mystic | b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98

Analysis

max time kernel
166s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2023 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98.exe
Size

918KB
MD5

b72309222be81139937a5808c453346f
SHA1

413b3b73df8186744f7d3e81d21dfbc016c01cb5
SHA256

b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98
SHA512

ef7c7e833f260a07f38880aabca6ef1994ae90e8d65fc1e48128d29e66847b115637c1b55bc9a92f4dd5415709b9efefb731d9116a668c046b4f8fed22d8951f
SSDEEP

24576:qy+kWaeuIsmC/GTLYDr8ym44058Du+en0:xJet3EGY2C+e

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/4940-36-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/4940-37-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/4940-38-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/4940-40-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/6780-219-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
2156	cJ4jQ89.exe
676	3yP862AZ.exe
1868	4lR9qV8.exe
1028	5eW20Tq.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	NEAS.b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	cJ4jQ89.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000b000000022ce2-12.dat	autoit_exe
behavioral1/files/0x000b000000022ce2-13.dat	autoit_exe

Detected potential entity reuse from brand paypal.
phishing paypal

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1868 set thread context of 4940	1868	4lR9qV8.exe	120
PID 1028 set thread context of 6780	1028	5eW20Tq.exe	154

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4316	4940	WerFault.exe	120
6352	4940	WerFault.exe	120

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
6000	msedge.exe
6000	msedge.exe
2300	msedge.exe
2300	msedge.exe
4740	msedge.exe
4740	msedge.exe
6060	msedge.exe
6060	msedge.exe
6088	msedge.exe
6088	msedge.exe
260	msedge.exe
260	msedge.exe
5896	msedge.exe
5896	msedge.exe
1204	msedge.exe
1204	msedge.exe
5928	msedge.exe
5928	msedge.exe
6080	msedge.exe
6080	msedge.exe
3224	msedge.exe
3224	msedge.exe
5268	identity_helper.exe
5268	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
676	3yP862AZ.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 2156	1248	NEAS.b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98.exe	92
PID 1248 wrote to memory of 2156	1248	NEAS.b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98.exe	92
PID 1248 wrote to memory of 2156	1248	NEAS.b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98.exe	92
PID 2156 wrote to memory of 676	2156	cJ4jQ89.exe	93
PID 2156 wrote to memory of 676	2156	cJ4jQ89.exe	93
PID 2156 wrote to memory of 676	2156	cJ4jQ89.exe	93
PID 676 wrote to memory of 228	676	3yP862AZ.exe	95
PID 676 wrote to memory of 228	676	3yP862AZ.exe	95
PID 676 wrote to memory of 3316	676	3yP862AZ.exe	98
PID 676 wrote to memory of 3316	676	3yP862AZ.exe	98
PID 676 wrote to memory of 4496	676	3yP862AZ.exe	99
PID 676 wrote to memory of 4496	676	3yP862AZ.exe	99
PID 676 wrote to memory of 644	676	3yP862AZ.exe	100
PID 676 wrote to memory of 644	676	3yP862AZ.exe	100
PID 676 wrote to memory of 3224	676	3yP862AZ.exe	101
PID 676 wrote to memory of 3224	676	3yP862AZ.exe	101
PID 676 wrote to memory of 3004	676	3yP862AZ.exe	102
PID 676 wrote to memory of 3004	676	3yP862AZ.exe	102
PID 676 wrote to memory of 468	676	3yP862AZ.exe	103
PID 676 wrote to memory of 468	676	3yP862AZ.exe	103
PID 676 wrote to memory of 2272	676	3yP862AZ.exe	104
PID 676 wrote to memory of 2272	676	3yP862AZ.exe	104
PID 676 wrote to memory of 2880	676	3yP862AZ.exe	105
PID 676 wrote to memory of 2880	676	3yP862AZ.exe	105
PID 676 wrote to memory of 4416	676	3yP862AZ.exe	106
PID 676 wrote to memory of 4416	676	3yP862AZ.exe	106
PID 2156 wrote to memory of 1868	2156	cJ4jQ89.exe	107
PID 2156 wrote to memory of 1868	2156	cJ4jQ89.exe	107
PID 2156 wrote to memory of 1868	2156	cJ4jQ89.exe	107
PID 468 wrote to memory of 3360	468	msedge.exe	117
PID 468 wrote to memory of 3360	468	msedge.exe	117
PID 3224 wrote to memory of 2124	3224	msedge.exe	115
PID 3224 wrote to memory of 2124	3224	msedge.exe	115
PID 644 wrote to memory of 5072	644	msedge.exe	116
PID 644 wrote to memory of 5072	644	msedge.exe	116
PID 4496 wrote to memory of 3252	4496	msedge.exe	109
PID 4496 wrote to memory of 3252	4496	msedge.exe	109
PID 3316 wrote to memory of 4996	3316	msedge.exe	112
PID 3316 wrote to memory of 4996	3316	msedge.exe	112
PID 228 wrote to memory of 3488	228	msedge.exe	118
PID 228 wrote to memory of 3488	228	msedge.exe	118
PID 2272 wrote to memory of 4776	2272	msedge.exe	114
PID 2272 wrote to memory of 4776	2272	msedge.exe	114
PID 2880 wrote to memory of 4252	2880	msedge.exe	111
PID 2880 wrote to memory of 4252	2880	msedge.exe	111
PID 3004 wrote to memory of 2208	3004	msedge.exe	113
PID 3004 wrote to memory of 2208	3004	msedge.exe	113
PID 4416 wrote to memory of 3764	4416	msedge.exe	110
PID 4416 wrote to memory of 3764	4416	msedge.exe	110
PID 1868 wrote to memory of 4940	1868	4lR9qV8.exe	120
PID 1868 wrote to memory of 4940	1868	4lR9qV8.exe	120
PID 1868 wrote to memory of 4940	1868	4lR9qV8.exe	120
PID 1868 wrote to memory of 4940	1868	4lR9qV8.exe	120
PID 1868 wrote to memory of 4940	1868	4lR9qV8.exe	120
PID 1868 wrote to memory of 4940	1868	4lR9qV8.exe	120
PID 1868 wrote to memory of 4940	1868	4lR9qV8.exe	120
PID 1868 wrote to memory of 4940	1868	4lR9qV8.exe	120
PID 1868 wrote to memory of 4940	1868	4lR9qV8.exe	120
PID 1868 wrote to memory of 4940	1868	4lR9qV8.exe	120
PID 1248 wrote to memory of 1028	1248	NEAS.b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98.exe	123
PID 1248 wrote to memory of 1028	1248	NEAS.b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98.exe	123
PID 1248 wrote to memory of 1028	1248	NEAS.b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98.exe	123
PID 2880 wrote to memory of 5428	2880	msedge.exe	141
PID 2880 wrote to memory of 5428	2880	msedge.exe	141

C:\Users\Admin\AppData\Local\Temp\NEAS.b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x144,0x17c,0x7ff8e7d646f8,0x7ff8e7d64708,0x7ff8e7d64718
        5⤵
        
        PID:3488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,15191304943744356411,14796937184065092391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        5⤵
        
        PID:5988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,15191304943744356411,14796937184065092391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8e7d646f8,0x7ff8e7d64708,0x7ff8e7d64718
        5⤵
        
        PID:4996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10056069533791384904,7523338047161177106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10056069533791384904,7523338047161177106,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:5424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8e7d646f8,0x7ff8e7d64708,0x7ff8e7d64718
        5⤵
        
        PID:3252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12278371492278490024,6264237805950168683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12278371492278490024,6264237805950168683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        5⤵
        
        PID:5504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8e7d646f8,0x7ff8e7d64708,0x7ff8e7d64718
        5⤵
        
        PID:5072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9658386867892181164,3190361900694596427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        5⤵
        
        PID:1996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9658386867892181164,3190361900694596427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8e7d646f8,0x7ff8e7d64708,0x7ff8e7d64718
        5⤵
        
        PID:2124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        5⤵
        
        PID:6016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
        5⤵
        
        PID:6464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
        5⤵
        
        PID:6848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
        5⤵
        
        PID:6860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
        5⤵
        
        PID:7096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
        5⤵
        
        PID:6672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
        5⤵
        
        PID:6160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
        5⤵
        
        PID:6624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
        5⤵
        
        PID:5996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
        5⤵
        
        PID:6308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
        5⤵
        
        PID:5924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
        5⤵
        
        PID:676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
        5⤵
        
        PID:6480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
        5⤵
        
        PID:1796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
        5⤵
        
        PID:6784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
        5⤵
        
        PID:3572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
        5⤵
        
        PID:3676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
        5⤵
        
        PID:5488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
        5⤵
        
        PID:4200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
        5⤵
        
        PID:2908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
        5⤵
        
        PID:5012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
        5⤵
        
        PID:3848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8344 /prefetch:8
        5⤵
        
        PID:4576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11194992211943435671,18254102277154472954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:1
        5⤵
        
        PID:6432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8e7d646f8,0x7ff8e7d64708,0x7ff8e7d64718
        5⤵
        
        PID:2208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12670141093117706112,842566577006743979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12670141093117706112,842566577006743979,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
        5⤵
        
        PID:5888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
      4⤵
      Suspicious use of WriteProcessMemory
      PID:468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x144,0x16c,0x7ff8e7d646f8,0x7ff8e7d64708,0x7ff8e7d64718
        5⤵
        
        PID:3360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16787824296283556337,2494041253623404218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16787824296283556337,2494041253623404218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        5⤵
        
        PID:5920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8e7d646f8,0x7ff8e7d64708,0x7ff8e7d64718
        5⤵
        
        PID:4776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15560751497697769779,4355986124703326113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15560751497697769779,4355986124703326113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        5⤵
        
        PID:5472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8e7d646f8,0x7ff8e7d64708,0x7ff8e7d64718
        5⤵
        
        PID:4252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,384641538357510875,12202840402959384144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,384641538357510875,12202840402959384144,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
        5⤵
        
        PID:5428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8e7d646f8,0x7ff8e7d64708,0x7ff8e7d64718
        5⤵
        
        PID:3764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1809432024163726924,17500457992953865382,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        5⤵
        
        PID:5936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1809432024163726924,17500457992953865382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6080
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4lR9qV8.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4lR9qV8.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:1868
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:4940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 540
        5⤵
        Program crash
        
        PID:4316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 540
        5⤵
        Program crash
        
        PID:6352
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eW20Tq.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eW20Tq.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:1028
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:6724
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4940 -ip 4940
1⤵
PID:1336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\38094d3b-53d2-4b1c-b943-74b83e16bcc3.tmp

Filesize
2KB

MD5
518f7a234ff32601c475bf9c5cdc9c49

SHA1
e660cc1fb7f62125cdaf6747e3669367474f8217

SHA256
f925dc9dc0518a69e5616071bf974486ee229a57768244fb8ce43c531c2067e9

SHA512
7b5f49036488a6faedd66cff1fec45e2c9db17bcee5cad807f6fd53f94f2098d542daf3669bfdd82752d72fac762920bd3dcad8ee80bf6f1fea117568fd90479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\58e0ddcf-5cc1-452f-8205-a20a38162555.tmp

Filesize
2KB

MD5
dc478c5407aa5f409001ea208ad0717f

SHA1
428ab7d6ce55816792e01b825a60132ebce9cb8c

SHA256
d373ccfccd471615955e913cf9e7919563bea89dfd7dafab3edb21214cc07c03

SHA512
753a094385393bafdd9bfaa7f1febecd2e59af0a5fcdde8f9a9a4aa7b23d5d03b284a5a68926a4713dfdf29b3486b4307bebac8a9a1fb1a1607a7584dea62874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\70998135-e974-4e2d-a224-497ed8c897ca.tmp

Filesize
2KB

MD5
76c7675e237202ea6bd1bf3660b3d356

SHA1
550dc78470b017d6658c716974baaf0a280bb0e0

SHA256
5a8596bdba4f0c17f95237e7265c70011922e87405940bd9bc5dd98b5d0144dc

SHA512
8bac468fd1e409e070b49fdae89f0e7370e88030d26f8625fd7bab6d70634b9bb8ffaae6007a4faacae6087f71e884462900740b775a2c939801fb4e959dd8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
33KB

MD5
fdbf5bcfbb02e2894a519454c232d32f

SHA1
5e225710e9560458ac032ab80e24d0f3cb81b87a

SHA256
d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c

SHA512
9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
224KB

MD5
4e08109ee6888eeb2f5d6987513366bc

SHA1
86340f5fa46d1a73db2031d80699937878da635e

SHA256
bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339

SHA512
4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
186KB

MD5
740a924b01c31c08ad37fe04d22af7c5

SHA1
34feb0face110afc3a7673e36d27eee2d4edbbff

SHA256
f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

SHA512
da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd2ad9950be157d7033d57ad026afb53

SHA1
bb07246696aa87f62009970f2dc7bf8bcb9f83a2

SHA256
f5c1c5768bfcc4077d3906a859e8e73642d56a70e497dd22adc102c5f1307800

SHA512
5ae1c8c22bdb47273410b3cc6a5ede71bcda0b82c6706ae69b76b1103f75b98c9bd785e346c45ca1bc5bcc257b2aecb9939ae27c339077f6374d0f4781ce77dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0418b9429df9ad97eaed15e6cfb2233

SHA1
a1a25cb038acda40bb19cb733df8a2143d5c6760

SHA256
8e320f73afde4f7aca6c87876bce71cf3ac67ff3e3f5a7e7ff91490cf9b1ccf9

SHA512
3958c9b0a42b4bc49da708518de5b0605fa1ce46d3e9847fddf666a0664ec66e0dc856e836b0c442d94ad9156523c2e070f9aed5bf08702ea3f4716bf48d4001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
60a8ff12fdec377812708b90af74042a

SHA1
223b8ce1cf54844e42aa7a412639d44b93b8a1c2

SHA256
da95b4aec5dfd001ec1069cbedbf12974aaabc00d60c08f8878fee718aba4c4f

SHA512
8962b57dbc849b557fa9f277e71dc70b10a10585d13957b798daa53c069b5f72a6e0d136529bb4b2e804c32a78e0ac59546025883260f8221afefe558a4eec5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\79d5191e-ad8b-4b91-a028-496297c3f715\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
83d2d419b46c3d784be35f7980cd1a62

SHA1
9eb36621d9128a507bb22dcf338cfc6079f42cb2

SHA256
f978f2944f4f8274b1030fa792cf1fe8a8c6ee19f0068b83490964f6c3e6f2a5

SHA512
86520cf0695f872f64a2d4ff62bc621f3f57e2696196f5a248a02a26e6cf1f04629c06946c777b3ab67681609cf9369e47db240e51a26094b907bb17b79cc8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ea405b46dae4743077d1ab8bf02b3e31

SHA1
740b6a0d64af86fcd829bc74af65965681355073

SHA256
9acb9f4c2d04cf34d1353616c5eb845bd69593e1aa4461613572f9e5c6fd0a17

SHA512
c2ad7b30db1523ca36319acbd3901de7dd7a7964a88b500b2a5480272e6506771b4dc3613f4c3abc1861d32ab77c4c0de31e1049be3e97e24440307071ff0043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
d78c68bd700166c1b3ec23a384205d6a

SHA1
13602e40cc20baf2f37d79addf29923d68b3e283

SHA256
efac0330a0679884a5f877a05a7cabc4f2e573c819fb80f39d4d256ad98d943c

SHA512
5099146520c0b683736e723222bac3296b877b71dcb2adc2d8aa116109725586833a4fc23d0b09455ecf8a3f3b26de697dccaeb67be463347f90b3d3d773196c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
140B

MD5
09ebd12d27f2cd064afc48d11f9ff27b

SHA1
077c8c0d211cdc914c48017fd40a64111d7c11d9

SHA256
e83eee52921677f76d271f89bba17db7afca3e7725f10b36e542bfc2a73e2025

SHA512
886260fb2e46c53570409ed622671b8b10dccf15546582fe6c20c436e10a35046b83e6ff2c7646f9240c5f54db451119858ade678496e2115fed3d59f8899680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5a56ad.TMP

Filesize
83B

MD5
3bde95370c0b04db22e4722182092e41

SHA1
a1e494075a9047ff6473534e78d1dd3daf7ed06f

SHA256
c0dfdc18905a1770e7589cba51ce346d20f6940e436c31a8a2c98302dd6e1a27

SHA512
01afbd07255d203acb010255d6f4db915a7c1e8548b931fd551b978e5b52d979b4f7ac3d2a8016d5655270cd28b07e66dda74577ad5eba252e852fb05bc1e66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ee7e79f32ef56e5301fb8d4ad4c824dd

SHA1
e104c30fc69fca342d9ee222a3eac7e1bb75475a

SHA256
ac4264f0845bbce0a1c6334c8b3b6d379f71c4b3e9e0572412d279d547dd63a8

SHA512
eb424081178507c7cd8a3b44a1997caf8be4876cf80961050f2dab8a7f14166f24c0a7e3721d3608240836baf465cdd0fb16e4f871fe3a03c93fec85dac89014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a66aa.TMP

Filesize
1KB

MD5
eb6d9f856682f717d5f50e1cfbecfdc7

SHA1
974cf77b2ba98022c7298f8632e521b9e4adcc03

SHA256
5040251620a862962bd9fde088c02ecc5b5d8ae3debe15d803e16a9482b9f6a2

SHA512
a8492873f9c53736387e4b07a4f73c2244bd7b600903bfdae890f6852fcfec4f184c216e1d614d6ef6c58a1c85ccc874b744166b706a8635088a5436fcfdd7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
76c7675e237202ea6bd1bf3660b3d356

SHA1
550dc78470b017d6658c716974baaf0a280bb0e0

SHA256
5a8596bdba4f0c17f95237e7265c70011922e87405940bd9bc5dd98b5d0144dc

SHA512
8bac468fd1e409e070b49fdae89f0e7370e88030d26f8625fd7bab6d70634b9bb8ffaae6007a4faacae6087f71e884462900740b775a2c939801fb4e959dd8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
518f7a234ff32601c475bf9c5cdc9c49

SHA1
e660cc1fb7f62125cdaf6747e3669367474f8217

SHA256
f925dc9dc0518a69e5616071bf974486ee229a57768244fb8ce43c531c2067e9

SHA512
7b5f49036488a6faedd66cff1fec45e2c9db17bcee5cad807f6fd53f94f2098d542daf3669bfdd82752d72fac762920bd3dcad8ee80bf6f1fea117568fd90479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
97ab991fd2714feed38bea833393454c

SHA1
5a67283032cfd47e022a95dbc0014e66e675bfdc

SHA256
c46dafbed060e4188a4077a00ab476134b8f5c80225c3830329f36c2816f619d

SHA512
5275e0af480755b32f57d0525f556372835b6a891b7e6ec2fb12352f999d715f83b2e3eeba7559ddd1221184b1ee94e14947aefff6e1a8a8878d1f372e217471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
97ab991fd2714feed38bea833393454c

SHA1
5a67283032cfd47e022a95dbc0014e66e675bfdc

SHA256
c46dafbed060e4188a4077a00ab476134b8f5c80225c3830329f36c2816f619d

SHA512
5275e0af480755b32f57d0525f556372835b6a891b7e6ec2fb12352f999d715f83b2e3eeba7559ddd1221184b1ee94e14947aefff6e1a8a8878d1f372e217471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
76c7675e237202ea6bd1bf3660b3d356

SHA1
550dc78470b017d6658c716974baaf0a280bb0e0

SHA256
5a8596bdba4f0c17f95237e7265c70011922e87405940bd9bc5dd98b5d0144dc

SHA512
8bac468fd1e409e070b49fdae89f0e7370e88030d26f8625fd7bab6d70634b9bb8ffaae6007a4faacae6087f71e884462900740b775a2c939801fb4e959dd8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
37131140d8d1d720a60b68d4cdd20f94

SHA1
b1ffc8790966bdf03c874d3942fa558559ee4673

SHA256
0d6c577fea740ad881492034ca2f4994b52895ffac115695bb7cdc737458476c

SHA512
01a66d8daf44461222de6cb72e49c5fbe6f49fe96749c9ed6d974a312de1a5ba28b2ed4049db2616501c387b86a0a0cb72a18a36ba6bf5254c14de12c0ed9395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
37131140d8d1d720a60b68d4cdd20f94

SHA1
b1ffc8790966bdf03c874d3942fa558559ee4673

SHA256
0d6c577fea740ad881492034ca2f4994b52895ffac115695bb7cdc737458476c

SHA512
01a66d8daf44461222de6cb72e49c5fbe6f49fe96749c9ed6d974a312de1a5ba28b2ed4049db2616501c387b86a0a0cb72a18a36ba6bf5254c14de12c0ed9395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
37131140d8d1d720a60b68d4cdd20f94

SHA1
b1ffc8790966bdf03c874d3942fa558559ee4673

SHA256
0d6c577fea740ad881492034ca2f4994b52895ffac115695bb7cdc737458476c

SHA512
01a66d8daf44461222de6cb72e49c5fbe6f49fe96749c9ed6d974a312de1a5ba28b2ed4049db2616501c387b86a0a0cb72a18a36ba6bf5254c14de12c0ed9395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1dd0adef885d294e769d3988b9b90eb1

SHA1
8aedab7cb3e49fe92f8072a22482b2cd5767b33c

SHA256
ad4c1db22159a24a24b6203c9eb9f7fa96630dc51c129e3f79ed8afbf9991a69

SHA512
ae4ebe43adcd88741e3c5def3ddb2ac1351086d8313d3399d05a7742193bb802b7713d891728f99e3ab781217a32fb9b6f12290e27dd2b407cd4ef8f12e8cfa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
517acd3c9fcfc2eeaba13a9a13410acc

SHA1
c6b84e6e40b3b8be7ddbbd396c56b7a3c21e505e

SHA256
567881a1d29203523d4970f777a04f84d40805eaf72d22c0bab426a5393119af

SHA512
df539cddb40677caf26b1145ecbabcb6e855127c9d3ee5b06a5e12d56cfe0ab2f8eda929b858c5969012078082675b6e81b79d09a60fb7a3f27589c3c553b85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
22fdd244e756e96c2ace5a17d97def77

SHA1
cdfb6c4a714b27f8cd2da9ca9505c1fe219f94e7

SHA256
9396e71fd8e1d2f6ac47d3b0f6efe5967e89a095ad0b3939f642668bc9088138

SHA512
5eaf9c51037a0535b251b1b3d96cc86d0acf6b8da677548e981d3b8d31dfb9d807ce4434fafd40c0031d10c9769f4a4197072b31125c8838ad1b7e827eff714b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
77a7baa4d44270af6af62c178cf10a74

SHA1
eb1abab06a08b838e74984cf3df5e2008f83480a

SHA256
a88cc53276732ca8ffa378228aaea41a88436b9b1d622d239f579d6b1c243646

SHA512
a466bf72133f810f1f6ce2c8e1b756a7b548f1fde911894bdb2abe66844d92182046635661d73c280a52e85762305e818456d838fabf28465da53102aa0b51f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
ebe5a2fb0b9d5dfe341eab2b70e3735e

SHA1
61d947d2694955eef9e097ad8d608a7ad71d06de

SHA256
26a1042933369d73cb50ea77b45c5cb32f1b81bb0b14bef00edaee8e84b614ef

SHA512
1404826e19632d744da0a2625e3fb904097e2b1929d0e2f2067b0e0ec1469aa0ba7c285585aac5c7c643d059011d8c329f3ec6b896de2108b76f3ae067526603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
518f7a234ff32601c475bf9c5cdc9c49

SHA1
e660cc1fb7f62125cdaf6747e3669367474f8217

SHA256
f925dc9dc0518a69e5616071bf974486ee229a57768244fb8ce43c531c2067e9

SHA512
7b5f49036488a6faedd66cff1fec45e2c9db17bcee5cad807f6fd53f94f2098d542daf3669bfdd82752d72fac762920bd3dcad8ee80bf6f1fea117568fd90479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b968d0cb-93ec-4598-8591-54ae106b2318.tmp

Filesize
2KB

MD5
517acd3c9fcfc2eeaba13a9a13410acc

SHA1
c6b84e6e40b3b8be7ddbbd396c56b7a3c21e505e

SHA256
567881a1d29203523d4970f777a04f84d40805eaf72d22c0bab426a5393119af

SHA512
df539cddb40677caf26b1145ecbabcb6e855127c9d3ee5b06a5e12d56cfe0ab2f8eda929b858c5969012078082675b6e81b79d09a60fb7a3f27589c3c553b85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bcee0f4b-3032-4eeb-a350-3fd2805520c3.tmp

Filesize
2KB

MD5
1dd0adef885d294e769d3988b9b90eb1

SHA1
8aedab7cb3e49fe92f8072a22482b2cd5767b33c

SHA256
ad4c1db22159a24a24b6203c9eb9f7fa96630dc51c129e3f79ed8afbf9991a69

SHA512
ae4ebe43adcd88741e3c5def3ddb2ac1351086d8313d3399d05a7742193bb802b7713d891728f99e3ab781217a32fb9b6f12290e27dd2b407cd4ef8f12e8cfa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cfe9e4da-5c56-486f-8e33-beb36066490e.tmp

Filesize
2KB

MD5
77a7baa4d44270af6af62c178cf10a74

SHA1
eb1abab06a08b838e74984cf3df5e2008f83480a

SHA256
a88cc53276732ca8ffa378228aaea41a88436b9b1d622d239f579d6b1c243646

SHA512
a466bf72133f810f1f6ce2c8e1b756a7b548f1fde911894bdb2abe66844d92182046635661d73c280a52e85762305e818456d838fabf28465da53102aa0b51f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eW20Tq.exe

Filesize
349KB

MD5
f3d949829dbb49503a46b14851923201

SHA1
dcb51153089bd307a35eabffa68b2bc823578dce

SHA256
d2e04b3b75debf800ba6edc0c276f2be73e069b88dd5280f36a662463f103d6e

SHA512
ae7e81a6aa8bd3f9b14578ed09904d52c059658554bd7339686d2bff7864f4eb8ef98c956277de7c2cc9f7737812efb6431792214c086c3a940bc51b24c702f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eW20Tq.exe

Filesize
349KB

MD5
f3d949829dbb49503a46b14851923201

SHA1
dcb51153089bd307a35eabffa68b2bc823578dce

SHA256
d2e04b3b75debf800ba6edc0c276f2be73e069b88dd5280f36a662463f103d6e

SHA512
ae7e81a6aa8bd3f9b14578ed09904d52c059658554bd7339686d2bff7864f4eb8ef98c956277de7c2cc9f7737812efb6431792214c086c3a940bc51b24c702f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe

Filesize
674KB

MD5
ecb636d9242b2ee88efeeec7044c9773

SHA1
5a91e813eb1f42664ed7ce0372cf8972e5e9e7db

SHA256
428ff41e8510c937c7e4bf6709c3f9109c569199cf8155aea0ae9c6877edf89b

SHA512
f4a6e8c265bde74ae5b995932d61c45d1e1a823f419a6a6ef40de107a4cbc4b1023f5a80b9d1678ad4e00efe9a056c3980226c7721eb6fd93113cb177c62bef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe

Filesize
674KB

MD5
ecb636d9242b2ee88efeeec7044c9773

SHA1
5a91e813eb1f42664ed7ce0372cf8972e5e9e7db

SHA256
428ff41e8510c937c7e4bf6709c3f9109c569199cf8155aea0ae9c6877edf89b

SHA512
f4a6e8c265bde74ae5b995932d61c45d1e1a823f419a6a6ef40de107a4cbc4b1023f5a80b9d1678ad4e00efe9a056c3980226c7721eb6fd93113cb177c62bef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe

Filesize
895KB

MD5
6b5874811db21dccaa2d905bb08c0e0b

SHA1
033faa26aace3b006a89108a255b64a716296807

SHA256
86449f6f2437a436fe2cc8f30b8dc51e983d6e353a07871f4c1972d55b32c227

SHA512
325d721d8926e75ca3c675cb8e1677df5962ea18d5112bc9cf25ab65560eb18530fe0219532ef6d3db5e8c916e10b8eb635c60e78bc10096c9c7c6fedbda5a0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe

Filesize
895KB

MD5
6b5874811db21dccaa2d905bb08c0e0b

SHA1
033faa26aace3b006a89108a255b64a716296807

SHA256
86449f6f2437a436fe2cc8f30b8dc51e983d6e353a07871f4c1972d55b32c227

SHA512
325d721d8926e75ca3c675cb8e1677df5962ea18d5112bc9cf25ab65560eb18530fe0219532ef6d3db5e8c916e10b8eb635c60e78bc10096c9c7c6fedbda5a0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4lR9qV8.exe

Filesize
310KB

MD5
3a314456282eda4e75cd13793cb5344d

SHA1
26dbf8ca65982e00c5fe0fda227365c5375451df

SHA256
4230cd4e77428e5e061746f1ef4025c924c2fc355ef2bec3c1e059d1f157ef62

SHA512
3f3495b78c9661c6fb2fb1f3f2d5a0292c6064c42f9478f361281e36166d460c2234ff2712c90de46aac4dee7f4240ab60a6800ed61b573b3746d722401b2edd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4lR9qV8.exe

Filesize
310KB

MD5
3a314456282eda4e75cd13793cb5344d

SHA1
26dbf8ca65982e00c5fe0fda227365c5375451df

SHA256
4230cd4e77428e5e061746f1ef4025c924c2fc355ef2bec3c1e059d1f157ef62

SHA512
3f3495b78c9661c6fb2fb1f3f2d5a0292c6064c42f9478f361281e36166d460c2234ff2712c90de46aac4dee7f4240ab60a6800ed61b573b3746d722401b2edd

Download Submit
memory/4940-37-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4940-38-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4940-36-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4940-40-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6780-804-0x0000000007370000-0x0000000007402000-memory.dmp

Filesize
584KB

Download
memory/6780-683-0x0000000007880000-0x0000000007E24000-memory.dmp

Filesize
5.6MB

Download
memory/6780-593-0x0000000074740000-0x0000000074EF0000-memory.dmp

Filesize
7.7MB

Download
memory/6780-1019-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/6780-1064-0x0000000007530000-0x000000000753A000-memory.dmp

Filesize
40KB

Download
memory/6780-219-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download