mystic | e01f19a91111fa995073c5439b43d926f4834994007ecb1b84fdb5dcf415ff40

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2023 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.aed78efb08bf7ab146bf11c9531bf7a0.exe
Size

656KB
MD5

aed78efb08bf7ab146bf11c9531bf7a0
SHA1

4760164337b426e7ef6beee28dcbff6630b2f860
SHA256

e01f19a91111fa995073c5439b43d926f4834994007ecb1b84fdb5dcf415ff40
SHA512

9b77b06072647fd7ebad3d01f884ae56c7f72dd81406efb30007b2dee1983ccb4d82a5f0c2b3b4e2daf6bd0bdca719877972d479bb552b9d7a9be9df002526ec
SSDEEP

12288:mMrNy90n0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6pmYAhKyTlIh:DyGiaaewIsgCQGIgYDPChKuC

Score

10^/10

mystic persistence stealer

Malware Config

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/5288-73-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/5288-72-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/5288-74-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/5288-76-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Mystic
Mystic is an infostealer written in C++.
stealer mystic

Executes dropped EXE 2 IoCs

pid	Process
748	1je03ds1.exe
4200	2mS0491.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	NEAS.aed78efb08bf7ab146bf11c9531bf7a0.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0009000000022e59-5.dat	autoit_exe
behavioral1/files/0x0009000000022e59-6.dat	autoit_exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4200 set thread context of 5288	4200	2mS0491.exe	116

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5308	5288	WerFault.exe	116

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
5788	msedge.exe
5788	msedge.exe
5428	msedge.exe
5428	msedge.exe
5272	msedge.exe
5272	msedge.exe
5688	msedge.exe
5688	msedge.exe
5320	msedge.exe
5320	msedge.exe
5184	msedge.exe
5184	msedge.exe
5440	msedge.exe
5440	msedge.exe
4920	msedge.exe
4920	msedge.exe
6320	msedge.exe
6320	msedge.exe
6932	msedge.exe
6932	msedge.exe
2300	identity_helper.exe
2300	identity_helper.exe
9108	msedge.exe
9108	msedge.exe
9108	msedge.exe
9108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	9024	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	9024	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
748	1je03ds1.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 748	4792	NEAS.aed78efb08bf7ab146bf11c9531bf7a0.exe	86
PID 4792 wrote to memory of 748	4792	NEAS.aed78efb08bf7ab146bf11c9531bf7a0.exe	86
PID 4792 wrote to memory of 748	4792	NEAS.aed78efb08bf7ab146bf11c9531bf7a0.exe	86
PID 748 wrote to memory of 4672	748	1je03ds1.exe	91
PID 748 wrote to memory of 4672	748	1je03ds1.exe	91
PID 748 wrote to memory of 492	748	1je03ds1.exe	93
PID 748 wrote to memory of 492	748	1je03ds1.exe	93
PID 748 wrote to memory of 4240	748	1je03ds1.exe	94
PID 748 wrote to memory of 4240	748	1je03ds1.exe	94
PID 748 wrote to memory of 948	748	1je03ds1.exe	96
PID 748 wrote to memory of 948	748	1je03ds1.exe	96
PID 748 wrote to memory of 1784	748	1je03ds1.exe	97
PID 748 wrote to memory of 1784	748	1je03ds1.exe	97
PID 748 wrote to memory of 4920	748	1je03ds1.exe	98
PID 748 wrote to memory of 4920	748	1je03ds1.exe	98
PID 492 wrote to memory of 688	492	msedge.exe	99
PID 492 wrote to memory of 688	492	msedge.exe	99
PID 748 wrote to memory of 464	748	1je03ds1.exe	105
PID 748 wrote to memory of 464	748	1je03ds1.exe	105
PID 1784 wrote to memory of 3032	1784	msedge.exe	100
PID 1784 wrote to memory of 3032	1784	msedge.exe	100
PID 948 wrote to memory of 1964	948	msedge.exe	101
PID 948 wrote to memory of 1964	948	msedge.exe	101
PID 4920 wrote to memory of 2976	4920	msedge.exe	102
PID 4920 wrote to memory of 2976	4920	msedge.exe	102
PID 4672 wrote to memory of 4680	4672	msedge.exe	103
PID 4672 wrote to memory of 4680	4672	msedge.exe	103
PID 4240 wrote to memory of 2404	4240	msedge.exe	104
PID 4240 wrote to memory of 2404	4240	msedge.exe	104
PID 464 wrote to memory of 4280	464	msedge.exe	106
PID 464 wrote to memory of 4280	464	msedge.exe	106
PID 748 wrote to memory of 3856	748	1je03ds1.exe	107
PID 748 wrote to memory of 3856	748	1je03ds1.exe	107
PID 3856 wrote to memory of 3296	3856	msedge.exe	108
PID 3856 wrote to memory of 3296	3856	msedge.exe	108
PID 748 wrote to memory of 1612	748	1je03ds1.exe	109
PID 748 wrote to memory of 1612	748	1je03ds1.exe	109
PID 1612 wrote to memory of 400	1612	msedge.exe	110
PID 1612 wrote to memory of 400	1612	msedge.exe	110
PID 748 wrote to memory of 3568	748	1je03ds1.exe	112
PID 748 wrote to memory of 3568	748	1je03ds1.exe	112
PID 3568 wrote to memory of 1648	3568	msedge.exe	111
PID 3568 wrote to memory of 1648	3568	msedge.exe	111
PID 4792 wrote to memory of 4200	4792	NEAS.aed78efb08bf7ab146bf11c9531bf7a0.exe	113
PID 4792 wrote to memory of 4200	4792	NEAS.aed78efb08bf7ab146bf11c9531bf7a0.exe	113
PID 4792 wrote to memory of 4200	4792	NEAS.aed78efb08bf7ab146bf11c9531bf7a0.exe	113
PID 4200 wrote to memory of 5288	4200	2mS0491.exe	116
PID 4200 wrote to memory of 5288	4200	2mS0491.exe	116
PID 4200 wrote to memory of 5288	4200	2mS0491.exe	116
PID 4200 wrote to memory of 5288	4200	2mS0491.exe	116
PID 4200 wrote to memory of 5288	4200	2mS0491.exe	116
PID 4200 wrote to memory of 5288	4200	2mS0491.exe	116
PID 4200 wrote to memory of 5288	4200	2mS0491.exe	116
PID 4200 wrote to memory of 5288	4200	2mS0491.exe	116
PID 4200 wrote to memory of 5288	4200	2mS0491.exe	116
PID 4200 wrote to memory of 5288	4200	2mS0491.exe	116
PID 4920 wrote to memory of 5680	4920	msedge.exe	139
PID 4920 wrote to memory of 5680	4920	msedge.exe	139
PID 4920 wrote to memory of 5680	4920	msedge.exe	139
PID 4920 wrote to memory of 5680	4920	msedge.exe	139
PID 4920 wrote to memory of 5680	4920	msedge.exe	139
PID 4920 wrote to memory of 5680	4920	msedge.exe	139
PID 4920 wrote to memory of 5680	4920	msedge.exe	139
PID 4920 wrote to memory of 5680	4920	msedge.exe	139

C:\Users\Admin\AppData\Local\Temp\NEAS.aed78efb08bf7ab146bf11c9531bf7a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.aed78efb08bf7ab146bf11c9531bf7a0.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1je03ds1.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1je03ds1.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac44b46f8,0x7ffac44b4708,0x7ffac44b4718
      4⤵
      PID:4680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15099599616048005568,4607036390003769724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15099599616048005568,4607036390003769724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
      4⤵
      PID:5340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac44b46f8,0x7ffac44b4708,0x7ffac44b4718
      4⤵
      PID:688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,13663314911657527861,3822116666268654445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,13663314911657527861,3822116666268654445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 /prefetch:2
      4⤵
      PID:5208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac44b46f8,0x7ffac44b4708,0x7ffac44b4718
      4⤵
      PID:2404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7002902520090910879,3376500804851259085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7002902520090910879,3376500804851259085,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:5780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac44b46f8,0x7ffac44b4708,0x7ffac44b4718
      4⤵
      PID:1964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,10026669065918968599,8331456420429406579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
      4⤵
      PID:6544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,10026669065918968599,8331456420429406579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
      4⤵
      PID:6536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffac44b46f8,0x7ffac44b4708,0x7ffac44b4718
      4⤵
      PID:3032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1235766783809018735,14456907412161224082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1235766783809018735,14456907412161224082,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
      4⤵
      PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac44b46f8,0x7ffac44b4708,0x7ffac44b4718
      4⤵
      PID:2976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
      4⤵
      PID:6112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:5552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:6304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
      4⤵
      PID:5680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
      4⤵
      PID:6840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
      4⤵
      PID:6944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
      4⤵
      PID:1296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
      4⤵
      PID:6240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
      4⤵
      PID:6688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
      4⤵
      PID:6484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
      4⤵
      PID:2524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
      4⤵
      PID:3916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
      4⤵
      PID:6488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
      4⤵
      PID:7868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
      4⤵
      PID:7860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
      4⤵
      PID:7852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
      4⤵
      PID:8076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
      4⤵
      PID:8180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
      4⤵
      PID:8064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7740 /prefetch:8
      4⤵
      PID:8772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8044 /prefetch:8
      4⤵
      PID:5896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8044 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 /prefetch:8
      4⤵
      PID:6836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
      4⤵
      PID:5388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
      4⤵
      PID:2000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
      4⤵
      PID:4104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,13283161295651051147,3816001024588440670,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5196 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:9108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac44b46f8,0x7ffac44b4708,0x7ffac44b4718
      4⤵
      PID:4280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,10813784914327569998,10371147673566185715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
      4⤵
      PID:3788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,10813784914327569998,10371147673566185715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac44b46f8,0x7ffac44b4708,0x7ffac44b4718
      4⤵
      PID:3296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,3329280270980949881,1429048194114023930,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
      4⤵
      PID:3752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,3329280270980949881,1429048194114023930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac44b46f8,0x7ffac44b4708,0x7ffac44b4718
      4⤵
      PID:400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15479663548447592514,14778184435788505954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
      4⤵
      PID:6856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15479663548447592514,14778184435788505954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14091780780727290810,8785070989244661294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14091780780727290810,8785070989244661294,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
      4⤵
      PID:608
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2mS0491.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2mS0491.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4200
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:5288
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 204
      4⤵
      Program crash
      PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac44b46f8,0x7ffac44b4708,0x7ffac44b4718
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5288 -ip 5288
1⤵
PID:5480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8132

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x444 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:9024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\60b1324e-25be-4662-bcd6-bd94185395f7.tmp

Filesize
2KB

MD5
08fe439088f584193fa831a226eca43b

SHA1
551b7db5e47f7d2f18c7dbece173d2571e6c8c76

SHA256
c3958342b76a1a4d5a5a74f96d14e92ae2fae20ba0123d0fbbcefa65700aa66c

SHA512
385492873610c0c9db0a93104026a5d394e6320f549409832334cf6874bb565c8644bc3552e649472d18e7e0af0207c298d438e14523ec064331159201253f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
49KB

MD5
1b16dbdc1e02bbeb2003c5997a005b28

SHA1
512b5d734e5a3427c284e743a807b4f714157bff

SHA256
0494c7c79b0fbcef20ccaed64374a6d566e3254b7d6e820ce624859c3feb68b2

SHA512
00ca8542447c6b4b5a73b3354c81ff86d90026a101420711dcafc867410a519282a140188931a307e6f7c018bfc5e54fbb9f9209ffba4540d2ae5ef385deb3c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e52dfbf68918c148b83f136e7cab950a

SHA1
ae18772c00e8423e302f208c15d88682f45e7b2b

SHA256
44ff1f6254e5cfab02fce7f75dd244c071c1849dd294bee3820f44b7c008477c

SHA512
f59760d15ae214dc12824a22efb3c25edc873ef8a146b9e4f6888fb82b9da9273100ea83e3357349ee37f80ae1ee0941626fce8962ed2b80fa914454c185128d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8c1d8e6ca870329ba3120b6338639f1f

SHA1
2f1988584a0d0c588f7c5616cc823f2232edbf47

SHA256
32b1ce9f71703330c9be9724b7143d4c6639ece4d16ac3eabe76146e297efa69

SHA512
1616f2f132c4bd256d4025ff5d3bc6ea149bbd5356b0f4342567b9c58d1535ee91935e3501149f4053500924cd593862f9041a3e8f155d99c2e71b6ac0547be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60a32cd9b42d9439c93e11f8f4253871

SHA1
4bf7b8da2f23faf552eec9ab5026cdc59ea69ca9

SHA256
5d6603ac064869a8554ce384ce31c909f9f886526da7fd4a98aeab6746788966

SHA512
ed9dc769d5b300ab313b480acc4e568475cc582b4a6eb79e42dd906eccba3a28dd76753f523813c200513025150fc82f1c26be7c2eafaeda1249903c8a0f52ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
34b5004221d0452871fb6ab14f1d9e14

SHA1
23174ca58ec40ed784d2dcfe271ad251b211bfd5

SHA256
4e26502a1edcce3eaf1eed31cfa20156922dbf4a48a8085472873a8495e8f1e5

SHA512
e340ff5d826a83bd3b674ec5168dfbf46333f5bcf5936ce8ce93bc98bdbfbae98476c756826447871465d8baf9f62e584002be9986666ea2878bc28db564f346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ac5472b57a98c7c61316c955b7289100

SHA1
9d9910fea51a5934173c77ca3963783ac9330259

SHA256
5dbf0c140ade1eb2b91ce7cb6c9f5ad171f3cc4de2df3cbd1de03f9b4a7428dc

SHA512
9655ecea87f80a9ce43e124a7cb8dfd8d752fa61464279798be1dd3ff2d1c0cfcac0d96e1e3cf128cd502b8e0ade891545ec66a2def3badd5b6fe478d24ab0d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f74333fe57a22b4b1d61c68d9adc75e3

SHA1
6c3fac4520d48238887d7193aed7306553f293a6

SHA256
7ef2c9b16ac61efd947e7f6d822eb8745b648376568e9294e3ba4a7c25e265dd

SHA512
6931676a99664aee2898bc3227f1a1e8eb8865e5919f48329354fc5a34e7cd84bfb26a91c75b4ef0f9318e432fc4101eefb96ed66fab34cc81e60312bc2e9e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\477e913c-8dfd-4c88-b5c8-a9aeeb6f62c8\index-dir\the-real-index

Filesize
2KB

MD5
e9e3d294b551cbeddb191ad33f3b1292

SHA1
270eb115a8552e39dcab855720e249df7497ca05

SHA256
511092cc51102b488bee1f55246e37018b7df31b12ed9ea0bcf2b37d0b5f2cd4

SHA512
3c6aab93ea365085a8743b0835e9088c7f45a2e86a333d24e9e15b75c75c61440c7b2604a9a405d56a3fdfdbf27da79c1ac6e9324dafce3ed8d11a9f56cb4429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\477e913c-8dfd-4c88-b5c8-a9aeeb6f62c8\index-dir\the-real-index~RFe58871d.TMP

Filesize
48B

MD5
b3a515ebb000e92a33d9f5f0347c412e

SHA1
449b7895188d8c370fbca6e6c883a5f620d2ffaa

SHA256
cc435401718bbdd86f8a34ada7bb040265382a65f6965968635148411ff8bdfc

SHA512
05c1e2e6bd15d94693098f6a1773fc29c02eae644873eeabb29b61e3f108161fc28c4996e64f421e457807b461bfe4059586ecb1a37e6fe373216180d9a9fba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a1f49c9d-7f11-4856-a3a4-06264f1f84be\index-dir\the-real-index

Filesize
624B

MD5
4607a6096b95a3b62901fb32bae52f47

SHA1
5b817e0d0a46fbcc98f435374eb0d0b998ae11d4

SHA256
9d67dc9aea6f87073a5fd38977f98502c71f988bc3268d6786b70c38281e60b3

SHA512
296427621cacdf33acbc5fe5049407f27813d3d986389e31d1049995314bb602492ba145b26a43e6b90ef221bd50a9182fd7d504ca03f1aba34803633641a1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a1f49c9d-7f11-4856-a3a4-06264f1f84be\index-dir\the-real-index~RFe58941d.TMP

Filesize
48B

MD5
bbe75cfd0bf9dbb4577708e238ce2ac7

SHA1
0d7fe2934bab5accf586817f021bde42ac3e183e

SHA256
17bbb442553c1d0f93a786abf002b384cfc3695e6e188e7d4acaf03d122b833b

SHA512
41cfe5a374208b7f37dc52853c1fd56c67ed02b7d5a2588f8e999429a61fd8c6e15fa5429597b6e37198e6bac7fac31540054b683e9ccd153afc714db22ae6bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
491a48d3e00562d568e0d51b05f4f87d

SHA1
bab15664c378abc9d8f6379515be7412cb2ba8e7

SHA256
316f161125e4ea70e5aad4a0a2100b0bca5140bb57e28ed647376bac3d405f71

SHA512
272ecf61e89b2bd7b995e27f07df840a9c959ada77abd6e6470d92b08f777dea86cfd23da0ad77ee6e746cc38f5028a03e8b495e54685942f45de93d6a588269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
917ea5fdcdf34437044bf3dacdcbafb1

SHA1
ef5343b33e119ff0a81e1a1e5bcc9c6c853d8f63

SHA256
b60a9c2e35b034f01e0d820fbd8c9eaca5b0886a9f5eaa547e684b1b51f630be

SHA512
bd33a0d8a946bdc8b1c3451c27575e1d8b9123daffce80848f98ff18ecc55247b348f860745581ea90785f93acee84cef13cffba2622e90aeb6f4f9ad15160f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
156B

MD5
839c17e7b096a5129e1b392889e0b4f3

SHA1
e5c6ba680bf97ad03955843659c6914176654b72

SHA256
6a38a6ae63707fe18f5cfc1c91f48b73bf02800b4fdce1c951da2a67c0c1872b

SHA512
efc811009bce193b8d74605d9d7872b01e4328c57c6083a2e4e667f2ad3236b259731ee5a707d19ef5c6078ec59bacb1bf22225fc78e994cfe1df447a0e32746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
a914b2d354f5fcc040ee495b7ddeda4a

SHA1
a18a4ef69f8f5e280f3ca3fe6870f72a779ddc4e

SHA256
3442328da6d8936e80d0d56a9b4cff96bb41f104d7e4c0a4c23fa096ddcb079a

SHA512
2a5ce9eaf293dd6e1bce1475c9195e71ce4e365a3502bf972f002e2ed478d94218f7b993b90e33d379e238950fec85eaccbbc77111daaff86b579edd99c188cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe581ae6.TMP

Filesize
89B

MD5
aa4af2dd390768b381f430b77902434f

SHA1
30ca208775eabde5653c95dc3caf43530b1ce824

SHA256
ec8eaa6528e03a57a69f479e6e3a5472a9643aa5aef921b6662ac970bac1e016

SHA512
7ef89e1a09bf7fd3610d8e2971741a610a89fcb3243e3ebadf56bf61783220679e6c4e93eb5c4d83883fc77bed8634d9b0e7de3b995303ff27fbfb097b7762e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\024f0975-8912-436f-91c5-44b5bbc148c9\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\024f0975-8912-436f-91c5-44b5bbc148c9\index-dir\the-real-index

Filesize
9KB

MD5
15adbf1e3aa18481af437365ed9295f7

SHA1
476f76add329e4ac1b5556b998b0e8f5c2f20f07

SHA256
c0b49aa5606a674502359cf80dac4011a4579c220bce9b10e99402855d5047f7

SHA512
8b83646d2325d2a99ef24e44f135cf5187164ac593b2ae4779dc900e6ac8e9e718622832479129d4b5297eabbc73a74b66bb26a8703348c32dc16afda2b32710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\024f0975-8912-436f-91c5-44b5bbc148c9\index-dir\the-real-index~RFe599457.TMP

Filesize
48B

MD5
537ef34f2160e6516217f0398611b86c

SHA1
58bb63fcd2964baec848cf433e11304c8d646257

SHA256
e6b7d3ab7c55d775ac26397ba1b0e91413f6e87b6989ce1a9ff913e83bb33f25

SHA512
fbfc7f09718784d46d2b810cc3e2c94147bc659a191b6af529ae9007b0c2272c0f6b35d2ae24374c8293bef5f1c2d501212d29c5e5c3e3380d820fd3b079a6dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\abeae03d-017e-4647-bfae-ed7ac3516e1a\index-dir\the-real-index

Filesize
72B

MD5
e86743040e93c8f2e4406cce0be4c0c1

SHA1
fc69f3c8202b5ad277aaa913431d3d4e0452e193

SHA256
3ac2177e206bf50ce88c83cf71564ca08981836f95869d33efbafd1fba8c7d74

SHA512
be34006768c9f463c15b0f94924b10cae6e6998dcb7c94c363c75209b8d97b4ed00c1d74200a8478170ef1fc455f0ff7a30dad0c6b27fbadbbdeff0c5bfc630a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\abeae03d-017e-4647-bfae-ed7ac3516e1a\index-dir\the-real-index~RFe58ee62.TMP

Filesize
48B

MD5
3dbd60976882142e347aaf850857a871

SHA1
60ea6f30331047a64d253ebcadba4f0a6cfb48e0

SHA256
9cae348242e3c081094cde2ff6bbca2219e1fd59c4d3639adfca1fbad1ae567f

SHA512
04cbea7de08fa1f1d41a05985e7816be6980c2406dc8e9d438a753d6f15bd88d1fb52964c3ed7597cd38e7c7d815e1624a70ad40ff346e8a1a413feab0fcdbce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
140B

MD5
b352e8a786c1cf54e37097d3d63f8ad0

SHA1
2accc97f418a446ff105db1824e84a9e4205ea73

SHA256
5ca672f55a02c763e43760919bc57dfac1d7c9f25f108fd3d0c55044423b04bf

SHA512
778e03600f95227bca80dfe9d959e4850a2314ba078f902f05610aadc2b14c07bd7ebf753a7615a14511cda85f1410e0dd55f02a7a1966449030f5e8caaebc1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
138B

MD5
1c789891a1c17f22806d59b92c8c245a

SHA1
c46ffcd49f6c16ec99c2fd6fb7d2cedfeddb610a

SHA256
2cf6a30c6667c6c81c11b394335c87ab5cd191ed8c02bb2b2174ccfea7d9c9ee

SHA512
f2b691170305cef4c7b5549a74b6906ea3ece9770d460f6987acb39ada081c34a2845f57a74c0e4a94d451cbd9cef54dd24ce19f069025bb526dc9775fadb462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe589e00.TMP

Filesize
83B

MD5
ec17c59402faee0e81933296407be08a

SHA1
364198063536cc55dbcaaf4385649fc5ab4119d5

SHA256
fad345fce37d0fb065bb60fa8a8efe984ae1afe97c71903f39761d761ecf2458

SHA512
8e5dd398a02b48449ead87a9876236f6ed112c94c4f14277603d4244477dd5ddaa26ecadc6de7f81f3b6afbe133c1ddcef934ceb0e5a5eef8010916100d7b446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
30885ee9e8e80f2e574f296e17c49399

SHA1
cab4b2af15116a4528622f033925fdd065e864cd

SHA256
cbd32497193699df4a7c390b88806532634efaf6f3d8cfd93616219308320a5c

SHA512
bd76f077cd0b1f3ef696669c065c63a87c2b74bc8855bf0f6031752257bda22f326265d80ac069c5393de139e79f463cd1aeca77e1d7e1c88f26de2d3282f54f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
3587a916193a6479ff5d6904678b03e9

SHA1
f4cbe06000b1fa05f0cdafd72c680fc087af01d4

SHA256
a0fa29a905b3f7490956aacbe5e3c1d29340f43107006351a53da4573bbb097c

SHA512
c17131ea83cb16a2fbe1cf1823ffc38a74bdd2ae35fd824f4ec5f7add30cfb9e933d0e1ef02a73e3332d75b71af5c50fa2ca01d297452f409647a3a3f787c21b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5879a0.TMP

Filesize
48B

MD5
55fcadc1034ab1eaf7f0191222cb9b15

SHA1
996e8686ecc50380fa3660880a8032a0c5c29f0f

SHA256
808beffe393835771ce74696111612d52105e9ba3d5b7ecbe20b2143e143f77d

SHA512
a61df944dbf0826df49e662f46c86514fe1e5cedb8f28b6141881b54cc7c9142dc329a39fd5647cf183c202e3b0182bb0079e16dc0058f4c9a75f63edb053136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8d9d7b2602ce30a307dbc1c6e6cb1629

SHA1
9d3a06e11c6841bb9b3d5e166253d5540e9a00ea

SHA256
a2684afbb10d6ace9ec3bad018bdaea81f926c1db0f3f5e4fa27eacbdd9aff8a

SHA512
fbd3ffb0ac7718f54445fdcc643ed6f01bf745d37253a186cce4ccf201293873e7a7d040fd088066ccdd742543871b61af7a6131e65ef4cc553b69a2df4db84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9ee1c9951291fa0bc0b4832c51d6820d

SHA1
d38890c4a88ae8fa783610326a01cca115d453fa

SHA256
bcb0f96894dc966eda5a70c5abd038846e15ccae76cf835d8308c60e0f8c9235

SHA512
a36b22999a338e2813d04b8d84f095e5be02bc08d997f556c9f82fd3955a2bf77f2a362c0b5a23243f4a9ef41f6098de5a787f6db457b9d1641e77c57917f16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5e46537ca41aee5bbf68d6ab56f30ba5

SHA1
d7a89fb47108eb6b409af7e32dcc8fcfda2ec2f3

SHA256
5f01e56cbe0f36535fee6e72e1c15fdd9dd04179773b7e208ba64bc1b81cc998

SHA512
b68c36888e2a26395cb5988f57b399f6361cba8c238a452d28969539364c5a11990646b58c63810aff3d5ab5d3d98f484957a9fc554c3b4f69a998369ce6d57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3f3bf5b44eadbdf61b5731f7a44f09a0

SHA1
2e61851f6769b7ec8f43d5b9aa3d2f6dcb1bbd23

SHA256
401499144cc2ec2577c7cb158d996e2fb698329b027381d556e45673dc729a2d

SHA512
bcc9646951fed03667bebf381e33a6b3adbe783a57c729edaf6dacd04f13ae36e620fa376f016345d73dce33fe79b3d26203ed9be369e114f7203f48dcb48c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
81698bfccfd1d012e7af265fef38536c

SHA1
04afdfc40d1b3ae6e2b90cd622f2538c4ae315dc

SHA256
7ad5fc6ead2441fc10b0267dfd8d30171a00839fc4caf4aaf1eeb92f0bc089ab

SHA512
673963988cd540aaad443618ee01316393cee8406b2ab6372c0b1538513b4bdd8db96a3dc2dae60ca21b6215ead210fadd185da3b28d5c9b0ca75687dc2956f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58941d.TMP

Filesize
1KB

MD5
a8bd2cfe84be172ed5fe146075a1f1ec

SHA1
ad3a9c1bd30ef74256df6def2fa99ede5ebe2723

SHA256
e27f989595b0484627901ec1b67bfb0930006c8ea1cbb8d629f17d26cb6854ba

SHA512
29ae4b946a0634380c3ef8aa41c498ed91e617dc8dee72737508d5a0a1bc7912a3448beb50a4570561cc0b564af319d69a1263e63be6d9e86103407db18ba11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa7bd596-ba50-43fc-9201-13b95e960b9e.tmp

Filesize
4KB

MD5
be5f3c61b617f915ae4767ea091758bb

SHA1
e56fe88ecb314169eaddafb6a31a959dd7044ef5

SHA256
f9c749c4b505062b04280e49e521ec041ad15c3bb4c1bd1703912ecd149e0c91

SHA512
942953d81c7ce1d4c627b9ee254d76233d4d4bac4dfac2d1f560e7179e4dd676053a215991051905fbc6884fdf9c54d6bc3baa86b21d906d13a6840434621868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f02bf3371ba1d71fd871aca02afc8378

SHA1
9a79fe91505995c94765df374c95628a17a90a7c

SHA256
52b76abb13dfa976f3519fb603b5522ac134034c5ea80c02daacfdaf78ebd807

SHA512
23d63f62fccd76813f3a3de20158110ed083efa7afcff72cf0208586af6e2b0a47754d969cba88b42990cfa6a681b24cf55be3fa1fab8db4f14bd3ff9e6308c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1b93bf261131f77182b982ce83affdfc

SHA1
de5260427494ff56e6a09bd41cf7821a8e1b4a8f

SHA256
833a28b2ea0edc17c6985a5c7fcad9ca13d148cdc84d70f54c3ce5546046db05

SHA512
fe382f13b1ba52a4e57e13f1bc8868dc04fd1d648dc443bbd1fc21c21b75d18740bc6aee83bd2e1e49b90fd8bc87c56954df79a205c3cd64a6f45ff45b049588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1b93bf261131f77182b982ce83affdfc

SHA1
de5260427494ff56e6a09bd41cf7821a8e1b4a8f

SHA256
833a28b2ea0edc17c6985a5c7fcad9ca13d148cdc84d70f54c3ce5546046db05

SHA512
fe382f13b1ba52a4e57e13f1bc8868dc04fd1d648dc443bbd1fc21c21b75d18740bc6aee83bd2e1e49b90fd8bc87c56954df79a205c3cd64a6f45ff45b049588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
08fe439088f584193fa831a226eca43b

SHA1
551b7db5e47f7d2f18c7dbece173d2571e6c8c76

SHA256
c3958342b76a1a4d5a5a74f96d14e92ae2fae20ba0123d0fbbcefa65700aa66c

SHA512
385492873610c0c9db0a93104026a5d394e6320f549409832334cf6874bb565c8644bc3552e649472d18e7e0af0207c298d438e14523ec064331159201253f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
7c9353240a340bc52a56062328e3005c

SHA1
716ccdaf9a9a2e4381f92db048bd5c4b142d90eb

SHA256
b8368de8881173bd2810151bd25060590b09eccd8f46bb12a22f443e71b0f761

SHA512
a7cf8cabf02a905fe85cc13e1fa1afe214370d6e1c93e37b21edc854a3592f52f4508579381e70a38d3334710bde860efe62f264376ae605a0407a305a7f63ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
7c9353240a340bc52a56062328e3005c

SHA1
716ccdaf9a9a2e4381f92db048bd5c4b142d90eb

SHA256
b8368de8881173bd2810151bd25060590b09eccd8f46bb12a22f443e71b0f761

SHA512
a7cf8cabf02a905fe85cc13e1fa1afe214370d6e1c93e37b21edc854a3592f52f4508579381e70a38d3334710bde860efe62f264376ae605a0407a305a7f63ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
82df57ad65161eec175256ad0f77e220

SHA1
27273cac414ba7234d482b08ecbc54583c6812ac

SHA256
b838c1fa3d3b196905c1c4f01b951a239d65eb3c4f769ca5ffe3335eb94bae65

SHA512
d35f446d38fe8e8d94a007ffd1da277f0ccf7cf91dc119fb74048cbec91fc1d848dd8781b1d2f33db87556fdb3097bd5772868d937d193889fa9402066fd3f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
82df57ad65161eec175256ad0f77e220

SHA1
27273cac414ba7234d482b08ecbc54583c6812ac

SHA256
b838c1fa3d3b196905c1c4f01b951a239d65eb3c4f769ca5ffe3335eb94bae65

SHA512
d35f446d38fe8e8d94a007ffd1da277f0ccf7cf91dc119fb74048cbec91fc1d848dd8781b1d2f33db87556fdb3097bd5772868d937d193889fa9402066fd3f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
91583fb97c5c0baed429e07783405aa0

SHA1
9cfe920977052f7692643feab31609bd50ce660b

SHA256
8f632f37692091d9cdcb5078f10981a58128f62fa8e0b3fa3833925a3a2503fd

SHA512
838efb37df93655be2c5332ebaf2b5b5f286a7aa27b1aba60a2bf128ad784c70e2512753fef75aaa237e672bf918851a8aa20344465a456d222eeca8f2120895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
91583fb97c5c0baed429e07783405aa0

SHA1
9cfe920977052f7692643feab31609bd50ce660b

SHA256
8f632f37692091d9cdcb5078f10981a58128f62fa8e0b3fa3833925a3a2503fd

SHA512
838efb37df93655be2c5332ebaf2b5b5f286a7aa27b1aba60a2bf128ad784c70e2512753fef75aaa237e672bf918851a8aa20344465a456d222eeca8f2120895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
363c2d8093f66dfee5768731ca025c15

SHA1
e63f6dd6953e28b5fe63eaa0a60acb899872c8d7

SHA256
735f4fd195893a9e0e3b3d38b82df1c7abfa0afc079d93f19a4645e8904af78e

SHA512
5c5ab78e3ffe76d3b3887652f559e7855b296c6b6af2f2ef5fe23c37dae81ed4d3227a1c46e367c7952ca7514fc17687c367d2d77157028ffbc5ad821bcc0ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
45073a9b4479bfc45ea4fecd3de5fc43

SHA1
1649b4828dbd22e3b3e7291301274163a0909296

SHA256
5c7f9fecf85ddd81c772bc6c26c743ac1789ab52481a86cd1ce15824ada63aaa

SHA512
efea145e719b1dcbe3dc7ee1d47f12e1097609da0c555191cf5ff8120465bf7dbdcad00f557babd9de940eb0a99ae1f59ee3fe80f97d16a3facce270e23625ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
45073a9b4479bfc45ea4fecd3de5fc43

SHA1
1649b4828dbd22e3b3e7291301274163a0909296

SHA256
5c7f9fecf85ddd81c772bc6c26c743ac1789ab52481a86cd1ce15824ada63aaa

SHA512
efea145e719b1dcbe3dc7ee1d47f12e1097609da0c555191cf5ff8120465bf7dbdcad00f557babd9de940eb0a99ae1f59ee3fe80f97d16a3facce270e23625ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1c30e2344ace6e5393b490d4ed739580

SHA1
04f485f8efbf44394fabaa2e89b2432e6f3c18c1

SHA256
9f4cd2fc5ed683396bb5d422917b8e04a2c5764c87c3c945e8a94b107bb216e1

SHA512
1c1cde27759167c4ab412092bf9b1239265dd3ddaa6d0e19d4dcafcf69a570488564e273c6cbf752b64998405f37bd468c7aba5ba7993df97cad6e09256c7bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
18d8253e8866fdd189d4a73b864f9500

SHA1
461f20869bd0d7549de82dd1d8f6f5ffd15811fd

SHA256
4cbf427ed13c6c5921344e5ca442fc24acae76e7a8d711c2b59ec4ffadedf13e

SHA512
98ab2b8d18302b0ae4f9950dfae86918c1921e258a568c48323272809b3094932670f90bdeccec5e1a420208af8c733054c3f568c5ef33ebdd38774cd12eb2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
18d8253e8866fdd189d4a73b864f9500

SHA1
461f20869bd0d7549de82dd1d8f6f5ffd15811fd

SHA256
4cbf427ed13c6c5921344e5ca442fc24acae76e7a8d711c2b59ec4ffadedf13e

SHA512
98ab2b8d18302b0ae4f9950dfae86918c1921e258a568c48323272809b3094932670f90bdeccec5e1a420208af8c733054c3f568c5ef33ebdd38774cd12eb2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
cbf7a3ffcc088effc5e77cb07fcb4be7

SHA1
8a92a06c4fb40fd87e5ed02cbde99d8b3b035eed

SHA256
16538c2790e7eb4e81ba764a5702ec57c5594b2bd59384480879ab444e30c519

SHA512
4efbbff2da137505ac6867db1cf849dcac7825ccb0819f6010f0e5fd0ad2ed7d5fb04749ded8949b60f75df1c9234721b6b61d4efb09981e8d1c1efbcc0bd55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
cbf7a3ffcc088effc5e77cb07fcb4be7

SHA1
8a92a06c4fb40fd87e5ed02cbde99d8b3b035eed

SHA256
16538c2790e7eb4e81ba764a5702ec57c5594b2bd59384480879ab444e30c519

SHA512
4efbbff2da137505ac6867db1cf849dcac7825ccb0819f6010f0e5fd0ad2ed7d5fb04749ded8949b60f75df1c9234721b6b61d4efb09981e8d1c1efbcc0bd55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
82df57ad65161eec175256ad0f77e220

SHA1
27273cac414ba7234d482b08ecbc54583c6812ac

SHA256
b838c1fa3d3b196905c1c4f01b951a239d65eb3c4f769ca5ffe3335eb94bae65

SHA512
d35f446d38fe8e8d94a007ffd1da277f0ccf7cf91dc119fb74048cbec91fc1d848dd8781b1d2f33db87556fdb3097bd5772868d937d193889fa9402066fd3f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e115bdfc-b13d-474c-a5af-c195bcf68040.tmp

Filesize
2KB

MD5
1c30e2344ace6e5393b490d4ed739580

SHA1
04f485f8efbf44394fabaa2e89b2432e6f3c18c1

SHA256
9f4cd2fc5ed683396bb5d422917b8e04a2c5764c87c3c945e8a94b107bb216e1

SHA512
1c1cde27759167c4ab412092bf9b1239265dd3ddaa6d0e19d4dcafcf69a570488564e273c6cbf752b64998405f37bd468c7aba5ba7993df97cad6e09256c7bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f636a962-f94e-4b8d-af81-0da5058b94ed.tmp

Filesize
2KB

MD5
f02bf3371ba1d71fd871aca02afc8378

SHA1
9a79fe91505995c94765df374c95628a17a90a7c

SHA256
52b76abb13dfa976f3519fb603b5522ac134034c5ea80c02daacfdaf78ebd807

SHA512
23d63f62fccd76813f3a3de20158110ed083efa7afcff72cf0208586af6e2b0a47754d969cba88b42990cfa6a681b24cf55be3fa1fab8db4f14bd3ff9e6308c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1je03ds1.exe

Filesize
895KB

MD5
e67d5cdc2cb4d824ebcfba19c47a2b27

SHA1
f0ec06f532a808320cb530fb1fda9464d1455064

SHA256
9de8e4d2cda9b0dc57f3ac9f285df1852a69375e3fd7e8cf89b73a38b01a2593

SHA512
b03299d4df73840ba4566e363c38c5a09f45763d39de2fd566d82ce52aa3a06a67b73fee6ae14cd30461ff507e4c95ef79fe01636d43ac9ba35d7dc706e575db

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1je03ds1.exe

Filesize
895KB

MD5
e67d5cdc2cb4d824ebcfba19c47a2b27

SHA1
f0ec06f532a808320cb530fb1fda9464d1455064

SHA256
9de8e4d2cda9b0dc57f3ac9f285df1852a69375e3fd7e8cf89b73a38b01a2593

SHA512
b03299d4df73840ba4566e363c38c5a09f45763d39de2fd566d82ce52aa3a06a67b73fee6ae14cd30461ff507e4c95ef79fe01636d43ac9ba35d7dc706e575db

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2mS0491.exe

Filesize
276KB

MD5
2b6b33f4c81c474d0d25b14a92494a30

SHA1
5fca7d8fe4ca044d5cc1ede8f760cb1993b16905

SHA256
4f26f29330efb3fc473041847ecde1ebead32e2308f56e299b6e6ff2000be507

SHA512
63c050f03b6c5add03ae3adb1a5515c46bfb9a9267322f0ed4aa364b764ee1f6798b028e2a56e440296d7de70def6adb4fa5aac5de7fd413d2954eab5737cae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2mS0491.exe

Filesize
276KB

MD5
2b6b33f4c81c474d0d25b14a92494a30

SHA1
5fca7d8fe4ca044d5cc1ede8f760cb1993b16905

SHA256
4f26f29330efb3fc473041847ecde1ebead32e2308f56e299b6e6ff2000be507

SHA512
63c050f03b6c5add03ae3adb1a5515c46bfb9a9267322f0ed4aa364b764ee1f6798b028e2a56e440296d7de70def6adb4fa5aac5de7fd413d2954eab5737cae3

Download Submit
memory/5288-76-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5288-74-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5288-72-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5288-73-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download