mystic | 3aaa0e01f23024591c84cd1393453bcbaa92e87043ee1233d263808cdf897a88

Analysis

max time kernel
47s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2023 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

864800f97463762e22ebb976c3b3cf8c54f869b5f8cc88d116280cec9088c169.exe
Size

1.3MB
MD5

ad217868ca3748bb09059de2833fdc0f
SHA1

64fb98b5c6a635351f8d9373c8de9a671eef6ff3
SHA256

864800f97463762e22ebb976c3b3cf8c54f869b5f8cc88d116280cec9088c169
SHA512

4f4c21c9b2608bafdf9427881a95cbb9a5b345f9e9ba629f201aa474ce678524814bef71b88233a7eebbcebe2756ac2b2617fe7153197ed298c8d33e55a0391b
SSDEEP

24576:Pyd+m+Bis2HFaeUIsmCsGMYUDruT3synTxMc4ZiOjXLvTZ6r6bN:ad+9HKQezhVG2//yTxMjZZbS6b

Score

10^/10

mystic redline taiga infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/7524-331-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7524-332-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7524-333-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7524-335-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/3560-482-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
396	ob5Jk17.exe
4736	Vu5eg67.exe
1580	10tZ84lW.exe
5256	11oP7473.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	864800f97463762e22ebb976c3b3cf8c54f869b5f8cc88d116280cec9088c169.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	ob5Jk17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	Vu5eg67.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000b000000022ce9-19.dat	autoit_exe
behavioral1/files/0x000b000000022ce9-20.dat	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7368	7524	WerFault.exe	146

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe
1580	10tZ84lW.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 396	1720	864800f97463762e22ebb976c3b3cf8c54f869b5f8cc88d116280cec9088c169.exe	91
PID 1720 wrote to memory of 396	1720	864800f97463762e22ebb976c3b3cf8c54f869b5f8cc88d116280cec9088c169.exe	91
PID 1720 wrote to memory of 396	1720	864800f97463762e22ebb976c3b3cf8c54f869b5f8cc88d116280cec9088c169.exe	91
PID 396 wrote to memory of 4736	396	ob5Jk17.exe	92
PID 396 wrote to memory of 4736	396	ob5Jk17.exe	92
PID 396 wrote to memory of 4736	396	ob5Jk17.exe	92
PID 4736 wrote to memory of 1580	4736	Vu5eg67.exe	93
PID 4736 wrote to memory of 1580	4736	Vu5eg67.exe	93
PID 4736 wrote to memory of 1580	4736	Vu5eg67.exe	93
PID 1580 wrote to memory of 524	1580	10tZ84lW.exe	96
PID 1580 wrote to memory of 524	1580	10tZ84lW.exe	96
PID 1580 wrote to memory of 404	1580	10tZ84lW.exe	98
PID 1580 wrote to memory of 404	1580	10tZ84lW.exe	98
PID 1580 wrote to memory of 3988	1580	10tZ84lW.exe	99
PID 1580 wrote to memory of 3988	1580	10tZ84lW.exe	99
PID 1580 wrote to memory of 2864	1580	10tZ84lW.exe	100
PID 1580 wrote to memory of 2864	1580	10tZ84lW.exe	100
PID 404 wrote to memory of 1532	404	msedge.exe	101
PID 404 wrote to memory of 1532	404	msedge.exe	101
PID 2864 wrote to memory of 2356	2864	msedge.exe	104
PID 2864 wrote to memory of 2356	2864	msedge.exe	104
PID 3988 wrote to memory of 4852	3988	msedge.exe	103
PID 3988 wrote to memory of 4852	3988	msedge.exe	103
PID 524 wrote to memory of 3828	524	msedge.exe	102
PID 524 wrote to memory of 3828	524	msedge.exe	102
PID 1580 wrote to memory of 3348	1580	10tZ84lW.exe	105
PID 1580 wrote to memory of 3348	1580	10tZ84lW.exe	105
PID 3348 wrote to memory of 1924	3348	msedge.exe	106
PID 3348 wrote to memory of 1924	3348	msedge.exe	106
PID 1580 wrote to memory of 1028	1580	10tZ84lW.exe	107
PID 1580 wrote to memory of 1028	1580	10tZ84lW.exe	107
PID 1028 wrote to memory of 1568	1028	msedge.exe	108
PID 1028 wrote to memory of 1568	1028	msedge.exe	108
PID 1580 wrote to memory of 2728	1580	10tZ84lW.exe	109
PID 1580 wrote to memory of 2728	1580	10tZ84lW.exe	109
PID 2728 wrote to memory of 3580	2728	msedge.exe	110
PID 2728 wrote to memory of 3580	2728	msedge.exe	110
PID 1580 wrote to memory of 3648	1580	10tZ84lW.exe	111
PID 1580 wrote to memory of 3648	1580	10tZ84lW.exe	111
PID 3648 wrote to memory of 764	3648	msedge.exe	112
PID 3648 wrote to memory of 764	3648	msedge.exe	112
PID 1580 wrote to memory of 1616	1580	10tZ84lW.exe	113
PID 1580 wrote to memory of 1616	1580	10tZ84lW.exe	113
PID 1616 wrote to memory of 1232	1616	msedge.exe	114
PID 1616 wrote to memory of 1232	1616	msedge.exe	114
PID 1580 wrote to memory of 2276	1580	10tZ84lW.exe	115
PID 1580 wrote to memory of 2276	1580	10tZ84lW.exe	115
PID 2276 wrote to memory of 4620	2276	msedge.exe	116
PID 2276 wrote to memory of 4620	2276	msedge.exe	116
PID 4736 wrote to memory of 5256	4736	Process not Found	117
PID 4736 wrote to memory of 5256	4736	Process not Found	117
PID 4736 wrote to memory of 5256	4736	Process not Found	117
PID 3648 wrote to memory of 3352	3648	msedge.exe	142
PID 3648 wrote to memory of 3352	3648	msedge.exe	142
PID 1616 wrote to memory of 748	1616	msedge.exe	140
PID 1616 wrote to memory of 748	1616	msedge.exe	140
PID 3988 wrote to memory of 4932	3988	msedge.exe	141
PID 3988 wrote to memory of 4932	3988	msedge.exe	141
PID 1616 wrote to memory of 748	1616	msedge.exe	140
PID 3988 wrote to memory of 4932	3988	msedge.exe	141
PID 1616 wrote to memory of 748	1616	msedge.exe	140
PID 1616 wrote to memory of 748	1616	msedge.exe	140
PID 3988 wrote to memory of 4932	3988	msedge.exe	141
PID 1616 wrote to memory of 748	1616	msedge.exe	140

C:\Users\Admin\AppData\Local\Temp\864800f97463762e22ebb976c3b3cf8c54f869b5f8cc88d116280cec9088c169.exe
"C:\Users\Admin\AppData\Local\Temp\864800f97463762e22ebb976c3b3cf8c54f869b5f8cc88d116280cec9088c169.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ob5Jk17.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ob5Jk17.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:396
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Vu5eg67.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Vu5eg67.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10tZ84lW.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10tZ84lW.exe
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:524
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffecc1d46f8,0x7ffecc1d4708,0x7ffecc1d4718
        6⤵
        
        PID:3828
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,17838972286883732850,4413628386679699254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
        6⤵
        
        PID:5296
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17838972286883732850,4413628386679699254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
        6⤵
        
        PID:2740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:404
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffecc1d46f8,0x7ffecc1d4708,0x7ffecc1d4718
        6⤵
        
        PID:1532
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12820745344107743966,17422418329150530566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        6⤵
        
        PID:5148
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12820745344107743966,17422418329150530566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        6⤵
        
        PID:3996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3988
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc1d46f8,0x7ffecc1d4708,0x7ffecc1d4718
        6⤵
        
        PID:4852
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,18310080265393873469,12547394802482410426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
        6⤵
        
        PID:3552
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18310080265393873469,12547394802482410426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        6⤵
        
        PID:4932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2864
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc1d46f8,0x7ffecc1d4708,0x7ffecc1d4718
        6⤵
        
        PID:2356
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,5110970399853302710,5918953001402055951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
        6⤵
        
        PID:5136
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,5110970399853302710,5918953001402055951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        6⤵
        
        PID:5028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3348
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc1d46f8,0x7ffecc1d4708,0x7ffecc1d4718
        6⤵
        
        PID:1924
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17477736325261922961,4274371306281654703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
        6⤵
        
        PID:5288
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17477736325261922961,4274371306281654703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        6⤵
        
        PID:5356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1028
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc1d46f8,0x7ffecc1d4708,0x7ffecc1d4718
        6⤵
        
        PID:1568
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8468201898896944812,5564457996090777503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
        6⤵
        
        PID:3116
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8468201898896944812,5564457996090777503,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        6⤵
        
        PID:3108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2728
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc1d46f8,0x7ffecc1d4708,0x7ffecc1d4718
        6⤵
        
        PID:3580
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3893517609401985538,16557070383692124349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
        6⤵
        
        PID:5316
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3893517609401985538,16557070383692124349,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        6⤵
        
        PID:2764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc1d46f8,0x7ffecc1d4708,0x7ffecc1d4718
        6⤵
        
        PID:764
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,11675575197554882289,5089149405043352461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
        6⤵
        
        PID:5268
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,11675575197554882289,5089149405043352461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
        6⤵
        
        PID:3352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1616
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc1d46f8,0x7ffecc1d4708,0x7ffecc1d4718
        6⤵
        
        PID:1232
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
        6⤵
        
        PID:5324
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
        6⤵
        
        PID:6208
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
        6⤵
        
        PID:6712
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
        6⤵
        
        PID:6704
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
        6⤵
        
        PID:748
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
        6⤵
        
        PID:6916
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
        6⤵
        
        PID:7472
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
        6⤵
        
        PID:7744
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
        6⤵
        
        PID:8156
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
        6⤵
        
        PID:4400
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
        6⤵
        
        PID:5828
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
        6⤵
        
        PID:6140
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
        6⤵
        
        PID:7312
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
        6⤵
        
        PID:6020
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
        6⤵
        
        PID:7416
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
        6⤵
        
        PID:7700
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
        6⤵
        
        PID:4792
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
        6⤵
        
        PID:2524
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1
        6⤵
        
        PID:6180
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
        6⤵
        
        PID:6532
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
        6⤵
        
        PID:3508
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
        6⤵
        
        PID:5480
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
        6⤵
        
        PID:3504
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
        6⤵
        
        PID:7040
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:1
        6⤵
        
        PID:3472
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
        6⤵
        
        PID:5224
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,9591445808431849213,17997192831270486822,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7836 /prefetch:8
        6⤵
        
        PID:6860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2276
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc1d46f8,0x7ffecc1d4708,0x7ffecc1d4718
        6⤵
        
        PID:4620
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7302098578343881447,2219058130139670486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
        6⤵
        
        PID:5644
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7302098578343881447,2219058130139670486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        6⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11oP7473.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11oP7473.exe
      4⤵
      Executes dropped EXE
      PID:5256
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        
        PID:6552
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        
        PID:7524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 540
        6⤵
        Program crash
        
        PID:7368
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12Zl475.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12Zl475.exe
    3⤵
    PID:5804
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:7696
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:2540
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:3560
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13cd548.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13cd548.exe
  2⤵
  PID:5160
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7524 -ip 7524
1⤵
PID:6620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2adf59f3-ec09-4802-a664-a9b7b7299b70.tmp

Filesize
2KB

MD5
3d9f9088a44bf82c3ee1292457293894

SHA1
9cc5b4fa42ed4dbb645fc420564ea9599aa79cff

SHA256
b799a87d5d9dfd51e110af9f31d4b7f090935f442cd01e0f6d0c3caacfe1c1bc

SHA512
87c0b926b3e70439cd471484dd00a7d07e5d23a08ffd8224c349832e0afd119bbc3f805ecb1451582831c13c7aa84f9ed7126a463983b024b193c69d365f413e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\31c0ac87-14e9-4e09-bd6c-ef1f4ac0e148.tmp

Filesize
2KB

MD5
7942469c8e7bd42f4e9ea300a1100d1b

SHA1
172d9f84b74c8f2a1a6a8cfe81c543578cc1e7fb

SHA256
f0ed86247d157b4b8c54eb459e74f63d316480af6abf0adef8dcc1677f177b4a

SHA512
5e8471634dbac4eff0347526eac0790258452dd7a9edea13b00dadc2aaed3ddb3bb925a5075482014035b9e18d01626579308b6732712ca7aaeebc53ba44a7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4a826b0f-00ee-483e-8791-e95cda9ec0a3.tmp

Filesize
2KB

MD5
fc570ee11b9fe432c3b926d265bf8dbc

SHA1
2e8bcf3c592c61abd9b20544321ba09c7f926442

SHA256
ea93cc59be451c3e8975c99e1a8e5b571cf24419d37cf79cd54d1b73a4e588ba

SHA512
18be282c5fb5c0b6030b9e1f8f6f0cf6f6ed230b54ecda4083d773f6fa57910dc5db9c9bec3b0900ccdaf6fe2e53fcb45152ecd356bc70a3c22b88af0a1640fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6810313c-6382-43d5-bf29-5d1ecadb9229.tmp

Filesize
2KB

MD5
50a90c9a08ee30339e48e424a0f9b486

SHA1
cab10badf5c9b9de1151a573da7975e8249ac607

SHA256
9d94dcd42fc47439b95c3bbedc82b0495bbf3139cb37e5165a8b449cf043d02f

SHA512
a6a837c85e90ab737f9d662d7ff9ad833c6093a1d20a77627b6738aa7d126d38aa634e7eeff3dc416be532fbcbea528df2197c0df7aba9294bb1e5b7a32c0526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6bdeaf8f-34e5-4e35-8ec7-3eefcd61dfca.tmp

Filesize
2KB

MD5
978558176627538494ca8fbe46383e35

SHA1
ba06c50f02b53b309febcaebfed67dd92fa0bd33

SHA256
633aef093bd8ffb9da1bb085af7c14153d7c02a1cb7855532024513227add81a

SHA512
0480ceb842957682be46082fbcf048bdd4630090ddd52f25956f9b8a103ed3a41f176475bfac8e45ca2f5e0800ffd8253aa88e045b08b4128a80368f9edfc205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8208d63d-4ac3-4b7e-acca-7ec2a88c312e.tmp

Filesize
2KB

MD5
ac29697a7c562f373aaa3310fafde741

SHA1
5e76c43f355c4bc15c78dc540ee63889f6e8b41e

SHA256
8c14998616486e60de8c8932522c4008968aaa6480628b3f0a657c92a89252ec

SHA512
9f270828a65bc1298f4a58d1dc1f7434b976aac9cf27bd8eb3f5b1e5a646769f17d67e1d12246240f9cb28b95a40290f815b9f375ed99988b3e97d3b114569d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
33KB

MD5
fdbf5bcfbb02e2894a519454c232d32f

SHA1
5e225710e9560458ac032ab80e24d0f3cb81b87a

SHA256
d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c

SHA512
9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
224KB

MD5
4e08109ee6888eeb2f5d6987513366bc

SHA1
86340f5fa46d1a73db2031d80699937878da635e

SHA256
bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339

SHA512
4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
186KB

MD5
740a924b01c31c08ad37fe04d22af7c5

SHA1
34feb0face110afc3a7673e36d27eee2d4edbbff

SHA256
f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

SHA512
da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
afa84e14b85403917934f9dcfc1db9f2

SHA1
03a4f9c4d3cba309432e3ca712e4b7f10071f7fb

SHA256
6c43624fc26723da7a2c513c4520c03eefc2f1ad0cbfd3c0c15e2e4a81e9d368

SHA512
c70616bb420e94156dfda6a867c5888a6c52d960bef3f79490092a6bd18eb2db8d99743a78515c768246a1e150d8c587c88111d8686110482aca1652f3e0402b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
65aa16cdabb424a49cfd163757f0b518

SHA1
a1e3de7a6d7551e3ec6cd27bcbdf626b1533ecdc

SHA256
42436a7a743f3ce68beef6aa2daac9be2dc506416c46f7ec15430264e074be47

SHA512
b59828e0484af5628a5bdea2b92fb6692f371c88d36de37767993480ec2ac9a2c4145f2c9d46cb566fd3f3679305d13f679a7376b5f2ad5ab276c438adc03400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b925ce8ac89ab2c7142548fcaab3c70e

SHA1
ff6adadcc16c04f65155415c125b83946de63757

SHA256
d6f380d99fff65718808567215894d8d5d8a64c77cc24b258f352f0c42a56ea6

SHA512
30ed2d8d7c25357bf5a8bfaa34608f7c55db5ecdc8347ddb73727f8dc81b87b94c11579cf3522f2ad05f141421afaac1f758db541a7d08df58a45640aa3d303f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a63636e1ca3cc27db8269b2802319fee

SHA1
06a7d2a03346f4c33bac197f0df255524b120b66

SHA256
01798d67b9b9ebc5c9d01a211461aefa6e44c97e74714d7ce0d933dc0756111c

SHA512
7c938657161ecfec063febb89c4e062be67514d47c8d4e2fb88a7ef421f79e43e6cc82bff7b563f0d512be0200769269516188f8b2e1dd9e69da6b7d67f9005d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b7a952c20b542b5e788c164d04ae94e4

SHA1
b11ae95c1bc8198678dfa57a24b6adf18e9b7513

SHA256
dda40eb62103fc6e5f991bf463439da59a9f328c6e219f93c64dcbc93df0d22a

SHA512
16b2b63dfbcb3a5d647c02511c60f16b5b937309ec169cafa5ceb00a8e55ad1e490bdd43bbd5e67279d49e0a1bc90ad0c8a8548253a4a174c4c94402c70bddd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3770d8ff2565287ea804295285e61b7f

SHA1
3c97385fe5691c1fa3a29eabd88c6a8e3c2c3d5a

SHA256
c8aa650121d2447ae5b78344c16df5b98b6fc81b7d66c8980f538a9ea46ad315

SHA512
f68077281bfeea4ff605a35c358be0668ee2fdfb0eaf639332ba2ca414f7f2fa3986496b15beaa86bf88f8f3bf99de430fca8ef2e6ef74232a82aa4895bc319b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9f495bc8df9cab33757b95187d71cdd

SHA1
fe5cfba2708a35aa5fc0c5bf1a5e1ea9c6242a34

SHA256
86d440d64f024d19b35194021f8ed159a722990075b17c330fe1f359101c7dfd

SHA512
4672e6650a96f2d5981a5e40c75167eaf5c4b7a6824e468c521ffb60ac0a008257ddd93629cfbcda1f0a399f005249c4a243594817f9124bde1b2def39c5ccc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c0d3d755450991c269c64f527f56a8fa

SHA1
102d9d9ccbf96518a0fb0a153537177d4fb15e27

SHA256
db61d78ada72fa7eddfb80f8f6fe9fea36c5b84dd690197ea5e9eca4cee17f11

SHA512
7d66649d22cfe06ae1ce22bad4bbe1744c70820f4c2744be80dbf0e639d11bae210e3c503716241eb6fa44a7769dc076f76d94fee9aa21b1c4851609e71e40ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\19dd1a3b-31f7-41d3-8171-8b5162462d04\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
a1bfb799a83c7b11f900148185a617f6

SHA1
c760e0b4a4fede101b6aac6aa90d1a2e337298c1

SHA256
6336c3e52a77e66483ab7b7f135b0644a8f539a1fe12007791c22617ed385f1f

SHA512
494874d18da641d389794d74b311ad7f9e5369d6dceba93aeb188dd579bf0a64aefe5d33ed8da0cc83f4e8c80915478ea818d5f5f6bf21a98aef4457e7c34e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
116bd50ea06d3e9ee3c05675d52fae9e

SHA1
1930289d664335c7e71cc1bc263fd8cb33f05915

SHA256
2b7b2042f1efc4bf39d30f3824e7c18040735bc68069dc88af28ca365df3daa4

SHA512
b3e713378664c6c2a15c43e47102a14ae84b1c8320680c8c74c49128eb5a99dbfef026a262f31145cfa911e7ee02b804c706897831a9fffc389dfbb8d56ba8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
2f4bedb23a056efe7049103842855235

SHA1
a393775f4c33c39287875bbaefa3ab1e20101ad9

SHA256
4469b462db9aecbee458a237db860d32c00c91fb0c0d2bc9682c3d3f835c22db

SHA512
4e06375ab677165b67626be5d3ad3b74e160a60aee2ac63d1e7545b7d8fe58090c86e89c0066e89d86e3324852c621b069fa836e4afedd3e319d3c3a432f3592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
e074de0ac9a32492ccd75bbe6b06a29b

SHA1
f74918013dba586c3019eca5e9132ab6419d0686

SHA256
fd6a25eca87d37f55813536ab9701c21de90a60e6cde5d8ca4e36e0dc3fe183b

SHA512
6b081a52811d4609736e8b93c385d009d2f856637e09fd1136b2c40cab5ea7703f6abe77335ae2cd91562b1b3454e7afb8c3d7aafa2825ddee4997d3b673f643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\347e4bbb-f043-4a2f-88f6-d2d5a521f067\index-dir\the-real-index

Filesize
72B

MD5
7782ccf5e9faaabf97ed7646577e5d00

SHA1
733165822aa930fcd4a2e5dbc3ecea315f9f3848

SHA256
917513ab555bf080b4a3f7e170265c50b4e576f58ede5077bbd75b0389d82ef3

SHA512
fb04ce5e3a075dbb7497dc51872506d51c27082fc0725232adf3545bb436ebbc5cf269fd5a5e111edd29c893fedc72eb33316a35c0768d145088985bdda2d2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\347e4bbb-f043-4a2f-88f6-d2d5a521f067\index-dir\the-real-index~RFe5a2c9f.TMP

Filesize
48B

MD5
5aac482f068462f53153c92a95c0a2c0

SHA1
837f9f5cdb89e87b9b764848e5af9532ccd24ab6

SHA256
38efbd8a192b42dd5e99d1f8f1d8a931883f85afc63b116f6d6f6ce32f096c83

SHA512
a985080f6ee4e1268f0c6bf90d804b948c83c2e1cc7398940e994579b5abf3b5b90776defde740ec8cf127b42c837cd601f6f35e3a4bac0f0f57229e0a33ffe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
140B

MD5
f0c8c2924249aeb67a8dad2120009ec7

SHA1
a647c8c7d675dd54adacb0f50f12e348e4db9e89

SHA256
8fad1d3e825f0ae99623d17b0465f4b713ef49dd1159490ebe28d6b63a2554b7

SHA512
3d228f377cb5200dfbf4890a19f1170f89abf8f466c89cf281efd7285f2299543b6b52ebad3bdc6b2b5c10ec8d14aa5a8d6df0dc03ecc5e43d414e3cf13176a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe59d392.TMP

Filesize
83B

MD5
9a5b1cde0e9a2166069c7a26a55ebddc

SHA1
c3690228761bc002da10c2abeb5ef9cffc147a78

SHA256
3a7104908457a8ed9db41106d04de7166c49f30104ec3cb9f4bb34ff70a9a464

SHA512
ab813ed3c0132f190e98f668117fd02beccf02f3306f33b2a89efebaff75a1bd5c174021e02007f879589044b98b79c5c01b1a444776d8815d3f60e98a3253d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
0a5c7dc90441d94b198d04cb34d4284a

SHA1
62bd6cdf0626d2b8c3f7711fc0d65087bdd68d4d

SHA256
9228bbf760f6a062efc699b8c6f10b79b268021e7e2c2d2ad9f950e709a6f403

SHA512
d97f262865af1ae10d4fed09ce594fea49f162533d985b35a0fe09e46ecdf9c1ce3ebe3602bdd1ea2557f3947fb19ea180f5289d3a88fb556ddc78eb62f72eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a57b6.TMP

Filesize
48B

MD5
e092e8b6de0e94e16b7282c06a080c2b

SHA1
240398a64cc27275d6699abe2973a77d9b90d29a

SHA256
a29bc554c20d2a262ef10c52bc21967326ba723e06b1130b6a3f9046db16ab42

SHA512
2da2112b35b178e7c07b3c078e075b9f21b7a1cd8f1ee928ce5d72a2019d419b996d0ee33d3af553f6289bbedcb55fce07474c481f54348a95a59ce7e0de98c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e3602d462ab4aed3a85aae61ae6a35ec

SHA1
b065d4f531f8ea161e2322ee910a45917fb39111

SHA256
00ff9cd327634489470b265139a71a4f1e256856fd3a854c4d2d2fd4fe89b9ee

SHA512
f1fad009492c145af728fff98f1b116f88e8097bb6f4a048a312fa0a56fdb5b100ec1947f0e84bfbcd9f1fe28a84bccaf8005a47b27de966fdc1e1a45ebda135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
651384934f1ac7f5102fbb583cab660b

SHA1
e1139566f6d85d2f43caf156bde79f2f8602ae81

SHA256
d2c6722ac8831cc923577dcffb2166937226f2585fab7b325a2ba371a541bc49

SHA512
a905f2b536b124a7a9e927a7f57e58096ab74308c0817c67ddebbcf6496bd2550e43a263fe9768cf44c957fd3db8208a659fb9aa46bc48ed9d00d35dc5cc3fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f6f6deb516229f39fb4ad860e79422c9

SHA1
ac807a963534eec70396781d431015aa0bb43716

SHA256
756111788ddafc007e63a92ac697b0bf0bdc2c2c85729cf4c59486bca4f4e0ea

SHA512
8bd637e65400d4b1f8d2a42e94678cc278d5c9e9ac84afc2ebd01fdd7d49617ad5ea9188d9267753d6013335facf408625a9d98a2f61e67e843410954788091a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d83030126e6656b6c695ef46c78ad71a

SHA1
8ee24199f67cb73e5bf8da6ffa4ce190f35734e5

SHA256
6b32e58828d918af2c63bcb00cde5502adaaca0e8199964fdcf47df3f7e24537

SHA512
bff2ff6c75d1e0581e11dd6ceaef8ab0524527ad98a4fd467bba46fe6204d012bd3d263370e67e2f78e4ec2b7ab433ce50c57ecdc0180e1370ed175ae51ac2c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
44b90a64e62366fc25e86f37637fbdee

SHA1
cbc76344c22d0424dddb14db30f84b6f2923a25a

SHA256
cb4048c93f1aab9b05522ae80b9c795d62c01ae15c4a8ff3fbb4ea9dd8bb5c02

SHA512
25dd68775b308fea13ccf5f4dac7ce8c1cea8fdd5cb4541a44d8490387a82e09640d237cb853e87945c284017148939821e7be04773150b30334030c0ec073cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
74fb5cefe27b73946cceb4a8a9f81962

SHA1
d149a96a3b3c1924e8892cc09255b4324d4456b1

SHA256
54df4f904e419098d18fe403d39871d1595203b499dfb57b6c3e5e1432465c7e

SHA512
3e68a316475ac440f1d8f60b2eb27a23d30153ef8df4ace84d89bb6eeb7e12b4243714e447071d43c504808406620f1cfa5f4bca7aa84b2289ccc4ff7590c6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c426e6167300f9aaa4fa1927d0099402

SHA1
97d888bf0c41955713bc26b1f94d633eb2ef8a19

SHA256
0b16e9ce451be9ccd77ba9c4b6a3dc1fffdd042a05b2e032c01caa6ea68f181b

SHA512
6c38079252515a2fc28c247dc725c91614ed88312bd56f7de51fa2868f84b2a917b08c3a454b12d20805d3ba9b8c047ff9be0b24ad7b81d986dfb2a4f3922726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596344.TMP

Filesize
1KB

MD5
19286c4a447cec28e1ad3606d9e014c3

SHA1
1b261016cd9bbd3631bb5ef45b8a2f4744ea2236

SHA256
e2b5fa1bb00eb243aaf338c3fdb40a2fe8f3fb61d5002a2cd60a90f3cc452cba

SHA512
1426396a484432d40eecf367a7bbbf9223aa66f42eaca6162ac0fbdcff07c306bda35e4de0fb93b117d19a990766fdbf8d97e964990742469d9e7dc51090e110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
aa445d42346c2d1caa83fe0442714d7f

SHA1
f4915c2247955e7d517dd74bd1e2556c7dafa8d1

SHA256
c00a80d4edbdc8bf4f724ce2963c08be039783d16c3b41cd506f7181892a694c

SHA512
1793f607f186e2589b0168fc46a9e81a0bfd894bd06ee03fc671a5f47fcd67c6390e69cf0595748cef110c93d5200704100b8b638111b104d109c80aec0a72a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3d9f9088a44bf82c3ee1292457293894

SHA1
9cc5b4fa42ed4dbb645fc420564ea9599aa79cff

SHA256
b799a87d5d9dfd51e110af9f31d4b7f090935f442cd01e0f6d0c3caacfe1c1bc

SHA512
87c0b926b3e70439cd471484dd00a7d07e5d23a08ffd8224c349832e0afd119bbc3f805ecb1451582831c13c7aa84f9ed7126a463983b024b193c69d365f413e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3aa88ecdab27bc63596d88ba34964324

SHA1
6410a3cbd9929430f7a7a0948fa8ff958a30182f

SHA256
8bbfc7411119fb3bd025569bf9b99a4e2a23036897dbc1eeacfce8d965074d72

SHA512
c31e19f17e39ee20500a5383cf166dad91321bb00903a3eed05eb92be65f555e5069ef1ffae183ae12fe497615a7b2d6fb56a8da23910b5337ea12b310cb92bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3aa88ecdab27bc63596d88ba34964324

SHA1
6410a3cbd9929430f7a7a0948fa8ff958a30182f

SHA256
8bbfc7411119fb3bd025569bf9b99a4e2a23036897dbc1eeacfce8d965074d72

SHA512
c31e19f17e39ee20500a5383cf166dad91321bb00903a3eed05eb92be65f555e5069ef1ffae183ae12fe497615a7b2d6fb56a8da23910b5337ea12b310cb92bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
978558176627538494ca8fbe46383e35

SHA1
ba06c50f02b53b309febcaebfed67dd92fa0bd33

SHA256
633aef093bd8ffb9da1bb085af7c14153d7c02a1cb7855532024513227add81a

SHA512
0480ceb842957682be46082fbcf048bdd4630090ddd52f25956f9b8a103ed3a41f176475bfac8e45ca2f5e0800ffd8253aa88e045b08b4128a80368f9edfc205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
7942469c8e7bd42f4e9ea300a1100d1b

SHA1
172d9f84b74c8f2a1a6a8cfe81c543578cc1e7fb

SHA256
f0ed86247d157b4b8c54eb459e74f63d316480af6abf0adef8dcc1677f177b4a

SHA512
5e8471634dbac4eff0347526eac0790258452dd7a9edea13b00dadc2aaed3ddb3bb925a5075482014035b9e18d01626579308b6732712ca7aaeebc53ba44a7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f82ca018c84cc6a3fdb8786c5bc1a871

SHA1
67c5b455857fc15abef844789a8405a699738927

SHA256
b6348a4eb5a291196d5de2f0365b422645070145166fde85a862665d5937a009

SHA512
9444b88ed2d09acfbba65e0e5f4ad3c1e878c59b717dac76a87b6ed5641f6ed90f2b12e26a7d8cc25277c1d08dab8aa851946befda1787ccba8c37cfe8b569da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f82ca018c84cc6a3fdb8786c5bc1a871

SHA1
67c5b455857fc15abef844789a8405a699738927

SHA256
b6348a4eb5a291196d5de2f0365b422645070145166fde85a862665d5937a009

SHA512
9444b88ed2d09acfbba65e0e5f4ad3c1e878c59b717dac76a87b6ed5641f6ed90f2b12e26a7d8cc25277c1d08dab8aa851946befda1787ccba8c37cfe8b569da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
50a90c9a08ee30339e48e424a0f9b486

SHA1
cab10badf5c9b9de1151a573da7975e8249ac607

SHA256
9d94dcd42fc47439b95c3bbedc82b0495bbf3139cb37e5165a8b449cf043d02f

SHA512
a6a837c85e90ab737f9d662d7ff9ad833c6093a1d20a77627b6738aa7d126d38aa634e7eeff3dc416be532fbcbea528df2197c0df7aba9294bb1e5b7a32c0526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
fc570ee11b9fe432c3b926d265bf8dbc

SHA1
2e8bcf3c592c61abd9b20544321ba09c7f926442

SHA256
ea93cc59be451c3e8975c99e1a8e5b571cf24419d37cf79cd54d1b73a4e588ba

SHA512
18be282c5fb5c0b6030b9e1f8f6f0cf6f6ed230b54ecda4083d773f6fa57910dc5db9c9bec3b0900ccdaf6fe2e53fcb45152ecd356bc70a3c22b88af0a1640fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cfd075b2ec7066e419e9aa82a5bff174

SHA1
f907607e655ac6a4865d5326b785eb0203003907

SHA256
b56978711d5375491900f5b79bb92959a429bda92e0c767fe170bbc33d1e343a

SHA512
1df5c01d70b38dd71804642473e3550715472acb4b8fb9643332e1f291eb4a9710dfda37af611d29479f9e3fd421b157fa57cf9b04f2693b35dd0741f2aeea6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
24f37d939bf77d9274ddfe62d7739ac9

SHA1
379437079db364ba562c3bb987bc9025b3850ea7

SHA256
daf94b0053e86943b4b1f876da921e3779d83548357b26bac00c8b50702d5c6b

SHA512
71cfc3123e80d06895a3282dc2cabd39ce4bd50202d64344a9eba6991583f719d3f43281016dedefcd7d0d0b2454b83a3dfd62e8788e0d16fb379f07fb264e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
fc570ee11b9fe432c3b926d265bf8dbc

SHA1
2e8bcf3c592c61abd9b20544321ba09c7f926442

SHA256
ea93cc59be451c3e8975c99e1a8e5b571cf24419d37cf79cd54d1b73a4e588ba

SHA512
18be282c5fb5c0b6030b9e1f8f6f0cf6f6ed230b54ecda4083d773f6fa57910dc5db9c9bec3b0900ccdaf6fe2e53fcb45152ecd356bc70a3c22b88af0a1640fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
7942469c8e7bd42f4e9ea300a1100d1b

SHA1
172d9f84b74c8f2a1a6a8cfe81c543578cc1e7fb

SHA256
f0ed86247d157b4b8c54eb459e74f63d316480af6abf0adef8dcc1677f177b4a

SHA512
5e8471634dbac4eff0347526eac0790258452dd7a9edea13b00dadc2aaed3ddb3bb925a5075482014035b9e18d01626579308b6732712ca7aaeebc53ba44a7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d99f5f7e-4fd2-4396-8ba5-06cac6dffc3c.tmp

Filesize
2KB

MD5
aa445d42346c2d1caa83fe0442714d7f

SHA1
f4915c2247955e7d517dd74bd1e2556c7dafa8d1

SHA256
c00a80d4edbdc8bf4f724ce2963c08be039783d16c3b41cd506f7181892a694c

SHA512
1793f607f186e2589b0168fc46a9e81a0bfd894bd06ee03fc671a5f47fcd67c6390e69cf0595748cef110c93d5200704100b8b638111b104d109c80aec0a72a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ob5Jk17.exe

Filesize
877KB

MD5
47c8080cce699783c91d6ebd4557efcf

SHA1
d80ae71745b6e54b829e85fa064496b9d2ad9e2b

SHA256
734ffee59ed599fd82330902e187b729c22d04e4c4e4b1756fdffe5ea8095fa3

SHA512
b6e59488bd82154dfe1b4f80d6ec84440b4ef0bf434e2713111fb9e09976b37412b9747ca2848bd8db2885ba3775b46cbd26f56b4aa5101f12da1c5ba9d67787

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ob5Jk17.exe

Filesize
877KB

MD5
47c8080cce699783c91d6ebd4557efcf

SHA1
d80ae71745b6e54b829e85fa064496b9d2ad9e2b

SHA256
734ffee59ed599fd82330902e187b729c22d04e4c4e4b1756fdffe5ea8095fa3

SHA512
b6e59488bd82154dfe1b4f80d6ec84440b4ef0bf434e2713111fb9e09976b37412b9747ca2848bd8db2885ba3775b46cbd26f56b4aa5101f12da1c5ba9d67787

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Vu5eg67.exe

Filesize
656KB

MD5
8d36bab40349ca7e4c2f5baeb65c4f14

SHA1
d90cd347d6a74d92dc45f789f2b82323a77497ff

SHA256
49a4fda2222c75e80d3a1073a0bf4bbea7e88e4b4cf3ab65baa16873d8563527

SHA512
c3b212be0cbdadea8607c12bcd0cc4dfb80ac00c0836e480d70bd6f209268ad36dd0939efd14def8ec9233dfc67d477ca5587b775629cfd383bfbaf2e6f803ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Vu5eg67.exe

Filesize
656KB

MD5
8d36bab40349ca7e4c2f5baeb65c4f14

SHA1
d90cd347d6a74d92dc45f789f2b82323a77497ff

SHA256
49a4fda2222c75e80d3a1073a0bf4bbea7e88e4b4cf3ab65baa16873d8563527

SHA512
c3b212be0cbdadea8607c12bcd0cc4dfb80ac00c0836e480d70bd6f209268ad36dd0939efd14def8ec9233dfc67d477ca5587b775629cfd383bfbaf2e6f803ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10tZ84lW.exe

Filesize
895KB

MD5
43ddeecd1f4b02ee24ecb021aec6f3a4

SHA1
aec82d6d2cdacead400ad610804e34324c2ba760

SHA256
661cd5398287639c1432e5259512c5542791a1dd90c74c63d323546b9d32ead9

SHA512
f31cb7b10057bb383860cddb6f783acb62b774846a32754feec3fedf289e2d3f0dd94e303043a26425aa8d6542d2f127d0dde887cb9e72da788945ee28ee09f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10tZ84lW.exe

Filesize
895KB

MD5
43ddeecd1f4b02ee24ecb021aec6f3a4

SHA1
aec82d6d2cdacead400ad610804e34324c2ba760

SHA256
661cd5398287639c1432e5259512c5542791a1dd90c74c63d323546b9d32ead9

SHA512
f31cb7b10057bb383860cddb6f783acb62b774846a32754feec3fedf289e2d3f0dd94e303043a26425aa8d6542d2f127d0dde887cb9e72da788945ee28ee09f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11oP7473.exe

Filesize
276KB

MD5
31a8e544e458a40b945d2344b1dea9df

SHA1
8738af06ecca3824352f402d9e0c1eefedfaa1b0

SHA256
cdac35589d9d3e5fdf7994ece8e3e2999bb9522a88db91d837d1494e5e095a3e

SHA512
710597d595b868351c11c27dc2d7d705d6e9589ac763d5c1c82343f361d374c2123e25a671d11f53c94b496c0e7106203dbdf1b8fca74ddeb6b5b5c7b30e1f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11oP7473.exe

Filesize
276KB

MD5
31a8e544e458a40b945d2344b1dea9df

SHA1
8738af06ecca3824352f402d9e0c1eefedfaa1b0

SHA256
cdac35589d9d3e5fdf7994ece8e3e2999bb9522a88db91d837d1494e5e095a3e

SHA512
710597d595b868351c11c27dc2d7d705d6e9589ac763d5c1c82343f361d374c2123e25a671d11f53c94b496c0e7106203dbdf1b8fca74ddeb6b5b5c7b30e1f25

Download Submit
memory/1524-511-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/1524-513-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/1524-514-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/1524-516-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/3560-577-0x0000000007D10000-0x0000000007D5C000-memory.dmp

Filesize
304KB

Download
memory/3560-482-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3560-576-0x0000000007B90000-0x0000000007BCC000-memory.dmp

Filesize
240KB

Download
memory/3560-574-0x0000000007C00000-0x0000000007D0A000-memory.dmp

Filesize
1.0MB

Download
memory/3560-573-0x0000000008930000-0x0000000008F48000-memory.dmp

Filesize
6.1MB

Download
memory/3560-779-0x0000000007880000-0x0000000007890000-memory.dmp

Filesize
64KB

Download
memory/3560-497-0x0000000074190000-0x0000000074940000-memory.dmp

Filesize
7.7MB

Download
memory/3560-524-0x0000000007A60000-0x0000000007A6A000-memory.dmp

Filesize
40KB

Download
memory/3560-498-0x0000000007D60000-0x0000000008304000-memory.dmp

Filesize
5.6MB

Download
memory/3560-499-0x0000000007890000-0x0000000007922000-memory.dmp

Filesize
584KB

Download
memory/3560-575-0x0000000007B30000-0x0000000007B42000-memory.dmp

Filesize
72KB

Download
memory/3560-512-0x0000000007880000-0x0000000007890000-memory.dmp

Filesize
64KB

Download
memory/3560-711-0x0000000074190000-0x0000000074940000-memory.dmp

Filesize
7.7MB

Download
memory/7524-331-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7524-332-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7524-333-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7524-335-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads