mystic | b059c933236a8fb4090e189992f70e925bdee71814c2064642698b41f3c32c8c

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2023 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.b059c933236a8fb4090e189992f70e925bdee71814c2064642698b41f3c32c8c.exe
Size

1.3MB
MD5

a70e240d6318d81d5a77a07e5edf9d62
SHA1

2280407baf5d363ef6c99448547a0c9c36e51b97
SHA256

b059c933236a8fb4090e189992f70e925bdee71814c2064642698b41f3c32c8c
SHA512

0bc4f33f9a77738ba768b720099a8e36e05c661c9c6418a93bc4d357e280668c12dd2af99e821423dc316d5cf39a6fcc37d5e0ffac6df7d1ae955aec3aa8cfb7
SSDEEP

24576:eyFQ5Rt24FLy89saeFIsgCWGXmIDXSAb2brhAhYdpH4s5D59pp:tFUd1eGFDGLTXkahYdt4s5tb

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/6164-406-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/6164-411-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/6164-414-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/6164-407-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/8036-517-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

Executes dropped EXE 6 IoCs

pid	Process
4828	Js6iD55.exe
4784	yb1VC68.exe
2072	3bX101Dc.exe
7224	4Nz8zg3.exe
4284	5sm31sw.exe
8048	6xC383.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	NEAS.b059c933236a8fb4090e189992f70e925bdee71814c2064642698b41f3c32c8c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	Js6iD55.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	yb1VC68.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000022df2-20.dat	autoit_exe
behavioral1/files/0x0007000000022df2-19.dat	autoit_exe

Detected potential entity reuse from brand paypal.
phishing paypal

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 7224 set thread context of 6164	7224	4Nz8zg3.exe	157
PID 4284 set thread context of 8036	4284	5sm31sw.exe	171
PID 8048 set thread context of 6120	8048	6xC383.exe	181

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6444	6164	WerFault.exe	157

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
5252	msedge.exe
5252	msedge.exe
3236	msedge.exe
3236	msedge.exe
5664	msedge.exe
5664	msedge.exe
5588	msedge.exe
5588	msedge.exe
1336	msedge.exe
1336	msedge.exe
408	msedge.exe
408	msedge.exe
6060	identity_helper.exe
6060	identity_helper.exe
6120	AppLaunch.exe
6120	AppLaunch.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
2072	3bX101Dc.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
2072	3bX101Dc.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe
2072	3bX101Dc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 4828	1152	NEAS.b059c933236a8fb4090e189992f70e925bdee71814c2064642698b41f3c32c8c.exe	89
PID 1152 wrote to memory of 4828	1152	NEAS.b059c933236a8fb4090e189992f70e925bdee71814c2064642698b41f3c32c8c.exe	89
PID 1152 wrote to memory of 4828	1152	NEAS.b059c933236a8fb4090e189992f70e925bdee71814c2064642698b41f3c32c8c.exe	89
PID 4828 wrote to memory of 4784	4828	Js6iD55.exe	91
PID 4828 wrote to memory of 4784	4828	Js6iD55.exe	91
PID 4828 wrote to memory of 4784	4828	Js6iD55.exe	91
PID 4784 wrote to memory of 2072	4784	yb1VC68.exe	92
PID 4784 wrote to memory of 2072	4784	yb1VC68.exe	92
PID 4784 wrote to memory of 2072	4784	yb1VC68.exe	92
PID 2072 wrote to memory of 3236	2072	3bX101Dc.exe	94
PID 2072 wrote to memory of 3236	2072	3bX101Dc.exe	94
PID 2072 wrote to memory of 4036	2072	3bX101Dc.exe	97
PID 2072 wrote to memory of 4036	2072	3bX101Dc.exe	97
PID 3236 wrote to memory of 4004	3236	msedge.exe	96
PID 3236 wrote to memory of 4004	3236	msedge.exe	96
PID 4036 wrote to memory of 3720	4036	msedge.exe	98
PID 4036 wrote to memory of 3720	4036	msedge.exe	98
PID 2072 wrote to memory of 1560	2072	3bX101Dc.exe	99
PID 2072 wrote to memory of 1560	2072	3bX101Dc.exe	99
PID 1560 wrote to memory of 3044	1560	msedge.exe	100
PID 1560 wrote to memory of 3044	1560	msedge.exe	100
PID 2072 wrote to memory of 1440	2072	3bX101Dc.exe	101
PID 2072 wrote to memory of 1440	2072	3bX101Dc.exe	101
PID 1440 wrote to memory of 3380	1440	msedge.exe	102
PID 1440 wrote to memory of 3380	1440	msedge.exe	102
PID 2072 wrote to memory of 5104	2072	3bX101Dc.exe	103
PID 2072 wrote to memory of 5104	2072	3bX101Dc.exe	103
PID 5104 wrote to memory of 4088	5104	msedge.exe	104
PID 5104 wrote to memory of 4088	5104	msedge.exe	104
PID 2072 wrote to memory of 4464	2072	3bX101Dc.exe	105
PID 2072 wrote to memory of 4464	2072	3bX101Dc.exe	105
PID 4464 wrote to memory of 3460	4464	msedge.exe	106
PID 4464 wrote to memory of 3460	4464	msedge.exe	106
PID 2072 wrote to memory of 464	2072	3bX101Dc.exe	107
PID 2072 wrote to memory of 464	2072	3bX101Dc.exe	107
PID 464 wrote to memory of 2388	464	msedge.exe	108
PID 464 wrote to memory of 2388	464	msedge.exe	108
PID 2072 wrote to memory of 1100	2072	3bX101Dc.exe	109
PID 2072 wrote to memory of 1100	2072	3bX101Dc.exe	109
PID 1100 wrote to memory of 1788	1100	msedge.exe	110
PID 1100 wrote to memory of 1788	1100	msedge.exe	110
PID 2072 wrote to memory of 2312	2072	3bX101Dc.exe	111
PID 2072 wrote to memory of 2312	2072	3bX101Dc.exe	111
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116
PID 3236 wrote to memory of 3120	3236	msedge.exe	116

C:\Users\Admin\AppData\Local\Temp\NEAS.b059c933236a8fb4090e189992f70e925bdee71814c2064642698b41f3c32c8c.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b059c933236a8fb4090e189992f70e925bdee71814c2064642698b41f3c32c8c.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Js6iD55.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Js6iD55.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4828
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yb1VC68.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yb1VC68.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bX101Dc.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bX101Dc.exe
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3236
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffec7af46f8,0x7ffec7af4708,0x7ffec7af4718
        6⤵
        
        PID:4004
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4512
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
        6⤵
        
        PID:4428
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
        6⤵
        
        PID:3120
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
        6⤵
        
        PID:5516
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
        6⤵
        
        PID:5508
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
        6⤵
        
        PID:5788
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
        6⤵
        
        PID:5848
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
        6⤵
        
        PID:6740
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
        6⤵
        
        PID:7000
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
        6⤵
        
        PID:7036
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
        6⤵
        
        PID:7124
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
        6⤵
        
        PID:6888
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
        6⤵
        
        PID:6920
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
        6⤵
        
        PID:5540
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
        6⤵
        
        PID:7280
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
        6⤵
        
        PID:7288
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
        6⤵
        
        PID:7612
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
        6⤵
        
        PID:7620
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
        6⤵
        
        PID:7856
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
        6⤵
        
        PID:7848
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:1
        6⤵
        
        PID:7144
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10108 /prefetch:8
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6060
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10108 /prefetch:8
        6⤵
        
        PID:6848
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
        6⤵
        
        PID:6500
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
        6⤵
        
        PID:5380
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
        6⤵
        
        PID:6856
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9736 /prefetch:8
        6⤵
        
        PID:1664
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
        6⤵
        
        PID:6164
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,7113132574250601561,9701662832996561218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4036
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffec7af46f8,0x7ffec7af4708,0x7ffec7af4718
        6⤵
        
        PID:3720
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16086967468185824212,16804691019274702909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        6⤵
        
        PID:2908
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16086967468185824212,16804691019274702909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1560
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffec7af46f8,0x7ffec7af4708,0x7ffec7af4718
        6⤵
        
        PID:3044
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7057843773780461994,14467848791682518604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5588
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7057843773780461994,14467848791682518604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        6⤵
        
        PID:2276
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1440
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffec7af46f8,0x7ffec7af4708,0x7ffec7af4718
        6⤵
        
        PID:3380
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,8507098949413057414,10330455023722537427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1336
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8507098949413057414,10330455023722537427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        6⤵
        
        PID:600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5104
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffec7af46f8,0x7ffec7af4708,0x7ffec7af4718
        6⤵
        
        PID:4088
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,6739393950496172044,17527377207162183193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
        6⤵
        
        PID:5644
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,6739393950496172044,17527377207162183193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4464
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffec7af46f8,0x7ffec7af4708,0x7ffec7af4718
        6⤵
        
        PID:3460
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,13904335547832517299,9373839362699400928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
        6⤵
        
        PID:5932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:464
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffec7af46f8,0x7ffec7af4708,0x7ffec7af4718
        6⤵
        
        PID:2388
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5446471599588615058,17482951315229638921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5664
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5446471599588615058,17482951315229638921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
        6⤵
        
        PID:2524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1100
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffec7af46f8,0x7ffec7af4708,0x7ffec7af4718
        6⤵
        
        PID:1788
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,7987182087123516289,4946147157301937006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
        6⤵
        
        PID:6620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
        5⤵
        
        PID:2312
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x104,0x170,0x7ffec7af46f8,0x7ffec7af4708,0x7ffec7af4718
        6⤵
        
        PID:4204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        
        PID:5840
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffec7af46f8,0x7ffec7af4708,0x7ffec7af4718
        6⤵
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nz8zg3.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nz8zg3.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      PID:7224
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        
        PID:6164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 548
        6⤵
        Program crash
        
        PID:6444
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sm31sw.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sm31sw.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:4284
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:8036
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6xC383.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6xC383.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:8048
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:1292
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6164 -ip 6164
1⤵
PID:5628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1375f614-c057-47b3-85bf-a95c41f2849a.tmp

Filesize
2KB

MD5
91bacdd09edaa30ea94ad8111c07e2c5

SHA1
fd809b1776a6af8a81ddcf01bac974c4f28f6961

SHA256
e53920724a20a9fb55a8d004d473b3c83c5d0a216774a3c677ada2cc70ac7246

SHA512
a35ef2a9a207fad60843452adab990d78736de49452493936987c85e96b6c0562c3d4f29eecf5aa3b959358951e267e1b54a32a21b466620dde1215d86ab3ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\46c325e9-b620-437c-b5bb-c61073ef6833.tmp

Filesize
2KB

MD5
d8e1639562e29c4b6449c031eabdac6d

SHA1
36b4b8521b16e97cc85c5fa9e57144a937975e6f

SHA256
67bb3892699f26ebd435063e999c3025d1e0ec7e695284ffa4c0a1701a6b5c8f

SHA512
4dddb7b3d499f13cb2b2de0c225e7f69744a5cdc0632fa7c9378cf5adb487aa8ffbcfcad6e9f51c317a779cbd8c0e0953a19c829a7c52c3091379fd2a18dc1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7af76bc2-0686-422e-a1c0-615e942e81a7.tmp

Filesize
2KB

MD5
29c5bcceaed46f03a0baa19cc9c5c351

SHA1
d700f078af706284a57b33e6a7736b3f73b54d78

SHA256
f74487801ca32302b56ac1b6aff996f6e820a81ea97755d1aca22aa927817a74

SHA512
21dcdcef33d6bddc85a3a7b40b63d28d0b0c725ab03667dfedb95409a6c9e1e60ef07545dc4335739f075c42e08f65b8a55b5a622d4e39394472fe3c3f4a9d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
186KB

MD5
740a924b01c31c08ad37fe04d22af7c5

SHA1
34feb0face110afc3a7673e36d27eee2d4edbbff

SHA256
f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

SHA512
da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
224KB

MD5
4e08109ee6888eeb2f5d6987513366bc

SHA1
86340f5fa46d1a73db2031d80699937878da635e

SHA256
bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339

SHA512
4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
33KB

MD5
fdbf5bcfbb02e2894a519454c232d32f

SHA1
5e225710e9560458ac032ab80e24d0f3cb81b87a

SHA256
d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c

SHA512
9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f43eff52e52cb2bb4c9ed6c3c808b271

SHA1
51e2f8ac6da1ab66ce39dcefc3335e828c6617e8

SHA256
eb32b2240658aa8d80b3335f96c54de6e1dd94a6c90383af1d59f042cb0e7eba

SHA512
c45f2675f7d209ade51a895e9b68c77c8bf656587780b89163fcf09016eed1adc2337e7b9c12956a4934abb47bdf3f37ee92b4612a8f369a01931cdd51512ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
daaf53335014803d78e9cf67da180219

SHA1
27e9c96b0e045b7e949908f338ef61bb7d826b7a

SHA256
1ce00c34a8c729780de0734f39600f136f1b611211ebc79fc7f329d8c008db36

SHA512
69763bdb92b85da4eb4ef21788bad6f9a17579357af862cd301093f67cc5dd5974d4bb244a26bbce76e615b67af4f824f1372f4d4d807474c8395c66ed8324af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7b1ce18e5ff907a7370945c3930bc490

SHA1
777ad7416c3f367a179caa4c54170a9ac04ff35e

SHA256
25e9b6c8306b6a27ccaf5ea7bb1c7a39e8785a537d29f411860f1fe246aaac50

SHA512
83f2cbbdb6ef4543838e0e1a2b6c1ea85f17d400183ba0dbe32cad16142b8a299fdebc46c1eb5a252ff5e246723619942f86d7717f0ceee9e3246cea13d81291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d1305334c74308f04b7469b6468238f1

SHA1
ea09c2c23e66937ecd7ae9197b67188a9001d1c2

SHA256
567e0324d7593c73fe8dcc462d9562f516f0a280fc7aa1c73f9acef8b4c255cf

SHA512
06dfdbc1369782aab1dd9cbd3785e131af555b09a4c40972d18e8c6e7a66fd3c834d9dd3bf4c85b5fa872bd8191a76d4819beeaa45c53694bc0a74de49acd6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fe0fc7857d425dbc58deec0b58fab922

SHA1
a40d97c5875af30582866a8e49c12f8909b5af2e

SHA256
8e64a52586a0c21dc072dee8299aecca83ef8ee40b722631b36a1c5ad1e4dff3

SHA512
d30f4a7dffebe643e5aff0a3882d58cbe9b5e901c14765620bca8f9503299b954b1c932beda73dd38ac60d9aebea337e49b6f70e0f989034e500f618356508a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2f9660b9ccff504633d1b875d11c959f

SHA1
58cd09d0095df647c9650f4b6b0da5a92b24fdf4

SHA256
29b3c23c9cbae4fad116635d3e2693a84d6d3b16079cfd3adb2c77851b676f23

SHA512
d2da7a1eabcc2b5309e03c9cfa8d615ae1794d474b414f236fc4f3fbf0805c668d5c0d7b0e2c75e919769fb63717f275fd319561aeaef36d7180372c0651d7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f5d9607dba97ee324c57ac3084424138

SHA1
202170fb3a44075384c6d0decf2b0402d7d93992

SHA256
f4860b1fda6b390f60855cb44f7dccf78e4e4f430723161619dc83388da02e28

SHA512
cf1fc31e8b2327b57f9cc27c04a06151e66dac2bdf54343c936bdf72f7150f2b9fe498681a436b6f45f7fcd2c90142db260a7507eff0cf1405724ae67392c476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8ca3b765800f881f27f3ad78ab9a0724

SHA1
78a95352d1abe4352c189e34edac3e28c77d84fa

SHA256
71a841df2cfe5df906032614776eb9cf84218daa97b21ef010242c361a77b63f

SHA512
a5bc73aaa1ff7643aac473c25018c6ac0952557bb0677dba0e4c90901bee549fa269fab8c9bed27b969c4038b5f7e533a7be6e6db77d79474613b2d4a9f64857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4e9267d4-ce0d-4105-8ea0-6412153ae3aa\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9f844405-dce4-4dfd-a694-24e97e93d399\index-dir\the-real-index

Filesize
624B

MD5
379e8206faadb4aae5aa6cf8a9f98cdf

SHA1
c823e1b812601566ce728bbbba6ca276873d81f2

SHA256
81d4c9535dd3f398d3657f4b75e3bf471382a158c654b0e6cd19a67a5eace3cd

SHA512
7defb35feda5bc8870d3582f8f3b3b3f7cb75c2e8f509a5ddc06a33f627f89b842373fe376ee82f5e0bdf7e7f4e2a4eb9c5601aee34bebf2c8c33f5e994ada8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9f844405-dce4-4dfd-a694-24e97e93d399\index-dir\the-real-index~RFe58e1d0.TMP

Filesize
48B

MD5
35331c277d110a10a51199c2d6a341c0

SHA1
677a5b17c6c420cc43d0abcaa02c5773235a6a82

SHA256
eb769331ae0a97f0347e3ebaa82d59cd06cbfe6edbece57123eb607d1f204230

SHA512
09bd77c34a8af48c51886b336541aa3f3fc0702a367a80c8aab6ae5940b0f6d73a9b52bf51266f938634616ff2d3fa40095e3fb7c90e6c34eee95d51b2b5cba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
201ab04dda858712ee08bb31128688f1

SHA1
027d563755d609e229f77884e46593e6f2173b5e

SHA256
f6b19155e5b5abf1fb642d16e0d12139a3c9b42694cb21d494103f7bc71448e7

SHA512
2a62682c02055748b099239595b3668c57709b40c264ad07b083eec6f94f32cb6bfd73c7caec3f0483cf38e3adae0cb0f8f245e7fee659be0f7ab6e12a8cb7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
2597f52af9d651fe7ab7ffd8d3b2a6f3

SHA1
86eb35a3d01fb4c1f3a75a33ddeffdcb9baae1bb

SHA256
7bd8d65c34eeb7c7188a51c858da3d9cbd32b9e04547841dc30e3e303f0b18c0

SHA512
ac79810332199bcccedd232d2834d41a20ec16edb21fc519d6bdc9120d131e5bf0388ad6c68bbe152c8350b9a25c9d047de32888ff9fcc895cd023662519d796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
87cf283e7abadd37c9b23d9c6e6c94fd

SHA1
b4168db620adccde55fa15db5456a4d3f1f0fd1e

SHA256
a0d7dab6d92b20c7910e3f92c2376b3b5db197d22e917a4095c1186ff5696548

SHA512
cf2e17a07377d4ae8303dda5322ba9735a2e8c78fbed2880de97baa041c78aa153f3fd8c4e734e81d91be096fa1bb50604c65eaa0a514adb08d60868ee1048b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
151B

MD5
038d555bb685f9f64fd03415d07c3292

SHA1
258e7bf4c705c40f710b287128839d4dd6dbfd01

SHA256
e285fade3f2bfdd7c44481ec1577dc73ce84c144795c3c075964f9e75171def3

SHA512
3919f507c5d297045d3ecddeec314d198e18c4bdfcc2b379ab181a5ffdb6d8021ebe7399500c9bc2c9e42b70787abc6d88eaea4410a93a23f5fbda5e068ca86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
bf9042017d7bd49c72c8fd758322acb4

SHA1
dd7bc0d9a246b15552dccb7ac2ba751a236e75a0

SHA256
7f0f31a2d3bb2b43243fa8cb5961180dd5e40dfa826608bf02aaed44c74290b0

SHA512
a5c6dcb95bfb09bd150efe6205f429b07bcc5d4fa5dfc5c31813d3699c77eea65ddbe447a6ff02d061ac207fede0950a1c8a3ab303a88e8c75a76c08b160d428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\806b8118-d3ca-4ef2-8518-09faf3915adf\index-dir\the-real-index

Filesize
9KB

MD5
7e1a82faeabe6123ec27c53d3f0b3f3b

SHA1
953cddf64d4c1f8ef108165923579c3d043c0e9b

SHA256
951002e3892660096059a5a9b704266ff12857e522bf9d220db0299b4c840985

SHA512
f85c1b023a401266f514379f92d0d5fe46822f93e6dd00478e5844ba780a2a6844ebd1b753aef477d81fad2f0809bb95f865d2c5836cd460870062148364b90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\806b8118-d3ca-4ef2-8518-09faf3915adf\index-dir\the-real-index~RFe597229.TMP

Filesize
48B

MD5
37c7f8b807837ec94dcb840d8e61f103

SHA1
a97d4fbe6a95eadc4b76a5ba7aa029145a247193

SHA256
e87cd06b49ce6f8bd6172e8c35c7a024a20d0c72334a71b1517e781c077d9ad3

SHA512
eddc5ae7498bb4d1eb3096f0dc8f39b2c351b29d38bef215dee15fd702795849ce5ce270c3383e99a868efe1c10a397187fc730ac44cc6dcc3f6ccc931d97bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8fe2a241-5c41-47b8-adad-2f95c803aaed\index-dir\the-real-index

Filesize
72B

MD5
8f60ff1f341f2fa5d1158ae29bc7e4eb

SHA1
4d72a3e9e4604e9d2a0a20b021f25cb0d3d5fdc5

SHA256
22138ee7a1d7d541737da5c524ae441a901756307f1c5d5b91dd7a7d1827054f

SHA512
d547c1d066f1d6d7a63d4a6ba479f1bd829e0eedd5ebf0ce09ba69a61035dbd90b16468d83e7ebd66148bda71b996522d0fede6b9fcd2539f54de2baf9d58505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8fe2a241-5c41-47b8-adad-2f95c803aaed\index-dir\the-real-index~RFe58b6e7.TMP

Filesize
48B

MD5
7bd35b2ab75498a3eec8c0f6f7c1a4f9

SHA1
28afcfff2ef3351c56c58f29040edf1b8e49a37a

SHA256
8ca38c8e1efa61f3a63b69223fe4acecc6b8e762ec9880c1e97af278ef0ae9b7

SHA512
9ee71ea2f87e4d4212a2922f351d29a957109c912e0f849a9637cb291f1f61c8048c91c51cfd78a65490c93b11862aa2b0a67763ffaf8cc88c908f791a5877ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
140B

MD5
cf76af22e5a04a9660180df24073b549

SHA1
0b3f4c2c67bf04f691d2aa387e305d9d4a68feb2

SHA256
d92ee7f028570554cc951899eaee5bf74d21167435a0d407cba1bc2ad543ed08

SHA512
1638741ead0fa2311baddb704319da869a1ab03a7741fed1b0f5a0522de65a7318e2d58370196156fc6766750cb9796e400fb79f91446ab0210477935b79ce28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
138B

MD5
73fb8967cdefeedac8619198f03021eb

SHA1
c6904a95adbfde296ff3c58aed2a6c254c5fe059

SHA256
934494034349fc77b2df9375550237f7ba9f69e4d989e7f90bb08f36d6058592

SHA512
86a8434ff61dfab2a66c53eaf29d033777902215c1238ead77ffc65281d38027d13f145c489ef638e425135c94bb0be20000d57a383490168edb0699fbb45c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe585f32.TMP

Filesize
83B

MD5
fd8a9d8421131284449b863efb68ff23

SHA1
eb83a414a22c63ecc51f11253b1f0b94c2509b6d

SHA256
1f01f23389fe1d60dc19518b7883d3e4993b5d05f5ed6a571e65d7a154b73a38

SHA512
eb9a5951ecd3c03657713078d2fbcbbb4170df5ff53b7e30ec8752327540a5b7ef3c2d285dc4c052a5832195cb69058381069587514debe120f6194c297466da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
01c697885e0f9d147a3435e2c461e2cf

SHA1
334163f8a5351bbcc06acbf9aa8778ba2c2e3fc5

SHA256
606db9a100d381ae8c45c4d8c1c67d1c40803e7bd75d06b23002545cc45a4c01

SHA512
bf322078bc10ae0258cf1fc87c725cc0629b176d8ab3eb480e90ddd93a2760f9a47f86b257524bd4b7aac44cd5aa6cbb2464618a3bbc269980b40ab0d9b4ad15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d963.TMP

Filesize
48B

MD5
2f9cb7b5144d99e5eb2fe66bbf67345d

SHA1
8acb6fe82f46ec7648e267996e0f106ac70a012a

SHA256
a98d5d5d9f4a3f5c85ee8b3115be8718e3beff0f5627e5cd553c8957f255f42c

SHA512
165b14cabdc87540f2739f90816bfa6646fdcdab8d45edbf133af7c1e6356bcf6860695e16bfbc27cbf5b9462dfafd95dfbb6bb0a664d596d58d8a4ed35a7d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8ec53f6d3cd808b57d01ab9abd396b5d

SHA1
85ce3444e576c71b593676a31c68e4a4eb4db50f

SHA256
f0258f69ad3e99e38ee54344928c8028c8e5e976c512c3e4f31261d531f34696

SHA512
cacc2602f8fdc30e17b26ad8d984f5b639a2c6debe7d974e82cad3e6499f5c87d8cfdb6098feeb59b85c28693f603139f0930e919e9fef4ff46b34576e413362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f267e94fe4efc64091520b560b79c45c

SHA1
4fb5c2898b1dd93a33b52e23825842966a70e82d

SHA256
f28e1672d3883abe761c9eef52ff2a33d333c56467e3a58058ccda0e59b27078

SHA512
eea27c4c2ebc4efd32f1f2ab3468578cee369fe72d0abe58d6dd93e08457d982e6278ab614aa953d4c96fad35e92b15ac6db6599c4cd9feb98650ea873f5ba5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2cbb8db52d15d0f0802d4eba93b02d04

SHA1
21dd5afa130b5269556b66fdd7cbb9544d53eee1

SHA256
4e021d3f5ca7ae755ee1594433c2970b79227558c42b035cfb6cf8e0f1c58d80

SHA512
00b6e36f5e307c346e20514fea9cb687396314cf04117b6d1a6ea16263e6076dd2dd99d87e5266a77b31e9f7f52238a32514228552b8f1c6260676e6dbe65c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
37908178812ea41988effe366d453282

SHA1
53344196aa7874f285b241c5940047c58d03f896

SHA256
5fc089376ea17a173be9ba265bfb10e3102b18814c338d1cd25a498d7f665234

SHA512
19a53f0e93d6d6727b59f8df9bb9d3595e2cb452f51eeb81d1fb9265c10287577301ffc9f3edc5452749d90f3f73e0faec2b40c4d0a8cda5badf2de426a1b34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3b1ab0620f2d725b37c13faa4d11375e

SHA1
975b0d29da4f605d8dc9f20289e50e7b9413496d

SHA256
4969f96d5df1e52e4c2026492a51e66ad51395234f429d791feb3c36418f1b67

SHA512
9289e7a110c972b61a17b01a498848a098d8cc7bfbc50761eb4ecfbf4fa6ecf5cc5fc5a23745f84846faa2d64ac3c1fc17f719220d2f2f44a010dd8b96871b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
95dbdc140d641a35411e5f4d9932cfe6

SHA1
b585c5354e2963492fccfb2b1df285883737f071

SHA256
9a5a7af8d7791f0982d821abcc73756e96cc62cb2ebea53523d128a18db17d6f

SHA512
b5e7d5e8e4cab2e7e34ca2568d845eaf22610f3349adf786a10127e579824f46ab916be9e3c79433898aa64a31e814bb9084cfe64b18b74e73de2945ba3c9fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9fc95a9666d9593472a78887a67bb21a

SHA1
f3e3585d5bf5193f3e37e2e62914545ab2030e50

SHA256
95c71b3ed4459135e19560afcf879935bdcab7989f5bbdf6875b36a1e9d36236

SHA512
b78f562ba490a81213a5336edf02a6ecea5bccfbf4a360be5ec3170ed5da87419b944025958acffbb2fa2d7b7f118fdbab89702cd801adef4b9381cd845ee009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a4f72141ce88e6aff6652bccb1072a33

SHA1
90705d5e1a6df38a7549f3af050acb3d9342d3b6

SHA256
3f70a0561dbc38dad5864e9ab44837ba80463cf8803f731ad539a96a761e86ad

SHA512
b2a3f0f336e321a00e2bb42fb5b1da7d88e65d11be7b5b5aadfa5054341f16249e607a2713d6521168ec71487892c5945c3a4aadc0907af8b9e2c8b07a098f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5844e4.TMP

Filesize
1KB

MD5
6057d07d3fcf58bb30a87960d1ac1ae2

SHA1
06751fbb4e9a495a55fc88630b878acc8925ef19

SHA256
7055bbfd67c2879fc041054f1841d29d7ec41d4ebd98888e9a473a38e43781a2

SHA512
a002249d2faedcb18a23462e86990cd9a68fad102100c7cc8d37329b48b3583b64e8ec2d88ef82cac6484627c572da2ffbe2d96aca20ca7235a22191af9a482b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
7a91e05133fec8887ea23dba9d7d12a0

SHA1
e22344d0bbb99936b5b497e447bfb41d53c9dcbf

SHA256
7eefc09cc60a7923595446bcaa794c50a8adcb5e451791f8b08c710106b116a6

SHA512
b1b33e8df2e1fab44cb6888502484851c4d3e39c3aaa7e90c47a3215a919b2898e1117e68ab506e0244726d7619db677d9c06b60232939cc4753f264e70cd122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
7a91e05133fec8887ea23dba9d7d12a0

SHA1
e22344d0bbb99936b5b497e447bfb41d53c9dcbf

SHA256
7eefc09cc60a7923595446bcaa794c50a8adcb5e451791f8b08c710106b116a6

SHA512
b1b33e8df2e1fab44cb6888502484851c4d3e39c3aaa7e90c47a3215a919b2898e1117e68ab506e0244726d7619db677d9c06b60232939cc4753f264e70cd122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
782dc55956e1902e02a330e223f190e4

SHA1
691551901da2a4acd77c33d0a058b63971293aa2

SHA256
dd97421b6ee30b7b2787d3657f3b1bfc7d80073d376f1f49e2133b25cc4d73b3

SHA512
762823768b385199b7fdfcabd8f2441c25e09eb5977a7370e76c1730286d2e5f57716725acc9b533a2753a707c96624314983c31319ce4d45e7f37c8e4d92f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
7a91e05133fec8887ea23dba9d7d12a0

SHA1
e22344d0bbb99936b5b497e447bfb41d53c9dcbf

SHA256
7eefc09cc60a7923595446bcaa794c50a8adcb5e451791f8b08c710106b116a6

SHA512
b1b33e8df2e1fab44cb6888502484851c4d3e39c3aaa7e90c47a3215a919b2898e1117e68ab506e0244726d7619db677d9c06b60232939cc4753f264e70cd122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
71a777895769e64314f818cf7a8be96b

SHA1
8cfd3ac96c2a62e5e4db3acaebac0d565be7acbb

SHA256
0b01afdf191bd81bc1552f0bc0c0053d44d8424429ce64850fea60b1cefe5205

SHA512
addd7373303717d23f9c9f32ddf14334e4ade8a7be4e0fc67b63289835347ebe3da6f64725cbda0200d1272d1b86bfafe2dcbb1c0c8dc67ddbe7d6120461bd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
02c8e8a4525a884ee899277deb0715db

SHA1
0102f2a708233185ddb296fd446cf1f88dcaaf4c

SHA256
88d45549ca322be7440e726335c6d41de234cf6076a5b1a5cbc743a73017814e

SHA512
3e040c094d3a746ac98b553b7b2c5a46079c814cc178828a3cb75b77244d4bd6362eacc477e3beadb3700522d0381244bc944c7d3bbf3f6d66084fd0e7575474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
02c8e8a4525a884ee899277deb0715db

SHA1
0102f2a708233185ddb296fd446cf1f88dcaaf4c

SHA256
88d45549ca322be7440e726335c6d41de234cf6076a5b1a5cbc743a73017814e

SHA512
3e040c094d3a746ac98b553b7b2c5a46079c814cc178828a3cb75b77244d4bd6362eacc477e3beadb3700522d0381244bc944c7d3bbf3f6d66084fd0e7575474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4906949366fc4da6ad57f35e4b7ab8d4

SHA1
2574b459f8ddaf1f9f805752965a9426956812a9

SHA256
7c06f8a75e7b82106bde4688b1d8964c5addd7dd15d920677e0a6c3adadf5a7b

SHA512
734fcf47df92af4cab79ac211d42b745a6467ef4e315816ce0db11f4b0aab2dae00d29f0b28c0b5bb18a6491c578170b6a06b78aebe305cd48d277ad42d3aafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
782dc55956e1902e02a330e223f190e4

SHA1
691551901da2a4acd77c33d0a058b63971293aa2

SHA256
dd97421b6ee30b7b2787d3657f3b1bfc7d80073d376f1f49e2133b25cc4d73b3

SHA512
762823768b385199b7fdfcabd8f2441c25e09eb5977a7370e76c1730286d2e5f57716725acc9b533a2753a707c96624314983c31319ce4d45e7f37c8e4d92f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e9960af5-d3d7-4fce-a3cb-930b634332d5.tmp

Filesize
2KB

MD5
71a777895769e64314f818cf7a8be96b

SHA1
8cfd3ac96c2a62e5e4db3acaebac0d565be7acbb

SHA256
0b01afdf191bd81bc1552f0bc0c0053d44d8424429ce64850fea60b1cefe5205

SHA512
addd7373303717d23f9c9f32ddf14334e4ade8a7be4e0fc67b63289835347ebe3da6f64725cbda0200d1272d1b86bfafe2dcbb1c0c8dc67ddbe7d6120461bd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fc56dd71-9bae-4b37-b1e1-4bd1ceb5898c.tmp

Filesize
2KB

MD5
d19f39dc7ea9f59f4040b79a1a4a2ca8

SHA1
3e7ac388db19184ceae6152184325a652c67ebe6

SHA256
87c3c79f925dee1717ae96e490ed12ca8c78ee0e7e4093d28913b8f645efc40c

SHA512
bffe9c07f289adc5f167654ccfd3ad1ee42e70f02e3524ed2b6e5c9d5ce52fdac80ca45e77cef507162f4b76bfece9414a2bcfffad4a674d91491e051555c54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Js6iD55.exe

Filesize
917KB

MD5
1de409d225a7ab00be5ce00b24b4ac54

SHA1
a5ce4f59f0c46d4316ecf18bb705e77470b79f34

SHA256
0e65fc43a3bf61385d3c2ddade57e1097685031c7088bb6595ac80bfb078f402

SHA512
423e2779c1eda959eaf590ff079b18702b0fd5f679c40ace4e16420cf03eff75689b620a4d23b9071dfb61dc72d42258910fd75890d881bf0f75dba9f5c2f877

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Js6iD55.exe

Filesize
917KB

MD5
1de409d225a7ab00be5ce00b24b4ac54

SHA1
a5ce4f59f0c46d4316ecf18bb705e77470b79f34

SHA256
0e65fc43a3bf61385d3c2ddade57e1097685031c7088bb6595ac80bfb078f402

SHA512
423e2779c1eda959eaf590ff079b18702b0fd5f679c40ace4e16420cf03eff75689b620a4d23b9071dfb61dc72d42258910fd75890d881bf0f75dba9f5c2f877

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yb1VC68.exe

Filesize
674KB

MD5
21fb79dca11a5dad70de2e023f9004bd

SHA1
4e5ffce8e3ac642b7c06f143cfdb8591766ce96f

SHA256
070fdca957dbc211caae6270752d39f38fb9a027b763b0f90b33ebbd03bdcb9e

SHA512
14be93c951f21454bd4604dd849d38d9c473b52b8daa4802932cd0fdbb03e1aedd55864e9742eebed98b0c3b1aa302e55f7785f6d57d52ac54d1c81992c06432

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yb1VC68.exe

Filesize
674KB

MD5
21fb79dca11a5dad70de2e023f9004bd

SHA1
4e5ffce8e3ac642b7c06f143cfdb8591766ce96f

SHA256
070fdca957dbc211caae6270752d39f38fb9a027b763b0f90b33ebbd03bdcb9e

SHA512
14be93c951f21454bd4604dd849d38d9c473b52b8daa4802932cd0fdbb03e1aedd55864e9742eebed98b0c3b1aa302e55f7785f6d57d52ac54d1c81992c06432

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bX101Dc.exe

Filesize
895KB

MD5
44140d04425421e8a902688f30bfc290

SHA1
459129760a5347e65046acd2100880fc3653f6f4

SHA256
c7135b4c5d59bb65c0bb715794bcc74cebb9c58b803d89dd655db30bfca7ac37

SHA512
a82a43b258033e2c77e24f3a36c184f9b9efdd8519dbcb17276d4ec146443fd81895c941fa776baa44a71b791ffdcb7b4a5bcb2430ad8ea871e5bd0dde5bfde2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3bX101Dc.exe

Filesize
895KB

MD5
44140d04425421e8a902688f30bfc290

SHA1
459129760a5347e65046acd2100880fc3653f6f4

SHA256
c7135b4c5d59bb65c0bb715794bcc74cebb9c58b803d89dd655db30bfca7ac37

SHA512
a82a43b258033e2c77e24f3a36c184f9b9efdd8519dbcb17276d4ec146443fd81895c941fa776baa44a71b791ffdcb7b4a5bcb2430ad8ea871e5bd0dde5bfde2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nz8zg3.exe

Filesize
310KB

MD5
7f8984684e5794af1ce53e79a4fb6e96

SHA1
82770bc6350f387c62efc97aba122ae6e303d170

SHA256
afa4dad90d95ef9041f061631089710c658fb1f412baad6446c7475a833f5196

SHA512
0851786065d446dc0aa2602a59c152b97a98e784ba882b65b37a38bd5be2cc209d006557adc84a23ffb1b2523f406803a4ab46139a33099516606481e2252a84

Download Submit
memory/6120-1135-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/6120-1133-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/6120-1131-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/6120-1132-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/6164-406-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6164-414-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6164-407-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6164-411-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8036-1533-0x0000000074370000-0x0000000074B20000-memory.dmp

Filesize
7.7MB

Download
memory/8036-521-0x0000000007E80000-0x0000000007F12000-memory.dmp

Filesize
584KB

Download
memory/8036-539-0x00000000081F0000-0x000000000823C000-memory.dmp

Filesize
304KB

Download
memory/8036-1606-0x0000000007FE0000-0x0000000007FF0000-memory.dmp

Filesize
64KB

Download
memory/8036-520-0x0000000008370000-0x0000000008914000-memory.dmp

Filesize
5.6MB

Download
memory/8036-525-0x0000000007FE0000-0x0000000007FF0000-memory.dmp

Filesize
64KB

Download
memory/8036-519-0x0000000074370000-0x0000000074B20000-memory.dmp

Filesize
7.7MB

Download
memory/8036-517-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/8036-526-0x0000000007F40000-0x0000000007F4A000-memory.dmp

Filesize
40KB

Download
memory/8036-534-0x0000000008F40000-0x0000000009558000-memory.dmp

Filesize
6.1MB

Download
memory/8036-536-0x0000000008920000-0x0000000008A2A000-memory.dmp

Filesize
1.0MB

Download
memory/8036-537-0x0000000008110000-0x0000000008122000-memory.dmp

Filesize
72KB

Download
memory/8036-538-0x00000000081B0000-0x00000000081EC000-memory.dmp

Filesize
240KB

Download