6c94d17a91fd5f428f59de5deaeee1db8425a1cee1e1873c3288e32d6265bb8a

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      b8e875176c7704083df8357739ae9253

                                                                                                      SHA1

                                                                                                      1b67808b063769d95c0a3ce6d1974ef4ec8d41c5

                                                                                                      SHA256

                                                                                                      10df8554ae973ecc0870a84720d7354b02ca231301ef8fb4a750e8a282c7b00b

                                                                                                      SHA512

                                                                                                      cd4ff9daed8033bcf7705bb20b476d3945d22609048d6a17ce6311bb2747253c582059e913a64e024ccba11d7ed78b3e3bf1236996bfa588fb3980077ccfc6a9

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a037b167-0640-4edc-9bb3-63c4d79142ed.tmp

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      2a6f723307dece95ad20511c28082b8d

                                                                                                      SHA1

                                                                                                      8a49dfe20a490a86786462d4a2abeca3e3f84702

                                                                                                      SHA256

                                                                                                      de338fdaa79eff7127b1a3a8bc90380206a1e806a59b9177a7282ef462de6fe6

                                                                                                      SHA512

                                                                                                      f305a0a1dee0c7f6d6ae876bf1d4e22947ecb0562d2f42db332f70f105ec17ef0e241f4b8c26019998a35bb47cc3c072b400cd1697df19b3df99b9dbe260ba9e

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe

                                                                                                      Filesize

                                                                                                      674KB

                                                                                                      MD5

                                                                                                      041142db93fe3824943a10724020fc68

                                                                                                      SHA1

                                                                                                      fa3961dbdd983d7d20a141dd24d3fe237650af96

                                                                                                      SHA256

                                                                                                      64d7a28852b35d313a7e73cc7c785795ca3e5cb36c2106fb562814c3963d60ca

                                                                                                      SHA512

                                                                                                      75744ba228fcb6fe00ed24e3d1803b6df9c16b65eaafcdfbce3430b2facdddad5f9955653173dcf2025637d18a90101d5ea2393a0217e75d5e45d7a6ab9ccdee

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe

                                                                                                      Filesize

                                                                                                      674KB

                                                                                                      MD5

                                                                                                      041142db93fe3824943a10724020fc68

                                                                                                      SHA1

                                                                                                      fa3961dbdd983d7d20a141dd24d3fe237650af96

                                                                                                      SHA256

                                                                                                      64d7a28852b35d313a7e73cc7c785795ca3e5cb36c2106fb562814c3963d60ca

                                                                                                      SHA512

                                                                                                      75744ba228fcb6fe00ed24e3d1803b6df9c16b65eaafcdfbce3430b2facdddad5f9955653173dcf2025637d18a90101d5ea2393a0217e75d5e45d7a6ab9ccdee

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe

                                                                                                      Filesize

                                                                                                      895KB

                                                                                                      MD5

                                                                                                      a59c1c432e355ef8e546d6eff6561e4a

                                                                                                      SHA1

                                                                                                      f8cfb13348abf3e94927ac82fedf1a83bd9c2b0b

                                                                                                      SHA256

                                                                                                      f543f63443e1860ee8de7f32fb74f7ea10def4b376131237efa85f44f5d9c223

                                                                                                      SHA512

                                                                                                      66a47268f17d4f0a708fb65379567706956a2da54af2617de871a027b9c51c4c1d02853b2537432d3e36c4a1b5b9a375e67cf2a2cd25523b2c53a28f51c052f5

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe

                                                                                                      Filesize

                                                                                                      895KB

                                                                                                      MD5

                                                                                                      a59c1c432e355ef8e546d6eff6561e4a

                                                                                                      SHA1

                                                                                                      f8cfb13348abf3e94927ac82fedf1a83bd9c2b0b

                                                                                                      SHA256

                                                                                                      f543f63443e1860ee8de7f32fb74f7ea10def4b376131237efa85f44f5d9c223

                                                                                                      SHA512

                                                                                                      66a47268f17d4f0a708fb65379567706956a2da54af2617de871a027b9c51c4c1d02853b2537432d3e36c4a1b5b9a375e67cf2a2cd25523b2c53a28f51c052f5

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe

                                                                                                      Filesize

                                                                                                      310KB

                                                                                                      MD5

                                                                                                      3322929a4f9286c5062971cfa79bcd19

                                                                                                      SHA1

                                                                                                      d66b0c21f593119c60e4cd8f9ee1d72c3bc170ae

                                                                                                      SHA256

                                                                                                      72d6b4406c2783fdafaf4fee4f8568ed277219c53742f55264527b9c3adc809e

                                                                                                      SHA512

                                                                                                      cbe33e987f1a51155ff138ef51720df9558743949a6adedbfe81ec49d3c994d509eff6bd18216d9cf13190104d72779c268f5b90532c9d976db9fa3dcf867bb9

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe

                                                                                                      Filesize

                                                                                                      310KB

                                                                                                      MD5

                                                                                                      3322929a4f9286c5062971cfa79bcd19

                                                                                                      SHA1

                                                                                                      d66b0c21f593119c60e4cd8f9ee1d72c3bc170ae

                                                                                                      SHA256

                                                                                                      72d6b4406c2783fdafaf4fee4f8568ed277219c53742f55264527b9c3adc809e

                                                                                                      SHA512

                                                                                                      cbe33e987f1a51155ff138ef51720df9558743949a6adedbfe81ec49d3c994d509eff6bd18216d9cf13190104d72779c268f5b90532c9d976db9fa3dcf867bb9

                                                                                                    • memory/5236-538-0x0000000007BE0000-0x0000000008184000-memory.dmp

                                                                                                      Filesize

                                                                                                      5.6MB

                                                                                                    • memory/5236-573-0x0000000007960000-0x0000000007970000-memory.dmp

                                                                                                      Filesize

                                                                                                      64KB

                                                                                                    • memory/5236-719-0x0000000073AF0000-0x00000000742A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      7.7MB

                                                                                                    • memory/5236-675-0x0000000008190000-0x00000000081DC000-memory.dmp

                                                                                                      Filesize

                                                                                                      304KB

                                                                                                    • memory/5236-669-0x0000000007A40000-0x0000000007A7C000-memory.dmp

                                                                                                      Filesize

                                                                                                      240KB

                                                                                                    • memory/5236-667-0x00000000079E0000-0x00000000079F2000-memory.dmp

                                                                                                      Filesize

                                                                                                      72KB

                                                                                                    • memory/5236-662-0x0000000007AC0000-0x0000000007BCA000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.0MB

                                                                                                    • memory/5236-638-0x00000000087B0000-0x0000000008DC8000-memory.dmp

                                                                                                      Filesize

                                                                                                      6.1MB

                                                                                                    • memory/5236-605-0x00000000078F0000-0x00000000078FA000-memory.dmp

                                                                                                      Filesize

                                                                                                      40KB

                                                                                                    • memory/5236-724-0x0000000007960000-0x0000000007970000-memory.dmp

                                                                                                      Filesize

                                                                                                      64KB

                                                                                                    • memory/5236-543-0x0000000007710000-0x00000000077A2000-memory.dmp

                                                                                                      Filesize

                                                                                                      584KB

                                                                                                    • memory/5236-417-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                                      Filesize

                                                                                                      240KB

                                                                                                    • memory/5236-537-0x0000000073AF0000-0x00000000742A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      7.7MB

                                                                                                    • memory/5264-395-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                      Filesize

                                                                                                      204KB

                                                                                                    • memory/5264-392-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                      Filesize

                                                                                                      204KB

                                                                                                    • memory/5264-397-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                      Filesize

                                                                                                      204KB

                                                                                                    • memory/5264-394-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                      Filesize

                                                                                                      204KB