mystic | 20ec427ba72935b1670d44fa8c7e7730505d950a590b927afe59cb1fe294d4d1

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
12/11/2023, 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe
Size

1.3MB
MD5

0b95dfd58c4db28132451ed369afb485
SHA1

af392d095f93fc50849d3c9f050c9f2c7ed3bcdc
SHA256

1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691
SHA512

064466f1aab68a1fecbe0458a69afe2ec066026309ddc6a2c9556a6aca445173a4a1c1298d6a881fb9778404a42b333e8e7cd9af82c6cd4b3b6489755f6791fe
SSDEEP

24576:ZyTrbxE4t0ae5IsSCCGeXXDpHOpVLjQ63opRWZ2agMGS3Jbx:MfbjteilZGuMrjQ6cR/arb

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/7196-291-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7196-292-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7196-294-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7196-296-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/3468-365-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

Executes dropped EXE 6 IoCs

pid	Process
3536	cd6Hf03.exe
2244	kG6zO14.exe
116	3gu979vu.exe
6624	4iI1Vh7.exe
6928	5ER96UV.exe
5964	6dB898.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	cd6Hf03.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	kG6zO14.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000022e11-19.dat	autoit_exe
behavioral1/files/0x0007000000022e11-20.dat	autoit_exe

Detected potential entity reuse from brand paypal.
phishing paypal

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 6624 set thread context of 7196	6624	4iI1Vh7.exe	158
PID 6928 set thread context of 3468	6928	5ER96UV.exe	168
PID 5964 set thread context of 100	5964	6dB898.exe	174

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7532	7196	WerFault.exe	158

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
5716	msedge.exe
5716	msedge.exe
5464	msedge.exe
5464	msedge.exe
5740	msedge.exe
5740	msedge.exe
5472	msedge.exe
5472	msedge.exe
5872	msedge.exe
5872	msedge.exe
5912	msedge.exe
5912	msedge.exe
4688	msedge.exe
4688	msedge.exe
6876	msedge.exe
6876	msedge.exe
6860	msedge.exe
6860	msedge.exe
8136	identity_helper.exe
8136	identity_helper.exe
100	AppLaunch.exe
100	AppLaunch.exe
5348	msedge.exe
5348	msedge.exe
5348	msedge.exe
5348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
116	3gu979vu.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
116	3gu979vu.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
116	3gu979vu.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 3536	2168	1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe	87
PID 2168 wrote to memory of 3536	2168	1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe	87
PID 2168 wrote to memory of 3536	2168	1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe	87
PID 3536 wrote to memory of 2244	3536	cd6Hf03.exe	88
PID 3536 wrote to memory of 2244	3536	cd6Hf03.exe	88
PID 3536 wrote to memory of 2244	3536	cd6Hf03.exe	88
PID 2244 wrote to memory of 116	2244	kG6zO14.exe	90
PID 2244 wrote to memory of 116	2244	kG6zO14.exe	90
PID 2244 wrote to memory of 116	2244	kG6zO14.exe	90
PID 116 wrote to memory of 424	116	3gu979vu.exe	92
PID 116 wrote to memory of 424	116	3gu979vu.exe	92
PID 116 wrote to memory of 3572	116	3gu979vu.exe	94
PID 116 wrote to memory of 3572	116	3gu979vu.exe	94
PID 116 wrote to memory of 2268	116	3gu979vu.exe	95
PID 116 wrote to memory of 2268	116	3gu979vu.exe	95
PID 2268 wrote to memory of 3308	2268	msedge.exe	100
PID 2268 wrote to memory of 3308	2268	msedge.exe	100
PID 116 wrote to memory of 444	116	3gu979vu.exe	98
PID 116 wrote to memory of 444	116	3gu979vu.exe	98
PID 424 wrote to memory of 4064	424	msedge.exe	96
PID 424 wrote to memory of 4064	424	msedge.exe	96
PID 3572 wrote to memory of 1140	3572	msedge.exe	97
PID 3572 wrote to memory of 1140	3572	msedge.exe	97
PID 444 wrote to memory of 4412	444	msedge.exe	99
PID 444 wrote to memory of 4412	444	msedge.exe	99
PID 116 wrote to memory of 4688	116	3gu979vu.exe	101
PID 116 wrote to memory of 4688	116	3gu979vu.exe	101
PID 116 wrote to memory of 2172	116	3gu979vu.exe	102
PID 116 wrote to memory of 2172	116	3gu979vu.exe	102
PID 2172 wrote to memory of 3816	2172	msedge.exe	103
PID 2172 wrote to memory of 3816	2172	msedge.exe	103
PID 4688 wrote to memory of 2408	4688	msedge.exe	104
PID 4688 wrote to memory of 2408	4688	msedge.exe	104
PID 116 wrote to memory of 3360	116	3gu979vu.exe	105
PID 116 wrote to memory of 3360	116	3gu979vu.exe	105
PID 3360 wrote to memory of 3032	3360	msedge.exe	106
PID 3360 wrote to memory of 3032	3360	msedge.exe	106
PID 116 wrote to memory of 4300	116	3gu979vu.exe	107
PID 116 wrote to memory of 4300	116	3gu979vu.exe	107
PID 4300 wrote to memory of 972	4300	msedge.exe	108
PID 4300 wrote to memory of 972	4300	msedge.exe	108
PID 116 wrote to memory of 956	116	3gu979vu.exe	110
PID 116 wrote to memory of 956	116	3gu979vu.exe	110
PID 956 wrote to memory of 2492	956	msedge.exe	111
PID 956 wrote to memory of 2492	956	msedge.exe	111
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120
PID 4688 wrote to memory of 5424	4688	msedge.exe	120

C:\Users\Admin\AppData\Local\Temp\1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe
"C:\Users\Admin\AppData\Local\Temp\1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:3536
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:424
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7da146f8,0x7fff7da14708,0x7fff7da14718
        6⤵
        
        PID:4064
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14533362606014631913,9499892734260400468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5872
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14533362606014631913,9499892734260400468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        6⤵
        
        PID:5848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3572
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7da146f8,0x7fff7da14708,0x7fff7da14718
        6⤵
        
        PID:1140
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,11957768812507463763,2331254742414753644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5912
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11957768812507463763,2331254742414753644,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        6⤵
        
        PID:5892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2268
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x144,0x170,0x7fff7da146f8,0x7fff7da14708,0x7fff7da14718
        6⤵
        
        PID:3308
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14836438253103741251,17793172734967440749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5472
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14836438253103741251,17793172734967440749,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        6⤵
        
        PID:5456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:444
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7da146f8,0x7fff7da14708,0x7fff7da14718
        6⤵
        
        PID:4412
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,18073860244649060092,17936292707829689688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5740
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18073860244649060092,17936292707829689688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        6⤵
        
        PID:5732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:4688
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x13c,0x7fff7da146f8,0x7fff7da14708,0x7fff7da14718
        6⤵
        
        PID:2408
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
        6⤵
        
        PID:5708
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5464
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
        6⤵
        
        PID:5424
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
        6⤵
        
        PID:4184
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
        6⤵
        
        PID:3164
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
        6⤵
        
        PID:6884
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
        6⤵
        
        PID:4932
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
        6⤵
        
        PID:6996
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
        6⤵
        
        PID:7212
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
        6⤵
        
        PID:7300
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
        6⤵
        
        PID:7412
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
        6⤵
        
        PID:7524
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
        6⤵
        
        PID:7648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
        6⤵
        
        PID:7728
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
        6⤵
        
        PID:7928
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
        6⤵
        
        PID:7948
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
        6⤵
        
        PID:7688
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
        6⤵
        
        PID:7700
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7492 /prefetch:8
        6⤵
        
        PID:7720
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7492 /prefetch:8
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:8136
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
        6⤵
        
        PID:1748
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
        6⤵
        
        PID:2192
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
        6⤵
        
        PID:6052
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
        6⤵
        
        PID:2524
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6944 /prefetch:8
        6⤵
        
        PID:6660
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
        6⤵
        
        PID:1544
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,17541947539031953018,11066945683385688164,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1276 /prefetch:2
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2172
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7da146f8,0x7fff7da14708,0x7fff7da14718
        6⤵
        
        PID:3816
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17687840006137929814,3381942532925434871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5716
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17687840006137929814,3381942532925434871,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        6⤵
        
        PID:5488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3360
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7da146f8,0x7fff7da14708,0x7fff7da14718
        6⤵
        
        PID:3032
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,895812809524410873,17266219801056712817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4300
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7da146f8,0x7fff7da14708,0x7fff7da14718
        6⤵
        
        PID:972
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,14738001682133572873,13984595532878757436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:956
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7da146f8,0x7fff7da14708,0x7fff7da14718
        6⤵
        
        PID:2492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        
        PID:5680
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7da146f8,0x7fff7da14708,0x7fff7da14718
        6⤵
        
        PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      PID:6624
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        
        PID:2852
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        
        PID:656
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        
        PID:7196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 540
        6⤵
        Program crash
        
        PID:7532
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ER96UV.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ER96UV.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:6928
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:3468
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6dB898.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6dB898.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5964
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 7196 -ip 7196
1⤵
PID:5696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7997848b-5a55-418c-bec1-6d5d7cbc0543.tmp

Filesize
2KB

MD5
497ca4b1a64491cf8ee16f7d318e1742

SHA1
e0422ad858b927a1c16322c9ee99ada5cbf0e088

SHA256
d5301772f6d33b086cd6f61fb607b2f8146fac036f0a72429a1938e0384b94c8

SHA512
619b3e2f9999acdc58e90d73f11c369061ea7284af541611e07a4411acc47a2cf0aecb3eff98c62b51dba4e73fab0155903998f6d5d7d3e1dd0298e68aec7591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
73KB

MD5
d439aa40127eb4c49c97bd689cf1d222

SHA1
420b5ea10d3dc13070c9a1022160aaac4f28a352

SHA256
f38b31ffce521cb614481e3bd6ca9b130e862663ac7134ee30dfe121ec2b6091

SHA512
172c61e97d8bf3dd5b8cdb59b102c0e6e660864da859e5db451fa9820b39c4f118ee5f54fb18e60c0022eaf7570522cb18303e2a759e9143af4b14bb50a94958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
33KB

MD5
fdbf5bcfbb02e2894a519454c232d32f

SHA1
5e225710e9560458ac032ab80e24d0f3cb81b87a

SHA256
d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c

SHA512
9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
224KB

MD5
4e08109ee6888eeb2f5d6987513366bc

SHA1
86340f5fa46d1a73db2031d80699937878da635e

SHA256
bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339

SHA512
4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
186KB

MD5
740a924b01c31c08ad37fe04d22af7c5

SHA1
34feb0face110afc3a7673e36d27eee2d4edbbff

SHA256
f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

SHA512
da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
14cfdaa5654b7bcc2ad5518958ee1a50

SHA1
223f41077fa63bbc892975e2f822f71a4a8f509e

SHA256
41c3cf7eca2bdbea67ae098fee3556abcab4e1ab18c65d34b48b7d9bcc3e4286

SHA512
8f6f28998a8eee46bc95dc48db5d480398000778977bad42f64b4f5d648be60952f36f94f2a9ad0ad97815e4f7bc693dbe49a0407c64344a402a269aa1343e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
46d4d3cdfa2b2d8f72044295c2c78af1

SHA1
a33f019c2204a7eea51b4e6698b1188ea39a2228

SHA256
1b543f375fbc8d091d515a995f048fa5bae34a5a4d5dac652e91dfb5aca6f041

SHA512
6e20f45a8455b86f6c7aba9c4f91d8a7bdb50951e2a59624e10d0373f26a63125e5c82405197a998b6f5ae4077f58ee77fc491a2c265590ce203859725d2e1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3b48f2db9ca38c76e11697ed7b17a265

SHA1
66259ae0939fe4661113b646877798892cdc3243

SHA256
fc285d62851f151a032cdd3c9fb77bbf1013c3940d2d828e8c6a458c10a7bfcb

SHA512
99650ca4b407e63f951186ff898bb1dd83b2e390102cca27ed47dd37a7de71ee1c57b367d60a4c0711cb215cb3789568fe3a0c63115109ee6dab1c9635b4e949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
bfd8824f959175a0480c457173adcd27

SHA1
922a9b69ea437e9a993b62bcb3d2f75949b82ec7

SHA256
b46e32c7b7fee10151581b2da2b0959a5586f5c2df05660429142d2e0fbafe77

SHA512
0fe41d00a02cdad3090b50235365bcc3b21aeb16fae67771df674ecbb6cefb3caed4cc8ee8c1c9115dc2e535775227db6f7eb786cd7d37b938cfa6dabd1762c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9c74c3b547c5c12bd94d5075005568cc

SHA1
61b1d528a0530ee6937d9b5b70cf5fa98fbf84ea

SHA256
2c4593b667b441d9d37f82c69ee7b9ea27e76df4f4ed681b81ed0d85412a9430

SHA512
71ebe85b3534559706b65dfb6c909849dde1fa31a36a2b7909063f3ba81c15f60dd709f9e84eea407fab610f686d87e7099023241aa8786eeed6f6b7f5ae0084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7581bdd3b4e754d303ebf3f08f92cf10

SHA1
6c9aa6c1b6210bd2ead975593256d98d1aa30dac

SHA256
7873f031292c8ae2d0985fe34dcaf44bf51f72f4194fa9fdb9471a2daab128f9

SHA512
f5a76bfd15ac3b803ac5f09ffacc0e23b57385abe2567c1d814c6cadbe3858fbfc7c4905a0244dac652d99d4dbf57eb6f4a722ac162702f28e053f1b41bab87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
27033835a82ec8d130cfc3034ece0114

SHA1
f50cc40645e91355218cbdff03ed420ef6569ebf

SHA256
28481e51e828c06ebb409c38d603e5bbcc991b785e54b98038205bff8b65fb41

SHA512
a826169df5c3263959d96216e41688c4ce63ff2cfe13c92cc54a6d4b1c0369b0d7e55c8db2fcfbbf2ce635d62bcae948c9a112c67e063797c8317c245f89c14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
562a6d9e995739bf945522d469ce2014

SHA1
a9f879de4973f52bf7569948a29f65a46b389ed9

SHA256
deb213a0fcc5c1f1b00842aca6811136e9b9cd1a66fbbe599731ff67ad7dbcd7

SHA512
9186273db777d7507767cd68796e02fade1415853e7bc1849d1aa57b979ffcdd4985c1566d8143a673edddb35610e93f5244e0b13bedddad87c446bd5331c042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0f9516ac-2561-4368-95f3-88760e9aef80\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25b4e76a-f2e9-4992-bf69-c1f0e9e401cd\index-dir\the-real-index

Filesize
624B

MD5
005ae6ff443d1cb536a3b3683d937625

SHA1
fd1fcc92e99b1d3989437fbcd5fad50aaf9e11ca

SHA256
16c97df810434b3ae3cfb940f5917230cc44be29686052422917b0b0115748a0

SHA512
30a4a7698da827b3a1dd10194c8df40a0e7c999db1af58dab03dc1be3d4cb032f19a4b0bc433fd92b6a6058b5eb737245da3078b166d3b380e8544a7b3eff55e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25b4e76a-f2e9-4992-bf69-c1f0e9e401cd\index-dir\the-real-index~RFe58a5c1.TMP

Filesize
48B

MD5
f2743624a12e7fd488fe06f6c13ca9f3

SHA1
f098bb831fc7804665b83ffdc11cc27d734aef48

SHA256
8db1cedc5694103108420d54bd0c2e085d5c16b1fd8488888bd33ce5764cf9e2

SHA512
7bcc50d3a154b96d697d5b9880b06ce52e6fafba11dd430d5a092d6057fd46fa8f6e591f4a77258ee65ae1dc8b472329dccf163553cd3bb70343f08c37aedd83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
aa5078cf12420a66fc2194467bc62c71

SHA1
81955d7c7f0137df408e2736e5d192b3aec17570

SHA256
42003b0f46ee76612cb7ead2430ebfe73b3fec9597548d54e4b860ae6cb79689

SHA512
35ba0472a326d9aa9835a309967bb0da46c47eb81a4303a79729b7fe218a555c6282eed7dc157176bd385e83494eaa9b70b5f8866e405adcf52195e83d52c048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
431f09684083cc6f9a06bc112cc19395

SHA1
71b7c0166b39e571162b2ee80b85d7bc9cb0b428

SHA256
0f0728043160a66f9da5a4fff1b309ce943c96075ca8ea5dad8b3fd86c4b7589

SHA512
f3aee5a5ce7515a0478e0bcec2f15021f4104b68e913c42d4b9df9a6eea59d700c9f5e62e3aa1de200215c2a451693180b01317d7130c850aedfd2326c68093c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
63d413b705b3ad2a1562bb4800966b77

SHA1
046d168b7de7f930bac4e5ded96b2157a0311ece

SHA256
4f6b647c72cbc8bd53dff7039d38999d8876894700c13564c18f80fc2be15a81

SHA512
2bbe7617c8b91231dc524e5093289b18562226b9f074a16cb86e274377301244a60d138480b0eb15f2910ba9ef6eb0605000b25b14d9049deee36cdfbce2e26b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
215B

MD5
1b8d2da1625728c487b6f83a44984160

SHA1
0d7dd59ff760173b191b3bdbfb0a5a0197d26bd7

SHA256
620071b0e9cbfb5383951d4da6b38a46a5527c9898728f797ce1b3366ea82eab

SHA512
b18ab2b7c153847491104db00726d0ad3b6afb4e9eec82283ff64d6fe75f9966dd9a379497abe6198e7522090b4995daa3b00a277cd37854da59473fceb2d25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
151B

MD5
1549e103ca648d0efa136f39eac489fb

SHA1
a3104e258e15777e74fa94176d3d18e9e5af5202

SHA256
7982b270e94ecc7471829817bacd4e8b1a59c4aa57c9ab6c57a51edc9573f9b1

SHA512
d1716db87601218ab0e1706b553a172e087fd86fbfb25bc2ec78462c49b4da30562fa3d9964caa9738b5240eb28c591a8a0e9fa6056f9ae215f455349525ed91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
151B

MD5
b7dffbb7a2673db375f1f4ccdc08211e

SHA1
a7bfdccb61552e56dff341855b54a4340ef38b15

SHA256
1bbc5d966ce01e7716ade451df6b4b9711688999df345b3f0d1d78157fc93025

SHA512
b46f9fbefb858b231edaf8c2fadaad513e5696adeb6a511871256dc0b4a436426ea4d0dc6a520a0dc25046e46de14f63bbecf2b9d5cc89106ca0c49b4709e954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
d96ed91e0b36e1203974c8950e400934

SHA1
d68bc5307e89c98e6898151b1725e94722c1d728

SHA256
6c10697fb862f734f51a0b927d25fc39ece45acdd6ba7a81394305066ac64ed0

SHA512
9ed175b0d7f462c4b0543e77792e6caad4c90ffc4ac93e47755adea3a60454be44416f018b2d6b1e4c839eb287816d065a6d56131e71bf3bdd6031f7ee28f9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\0fe5a83c-9e0a-4bb8-8422-14a5fb65a70e\index-dir\the-real-index

Filesize
72B

MD5
f90d2e13de4e2ee8c563548e9fdd5b5c

SHA1
dfe58fbe0005e4e6a6fda82b2a874169b1c8aebd

SHA256
2467070d04771a828d0674346b9dee8d80ccfd44c957d29bd7ddf5a249bd2c26

SHA512
32561125571cb0bca350e900e92f66136c51800b5fc2ba38c74c5d55dc44a35509b01d46940e5182dc97773f9fd4cda5d74466df182abc08b567b7c4ed3f0ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\0fe5a83c-9e0a-4bb8-8422-14a5fb65a70e\index-dir\the-real-index~RFe587bd2.TMP

Filesize
48B

MD5
9380e6710dfef19c415eadc05fc29485

SHA1
f1564a2af0af472095dea67bdf4e2e57f7183131

SHA256
ead9e4cbdf23663a64ba7eae2bec2a4a9b6da3f609f0094ad95c286b2180e9d3

SHA512
826a51448900b94e31e6e8cd9340cb4366334a06a7e5b19c14ac362f94a7ab39bb2bbcc2c3cd173938730ec352c3eb64936df1529296dddf68267c021cb7cb60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a23a2a1f-74d9-4d4d-b5e2-080056706728\index-dir\the-real-index

Filesize
9KB

MD5
d98a1143efa0fe881135aca814615bd2

SHA1
cea5f43c8e0cd883a59c580473a5b7a7e9211859

SHA256
b164b16455918a8d64d975e48b7cf8519ebd2ad4b78445f3e23fad2a58361aca

SHA512
6222c54a545e638cf056f92da86ca7bfd3f442cc70f2514d1bc7274b307100338685ec41788926e0d8415e391ef06caea9700106fbe2ad777719a9192b6cbbf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a23a2a1f-74d9-4d4d-b5e2-080056706728\index-dir\the-real-index~RFe58f6ee.TMP

Filesize
48B

MD5
e47ee18563ed95bc117c27d4fde0c00b

SHA1
caef6b054e71bf0cbf7c9e3165fc82496325ead0

SHA256
17e3bf357928c2651378667f451b40ed7d47d4b319c7eee4f69892e41d75ad4e

SHA512
2b9aeaefcd5bbc4e5f95fd8690587ace314684e95cab5fb3f1d9f7284797b0a2001145a5fd3a28b0f5a436168052e7f6e442d6a55d26555d6fa2ad533b065eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
140B

MD5
6b1bd668dbd57fe542171aaabcb24297

SHA1
3e84accad8247ed2171c6be9e2ff18aa13b945ba

SHA256
7e30230e5754b8df8af9e16c1d42cf7cb66e356f9d9b5400d32f5defb5a406da

SHA512
285f1b216cf240586022ed12db8802587ce6f7792f8ed01bf8438f8f1a0d3cd8f4457194472fbfe0b6657ee4538ff546c472fd1712c494e91a8ac0dae90c6e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
138B

MD5
656d30dd28fb5f11442f45ea68c5db0d

SHA1
53310daa2331dce950f500149a6d51fd32bc4440

SHA256
221c3e8fd3caf9d7009de0f37fc6e794e4b6963d6fef3b25944db3716f108c89

SHA512
2f248b86f9987e171a6b3a130659a70d2fd8d588212ed3734ab1aa5f06494a7088909c6e33924ab2c3f79ca65a405290b79567912f32b24d8a0701b9a9246f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe582b12.TMP

Filesize
83B

MD5
26d46c5634cd51cef87e41bd14a3d990

SHA1
a493e1fc2b7836bed1861a655e72c7209b4e8a5f

SHA256
17cbe713b2378be43f903aa2596ee54f37674ee29e57cbda1ecfb64727d59e6b

SHA512
bb697bf9839049cae6748ff924f59b3c7bf9270339a123d6253473917cdd1d6146bbfbe51ec4d9b8ba05ba906ab7fb6e4af8299a446966acd9e7a4699f4da70e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
ca3f1475bbddf470c093742cca30b675

SHA1
12b87695026439d1d10b393e62037616de024cae

SHA256
7292d06dc8cd72dce5c27457a96a092d1c0e60cafc9b082963075dc31d656b96

SHA512
17a58fcf7e2e9f88817d561cf3a1ef60fb124a402c3a6ef45f9e670842c070e75f750891df4b8f7143f399a9b0356e246de01acd1c747f2f9c915e26249db7c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5898b1.TMP

Filesize
48B

MD5
4f67c34c449e6120dbf7273813059547

SHA1
047a4404d9c997773a182016d665f9f7573ca7bb

SHA256
d843d7e0abe9b69af2753183889fa3b5e3f705d17aafbc89be7eaf950aea10dd

SHA512
365df6f276a2bf7639baa996a88f4c34d51f66adc22228a6f217de9efbd6ea7b316e4cdc2f53d503697cdae080495c4f4d2e1450074f5718507f2d6a71430805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
744d1aa663ead1dec39e9eb0a828d528

SHA1
b3a3a9d4822a71c9cb358b2f2c865191d158a133

SHA256
1d3943588a816502cf9b19b26e09f30340d4ba142541ee57767019a6923c5e85

SHA512
41252071c7c1651135845552eb6848248b56d4c2d723be56f691ecd43d5d421ed2a0da2268ff1b7fb7b7c95d48c7191460efd7fdf4f86b0409937a00ec4c4395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d322b5e5a0d063df55ec05af4e1e70ab

SHA1
668e7e93048f5ba3cc1b9af483535cbace62aeab

SHA256
05cf8436ccd9c266c9e66362c3803db82ef10c13824e1499371e40d9f8b1db89

SHA512
d4517b688c8b87c6793544972b7266804f4eefe90da76ad6860bcbaaed88b215d086e278861f49abab3d6b06c04a876b5a265056fbae71558938c29adfc53c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5c9512357e63e30c81cd2b8264341daa

SHA1
9c9c007e51fe1599d1b999a94b64f60fb8a82511

SHA256
a21189d2dd9254c02de1eff57235da46328c0e1e72b4fbb60ac152a0e93ec2ff

SHA512
8e5d61605fa994cb3057d6aec750c0d70cd49f29c5bbe5f6bcd419a979ab7db4498836a473528840212f92fef5fa3ac2e736c47a8cd9e5ca768dcf211dee79f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
4cf68a578461ecbe2053038f7cb2de22

SHA1
cb0a160bb7fdbbc34a6608c0eefaab2e204f4b63

SHA256
ae8d7833ba836f4c3f699bb4b5fa8045be933f272f8d9129c3228e3b4098ebd4

SHA512
3f36c32bd6fd5764c28e9feea9d112e7723e9fe635ebd690cc16a4938e1f632db06914baf8ca93b3b043027883e48c11ca33df4f1cc03cddcb117f7786e0bf2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
98eda7110909b66ec445f3cb91158b30

SHA1
703c470315416bb6da3965d374ffc66d31af60e4

SHA256
0c19a6a756bb559846c262c1423e9cdd078a8b7d48b5e886611585f87da0e605

SHA512
44ac03236d4b318db9f64bb24be8c68829fddfddd3a5a2f5fb316c51e203c49a54ffe24a7b7350cc62f55f142c4f2ca13442f088dc229b08965a9d76734ee648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
151123b51cea41a452854d5fe1f4ba39

SHA1
53be59b05be583d8ff4e657a0d6c5cb5ea046ec0

SHA256
ea72245b656067e1c3a2fedb1a9284213b08c4207e640f5ad594b159d9ea6b60

SHA512
a50f71bd2f050b301c4afd95e2cc021d901912faf3166954d4afd2928932ceb146f60f13977dc30ac3102c3aed4b82870d70729c5a33c3457024160e6eb90c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580422.TMP

Filesize
1KB

MD5
2d66651fde3189d23a211c09d54de81e

SHA1
b98d561f4ce6d6766e0bd9b28b4f7efd3c843eba

SHA256
3134a6326c57ae9839a07ee45aa64e5d753b0a74a9d315b3faf88b3ec63fc302

SHA512
82cced7165827c62337302f2fd755e6d28729b628db94e595be75268a0d41d2bd57c8ff03b2a91173d0c5fba11e8eee75826faaec754dba8fc944cbbab9200d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dec82cc5-d822-4897-b550-fd2f78df235f.tmp

Filesize
5KB

MD5
8d36e975e25e539409d903f284547a5e

SHA1
c199766a0fc47863333dc027e8688fd7e17edcf4

SHA256
f07dfff0d9ff7a86d511fa298f54134f72a33a6bdf1fc656c784920f9348b336

SHA512
9beb844236a96410549ab98de0866a7ec2101590ee8cf3e28fd8521679483612b298ab9b21c5466c5e7d46cdfade19e84324ff47a09e5a4c8c4f6518d447e7ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
497ca4b1a64491cf8ee16f7d318e1742

SHA1
e0422ad858b927a1c16322c9ee99ada5cbf0e088

SHA256
d5301772f6d33b086cd6f61fb607b2f8146fac036f0a72429a1938e0384b94c8

SHA512
619b3e2f9999acdc58e90d73f11c369061ea7284af541611e07a4411acc47a2cf0aecb3eff98c62b51dba4e73fab0155903998f6d5d7d3e1dd0298e68aec7591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3278cd623bed22224e1f088b21f21f57

SHA1
3f4bb1de32fd0edd58ed8e8dc6f28dfe6165f5bd

SHA256
79e49a984484d35bb6744511c0bcd4477813db5c3981917969f44f55345e45af

SHA512
70ca512c3e0923245f186f18a6178fa26f56ae637fb7ccd272cbc0bab2b77cafe07246273369addf59f758051a4add9ef04dea56be1ea27f819e2123a4377766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3278cd623bed22224e1f088b21f21f57

SHA1
3f4bb1de32fd0edd58ed8e8dc6f28dfe6165f5bd

SHA256
79e49a984484d35bb6744511c0bcd4477813db5c3981917969f44f55345e45af

SHA512
70ca512c3e0923245f186f18a6178fa26f56ae637fb7ccd272cbc0bab2b77cafe07246273369addf59f758051a4add9ef04dea56be1ea27f819e2123a4377766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
d85537e5893698d95ad06d1dd8a06229

SHA1
e28a65ea4e98c46f925a89083ba68d2a6ddd9c35

SHA256
a62f9c0e556b5409623118484ac7b53e5c01b8fb1276a6ee8deb6e039cac7045

SHA512
820eb81da257676731c5dbf00b9ed2623d52b7f9119a4f9ebc885688b88dbacfa878a8b30567204afe774d6e030b73b1b9751dd451c236a78298a29fa835f303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
d85537e5893698d95ad06d1dd8a06229

SHA1
e28a65ea4e98c46f925a89083ba68d2a6ddd9c35

SHA256
a62f9c0e556b5409623118484ac7b53e5c01b8fb1276a6ee8deb6e039cac7045

SHA512
820eb81da257676731c5dbf00b9ed2623d52b7f9119a4f9ebc885688b88dbacfa878a8b30567204afe774d6e030b73b1b9751dd451c236a78298a29fa835f303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2f4bce18db03dd74b6441fa8af2c2822

SHA1
32e897b83ce0e09343a4edba9fda7a767348e8ec

SHA256
7f27219ac0950da9811b9af4acefe2e8bf6b5db705f987af9ddee3f00b3a873c

SHA512
c59a32ee3aac26f0ea1f2b3840a19088d05583902de8e1d216d38e8e91dfdba3d1eb59e40eeb57bc3c051d67699345d91970cf18ecc6cf87abb8b5c4e3d11bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2f4bce18db03dd74b6441fa8af2c2822

SHA1
32e897b83ce0e09343a4edba9fda7a767348e8ec

SHA256
7f27219ac0950da9811b9af4acefe2e8bf6b5db705f987af9ddee3f00b3a873c

SHA512
c59a32ee3aac26f0ea1f2b3840a19088d05583902de8e1d216d38e8e91dfdba3d1eb59e40eeb57bc3c051d67699345d91970cf18ecc6cf87abb8b5c4e3d11bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
82191a5731c51cbb39bb541b03b2ea24

SHA1
b7d628bb8b7954e5dd18fdfcb0cd2d1bbdedb071

SHA256
b07405b12fb86ede69a60e119b3ad2095486ab158cdc57787edb7544f005a8c0

SHA512
9392a3a4fac13c39d20b3677e17b40bc0592dcd7784d7fc0e6997c28537eb30ce737d3a02942dc1f617b1108bd72f2b2f8156ed47ca01ca9cbc8825e0e44fcb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
82191a5731c51cbb39bb541b03b2ea24

SHA1
b7d628bb8b7954e5dd18fdfcb0cd2d1bbdedb071

SHA256
b07405b12fb86ede69a60e119b3ad2095486ab158cdc57787edb7544f005a8c0

SHA512
9392a3a4fac13c39d20b3677e17b40bc0592dcd7784d7fc0e6997c28537eb30ce737d3a02942dc1f617b1108bd72f2b2f8156ed47ca01ca9cbc8825e0e44fcb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
aaff2c5a1727bee46de178ada91256ae

SHA1
c616b825b8ab7bba5426857c3073c3cc7d10fb89

SHA256
1687346158374c9d00d7ab6da77efbb22cad10be61ac0007f974372a105f4370

SHA512
4ee4d658a0283cf0d4f7111c8a5616a9c1a16a47611cf2b42f428b61e6e9971eb9eb977b3e9ca442aa3588b580fe44bce2eeb19d2b9ae8f1c8e20e8c185f5ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
aaff2c5a1727bee46de178ada91256ae

SHA1
c616b825b8ab7bba5426857c3073c3cc7d10fb89

SHA256
1687346158374c9d00d7ab6da77efbb22cad10be61ac0007f974372a105f4370

SHA512
4ee4d658a0283cf0d4f7111c8a5616a9c1a16a47611cf2b42f428b61e6e9971eb9eb977b3e9ca442aa3588b580fe44bce2eeb19d2b9ae8f1c8e20e8c185f5ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
be4c9b320f93c38834efe5d0269fa6ea

SHA1
7c2c801a614b25bdacfaef56f56a1731667f9e14

SHA256
59a080698ff93d71f38641dacce86d41656c19e8dd1be612beda22ac30c6ba1f

SHA512
b758656a212030bad51aa6c711dfc0bb00d68315ef7049238e19b061e48c32c6d23a5a6acd7d6c470e93824b068df30187172b7b2e6c7ca0945429b283331da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
d85537e5893698d95ad06d1dd8a06229

SHA1
e28a65ea4e98c46f925a89083ba68d2a6ddd9c35

SHA256
a62f9c0e556b5409623118484ac7b53e5c01b8fb1276a6ee8deb6e039cac7045

SHA512
820eb81da257676731c5dbf00b9ed2623d52b7f9119a4f9ebc885688b88dbacfa878a8b30567204afe774d6e030b73b1b9751dd451c236a78298a29fa835f303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3278cd623bed22224e1f088b21f21f57

SHA1
3f4bb1de32fd0edd58ed8e8dc6f28dfe6165f5bd

SHA256
79e49a984484d35bb6744511c0bcd4477813db5c3981917969f44f55345e45af

SHA512
70ca512c3e0923245f186f18a6178fa26f56ae637fb7ccd272cbc0bab2b77cafe07246273369addf59f758051a4add9ef04dea56be1ea27f819e2123a4377766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0d34d3fe03c77bb710bce260762b8cba

SHA1
7c049863842d32b0d310c2ca4a5d65534fa070aa

SHA256
0129ed9020fa0151b50e75c19dc9d9c0c9b57347e8630314f0808b99307b740b

SHA512
2d9aef8ff288dec274e9dbc138e3b02907c65c20497c9d88cc60526473fa0196b52d78304570f881cba2b5378591e9a06256e8932ee49af9aacf51abb08f5f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0d34d3fe03c77bb710bce260762b8cba

SHA1
7c049863842d32b0d310c2ca4a5d65534fa070aa

SHA256
0129ed9020fa0151b50e75c19dc9d9c0c9b57347e8630314f0808b99307b740b

SHA512
2d9aef8ff288dec274e9dbc138e3b02907c65c20497c9d88cc60526473fa0196b52d78304570f881cba2b5378591e9a06256e8932ee49af9aacf51abb08f5f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
641f29ea3de97686e1df1d75d606b365

SHA1
a055188761b1f96fa5c3d895507e6aaa029a91a8

SHA256
b556d1d74bacf90d1957cc2eb2001623df57af181b8d3ecf89688437f784e6a9

SHA512
3f395d84bc63fa32272cdf5cc3d0dae24b0afc09da39404f5bdeb4fb087146b416ff8f26b9c15a82c02e4f443d634e8d7e98bd6f8330bfceb4da374039b73a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
aaff2c5a1727bee46de178ada91256ae

SHA1
c616b825b8ab7bba5426857c3073c3cc7d10fb89

SHA256
1687346158374c9d00d7ab6da77efbb22cad10be61ac0007f974372a105f4370

SHA512
4ee4d658a0283cf0d4f7111c8a5616a9c1a16a47611cf2b42f428b61e6e9971eb9eb977b3e9ca442aa3588b580fe44bce2eeb19d2b9ae8f1c8e20e8c185f5ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2f4bce18db03dd74b6441fa8af2c2822

SHA1
32e897b83ce0e09343a4edba9fda7a767348e8ec

SHA256
7f27219ac0950da9811b9af4acefe2e8bf6b5db705f987af9ddee3f00b3a873c

SHA512
c59a32ee3aac26f0ea1f2b3840a19088d05583902de8e1d216d38e8e91dfdba3d1eb59e40eeb57bc3c051d67699345d91970cf18ecc6cf87abb8b5c4e3d11bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
82191a5731c51cbb39bb541b03b2ea24

SHA1
b7d628bb8b7954e5dd18fdfcb0cd2d1bbdedb071

SHA256
b07405b12fb86ede69a60e119b3ad2095486ab158cdc57787edb7544f005a8c0

SHA512
9392a3a4fac13c39d20b3677e17b40bc0592dcd7784d7fc0e6997c28537eb30ce737d3a02942dc1f617b1108bd72f2b2f8156ed47ca01ca9cbc8825e0e44fcb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0d34d3fe03c77bb710bce260762b8cba

SHA1
7c049863842d32b0d310c2ca4a5d65534fa070aa

SHA256
0129ed9020fa0151b50e75c19dc9d9c0c9b57347e8630314f0808b99307b740b

SHA512
2d9aef8ff288dec274e9dbc138e3b02907c65c20497c9d88cc60526473fa0196b52d78304570f881cba2b5378591e9a06256e8932ee49af9aacf51abb08f5f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe

Filesize
917KB

MD5
6c14c8ad6401d6d2b727656307c6d4f6

SHA1
9ae1a5a7a6d56b0df078be3d42d5282dc1402aca

SHA256
e3bdf3b814f3f24781251aeec4bfbc83726df6c62c25be849247b39b962726d2

SHA512
f9eaacd3115a797be544d8944eec6cb02630a4356d9e96171132067be3f8a7be006202af47addf09b3b6ad5561e8f5dbec7c4a4af1694541542d08b3d36700a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe

Filesize
917KB

MD5
6c14c8ad6401d6d2b727656307c6d4f6

SHA1
9ae1a5a7a6d56b0df078be3d42d5282dc1402aca

SHA256
e3bdf3b814f3f24781251aeec4bfbc83726df6c62c25be849247b39b962726d2

SHA512
f9eaacd3115a797be544d8944eec6cb02630a4356d9e96171132067be3f8a7be006202af47addf09b3b6ad5561e8f5dbec7c4a4af1694541542d08b3d36700a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe

Filesize
674KB

MD5
9dc946cc1bc690e537437aa6e7e98ba8

SHA1
66bd114f38993e4ff9bac5df29af3c6d17f33881

SHA256
ef7958bfaa89317f24325b42c1886a088213b3633ba252aa4f7fa2ae5f1358e7

SHA512
a16d92e246688c966559241679000b0ef41239538e422d57dea40a9d323b648c39dce9fc8c84e90604d77b7c4aaa74659e5659c600d9772397d86b291ce935aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe

Filesize
674KB

MD5
9dc946cc1bc690e537437aa6e7e98ba8

SHA1
66bd114f38993e4ff9bac5df29af3c6d17f33881

SHA256
ef7958bfaa89317f24325b42c1886a088213b3633ba252aa4f7fa2ae5f1358e7

SHA512
a16d92e246688c966559241679000b0ef41239538e422d57dea40a9d323b648c39dce9fc8c84e90604d77b7c4aaa74659e5659c600d9772397d86b291ce935aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe

Filesize
895KB

MD5
7c8267aaaecebdeddf348972fb4e2d6d

SHA1
5951e6248803b76b5292194bf0963a2b4c0a5736

SHA256
59770b4b8f0217f39b54211cb5fe95ded49a9b4236b37d42d88554789490bd74

SHA512
ef572779d8a78551c75ae2c1afdd25e3e42b503ea408c6e53e27340007192bade739566f155db8dfa81b527074427dcca8f18ac559bf36dc2ed7c7295d59ad93

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe

Filesize
895KB

MD5
7c8267aaaecebdeddf348972fb4e2d6d

SHA1
5951e6248803b76b5292194bf0963a2b4c0a5736

SHA256
59770b4b8f0217f39b54211cb5fe95ded49a9b4236b37d42d88554789490bd74

SHA512
ef572779d8a78551c75ae2c1afdd25e3e42b503ea408c6e53e27340007192bade739566f155db8dfa81b527074427dcca8f18ac559bf36dc2ed7c7295d59ad93

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe

Filesize
310KB

MD5
579302d117dfd4a12703fee96c23da57

SHA1
6dccd322d6e01089683ae359d3d35d9fcdaca22f

SHA256
78dd0ec8b7be658a83a915b0eba9e3d625ac16c484cd01d76359980f3176350a

SHA512
03e8667fc3b2e98f7cb964d68956655010ba2a68c339e24fdaf379c67cd05d3b6085951a6e43db22f3b1bf8bc1635a218f7cb93db775ef0b9d5e85bf78a4431b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe

Filesize
310KB

MD5
579302d117dfd4a12703fee96c23da57

SHA1
6dccd322d6e01089683ae359d3d35d9fcdaca22f

SHA256
78dd0ec8b7be658a83a915b0eba9e3d625ac16c484cd01d76359980f3176350a

SHA512
03e8667fc3b2e98f7cb964d68956655010ba2a68c339e24fdaf379c67cd05d3b6085951a6e43db22f3b1bf8bc1635a218f7cb93db775ef0b9d5e85bf78a4431b

Download Submit
memory/100-568-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/100-564-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/100-563-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/100-558-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/3468-385-0x00000000070E0000-0x00000000070F0000-memory.dmp

Filesize
64KB

Download
memory/3468-365-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3468-405-0x00000000072F0000-0x00000000073FA000-memory.dmp

Filesize
1.0MB

Download
memory/3468-404-0x0000000008000000-0x0000000008618000-memory.dmp

Filesize
6.1MB

Download
memory/3468-386-0x0000000007020000-0x000000000702A000-memory.dmp

Filesize
40KB

Download
memory/3468-1102-0x00000000070E0000-0x00000000070F0000-memory.dmp

Filesize
64KB

Download
memory/3468-380-0x0000000006F60000-0x0000000006FF2000-memory.dmp

Filesize
584KB

Download
memory/3468-377-0x0000000007430000-0x00000000079D4000-memory.dmp

Filesize
5.6MB

Download
memory/3468-367-0x0000000074600000-0x0000000074DB0000-memory.dmp

Filesize
7.7MB

Download
memory/3468-406-0x0000000007200000-0x0000000007212000-memory.dmp

Filesize
72KB

Download
memory/3468-1006-0x0000000074600000-0x0000000074DB0000-memory.dmp

Filesize
7.7MB

Download
memory/3468-410-0x00000000072A0000-0x00000000072EC000-memory.dmp

Filesize
304KB

Download
memory/3468-407-0x0000000007260000-0x000000000729C000-memory.dmp

Filesize
240KB

Download
memory/7196-291-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7196-292-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7196-294-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7196-296-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download