mystic | 0e0b9f17babbcc238682cad73343bb06df3b67e94921ec42e533d02ab056c2fc

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2023 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.a88a701b705403da1eaa3d48a64e5460.exe
Size

917KB
MD5

a88a701b705403da1eaa3d48a64e5460
SHA1

6aacc2a7e8418a60b7ddd3dc7ed2b0e7a460f70b
SHA256

0e0b9f17babbcc238682cad73343bb06df3b67e94921ec42e533d02ab056c2fc
SHA512

2afb5ad2d012cd81f4c2fd7a80c547496e22e6c763ab6ce6c01bb498fe151b7f5239a42d11531529e2b5a99803fcc5bc15158b3492ef57542769aa10bb84ba67
SSDEEP

12288:rMrTy90c5KFDGZ4ozMaex4IC5ipCPHGBLPLvTMXiYQTDLqeUePNYGEWkiFV5wGhh:gyV5KFikaeuIseC/GZLYDSaZ8V5Jb

Score

10^/10

mystic redline taiga infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/7204-321-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7204-322-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7204-323-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7204-325-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/8316-393-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
1156	Yz2Or75.exe
1132	3Ug965zD.exe
2460	4Nf6BY9.exe
7944	5VE99Sl.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	Yz2Or75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	NEAS.a88a701b705403da1eaa3d48a64e5460.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0006000000022e30-12.dat	autoit_exe
behavioral1/files/0x0006000000022e30-13.dat	autoit_exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2460 set thread context of 7204	2460	4Nf6BY9.exe	153
PID 7944 set thread context of 8316	7944	5VE99Sl.exe	168

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7456	7204	WerFault.exe	153

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
5148	msedge.exe
5148	msedge.exe
5356	msedge.exe
5356	msedge.exe
5628	msedge.exe
5628	msedge.exe
5484	msedge.exe
5484	msedge.exe
3680	msedge.exe
3680	msedge.exe
5852	msedge.exe
5852	msedge.exe
6084	msedge.exe
6084	msedge.exe
6244	msedge.exe
6244	msedge.exe
6716	msedge.exe
6716	msedge.exe
6752	msedge.exe
6752	msedge.exe
1084	identity_helper.exe
1084	identity_helper.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
1132	3Ug965zD.exe
1132	3Ug965zD.exe
1132	3Ug965zD.exe
1132	3Ug965zD.exe
1132	3Ug965zD.exe
1132	3Ug965zD.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1132	3Ug965zD.exe
1132	3Ug965zD.exe
1132	3Ug965zD.exe
1132	3Ug965zD.exe
1132	3Ug965zD.exe
1132	3Ug965zD.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 1156	2272	NEAS.a88a701b705403da1eaa3d48a64e5460.exe	86
PID 2272 wrote to memory of 1156	2272	NEAS.a88a701b705403da1eaa3d48a64e5460.exe	86
PID 2272 wrote to memory of 1156	2272	NEAS.a88a701b705403da1eaa3d48a64e5460.exe	86
PID 1156 wrote to memory of 1132	1156	Yz2Or75.exe	88
PID 1156 wrote to memory of 1132	1156	Yz2Or75.exe	88
PID 1156 wrote to memory of 1132	1156	Yz2Or75.exe	88
PID 1132 wrote to memory of 1988	1132	3Ug965zD.exe	90
PID 1132 wrote to memory of 1988	1132	3Ug965zD.exe	90
PID 1132 wrote to memory of 2672	1132	3Ug965zD.exe	92
PID 1132 wrote to memory of 2672	1132	3Ug965zD.exe	92
PID 1132 wrote to memory of 3680	1132	3Ug965zD.exe	93
PID 1132 wrote to memory of 3680	1132	3Ug965zD.exe	93
PID 1132 wrote to memory of 4752	1132	3Ug965zD.exe	94
PID 1132 wrote to memory of 4752	1132	3Ug965zD.exe	94
PID 1132 wrote to memory of 4036	1132	3Ug965zD.exe	95
PID 1132 wrote to memory of 4036	1132	3Ug965zD.exe	95
PID 2672 wrote to memory of 1976	2672	msedge.exe	99
PID 2672 wrote to memory of 1976	2672	msedge.exe	99
PID 4752 wrote to memory of 3796	4752	msedge.exe	96
PID 4752 wrote to memory of 3796	4752	msedge.exe	96
PID 3680 wrote to memory of 3752	3680	msedge.exe	97
PID 3680 wrote to memory of 3752	3680	msedge.exe	97
PID 1988 wrote to memory of 804	1988	msedge.exe	98
PID 1988 wrote to memory of 804	1988	msedge.exe	98
PID 4036 wrote to memory of 2660	4036	msedge.exe	100
PID 4036 wrote to memory of 2660	4036	msedge.exe	100
PID 1132 wrote to memory of 1800	1132	3Ug965zD.exe	101
PID 1132 wrote to memory of 1800	1132	3Ug965zD.exe	101
PID 1800 wrote to memory of 1504	1800	msedge.exe	102
PID 1800 wrote to memory of 1504	1800	msedge.exe	102
PID 1132 wrote to memory of 2276	1132	3Ug965zD.exe	103
PID 1132 wrote to memory of 2276	1132	3Ug965zD.exe	103
PID 2276 wrote to memory of 548	2276	msedge.exe	104
PID 2276 wrote to memory of 548	2276	msedge.exe	104
PID 1132 wrote to memory of 2928	1132	3Ug965zD.exe	105
PID 1132 wrote to memory of 2928	1132	3Ug965zD.exe	105
PID 2928 wrote to memory of 3188	2928	msedge.exe	106
PID 2928 wrote to memory of 3188	2928	msedge.exe	106
PID 1132 wrote to memory of 3164	1132	3Ug965zD.exe	107
PID 1132 wrote to memory of 3164	1132	3Ug965zD.exe	107
PID 3164 wrote to memory of 4816	3164	msedge.exe	108
PID 3164 wrote to memory of 4816	3164	msedge.exe	108
PID 1132 wrote to memory of 1000	1132	3Ug965zD.exe	109
PID 1132 wrote to memory of 1000	1132	3Ug965zD.exe	109
PID 1000 wrote to memory of 3832	1000	msedge.exe	110
PID 1000 wrote to memory of 3832	1000	msedge.exe	110
PID 1156 wrote to memory of 2460	1156	Yz2Or75.exe	111
PID 1156 wrote to memory of 2460	1156	Yz2Or75.exe	111
PID 1156 wrote to memory of 2460	1156	Yz2Or75.exe	111
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127
PID 3680 wrote to memory of 5140	3680	msedge.exe	127

C:\Users\Admin\AppData\Local\Temp\NEAS.a88a701b705403da1eaa3d48a64e5460.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a88a701b705403da1eaa3d48a64e5460.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yz2Or75.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yz2Or75.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1156
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Ug965zD.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Ug965zD.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718
        5⤵
        
        PID:804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13419888066531301156,12712010270675570786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13419888066531301156,12712010270675570786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        5⤵
        
        PID:5348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718
        5⤵
        
        PID:1976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,491612845664880448,4720015439347310573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,491612845664880448,4720015439347310573,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        5⤵
        
        PID:5844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718
        5⤵
        
        PID:3752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
        5⤵
        
        PID:5516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
        5⤵
        
        PID:5508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
        5⤵
        
        PID:5200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
        5⤵
        
        PID:5140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
        5⤵
        
        PID:5280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
        5⤵
        
        PID:6892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
        5⤵
        
        PID:6252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
        5⤵
        
        PID:6916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
        5⤵
        
        PID:7320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
        5⤵
        
        PID:7424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
        5⤵
        
        PID:7532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
        5⤵
        
        PID:7616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
        5⤵
        
        PID:7664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
        5⤵
        
        PID:7900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
        5⤵
        
        PID:7952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
        5⤵
        
        PID:8136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
        5⤵
        
        PID:5668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
        5⤵
        
        PID:8180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
        5⤵
        
        PID:4448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
        5⤵
        
        PID:7336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
        5⤵
        
        PID:8996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
        5⤵
        
        PID:3076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8204 /prefetch:8
        5⤵
        
        PID:6040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
        5⤵
        
        PID:6232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8872862113581715840,3343690858366137265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6500 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718
        5⤵
        
        PID:3796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,11456877083414959508,10223321439986248788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,11456877083414959508,10223321439986248788,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
        5⤵
        
        PID:5620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718
        5⤵
        
        PID:2660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,669221963860094073,4676267198547514188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,669221963860094073,4676267198547514188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        5⤵
        
        PID:5476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x74,0x16c,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718
        5⤵
        
        PID:1504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7529396880960947615,16063142338284914762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2276
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718
        5⤵
        
        PID:548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18084529058329591234,14901283213100470304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        5⤵
        
        PID:5888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,18084529058329591234,14901283213100470304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x40,0x16c,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718
        5⤵
        
        PID:3188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,4713397717413900361,8770508974649039215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x78,0x16c,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718
        5⤵
        
        PID:4816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15660800353446406851,14245447262890439308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718
        5⤵
        
        PID:3832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7017983178454080226,5608355726159352535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
        5⤵
        
        PID:7296
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Nf6BY9.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Nf6BY9.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:2460
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:8180
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:7204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 540
        5⤵
        Program crash
        
        PID:7456
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5VE99Sl.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5VE99Sl.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:7944
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:8288
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:8296
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:8316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7204 -ip 7204
1⤵
PID:7336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\35d9cc89-fd6f-4909-9ea4-1b8529788fbf.tmp

Filesize
8KB

MD5
036ed71634354d261eeb8e953bedfa1a

SHA1
c04ee4ac61d66fa0b7a342f7f1bc4d972cf4c940

SHA256
05bf2bee3c62a2f7f2d3358b6a639ff16e5040e4fe4cd01b7ba68a3fc27362f6

SHA512
5aa445a1711b91ea90c1d7050bed0ffeddb2726c90489d4a4c2af45b961cda78efdfded2f161f457f614b7317c87e807f15a13f459f680c2175d8b3ba6eee1a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
225KB

MD5
278ce13b5f7ac97240d5637771dc0cb2

SHA1
8c7968e288fa6c7b285da953f67c77bc699a2032

SHA256
6b97bc303716881d1abeefbfb6bb32900cf139dbc83640c53686aa23d6867e35

SHA512
65e08bc5fcec3c20facd631cc0bd7004520583521e4b3616d32f5922d2409ad8e444fc0e83cda4e7af41c6506dac431265bf2b588156937a7b7e6cd0507d67bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
33KB

MD5
fdbf5bcfbb02e2894a519454c232d32f

SHA1
5e225710e9560458ac032ab80e24d0f3cb81b87a

SHA256
d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c

SHA512
9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c953a2d5e442b49171e6877bb84a1efc

SHA1
b4553433f8019a722ba8a28ae2fc3f3ca762336a

SHA256
0bf0522d8527ae8375be0ccff932686b2141694829cbd66f325a94674b5d8661

SHA512
9c736db155f9098be3b2ed183b3840949c5c31ccfdc983cbd155b61afbe1d32af978d7c9257afd48aef33f36638dd0ca0cd30882f9037174cf8fe187914685e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cc9d66f49ff6cab0ed626ede95356de5

SHA1
0ff608f1a5fcf3071af26c4dc0e13834fd46089a

SHA256
23ac19c7a3f7d126857485b69a4546df8e1cbc961674e2746ee081a4251c6468

SHA512
02ef400f830330569479b4952b3f628f9bb38a7b8f76a1445aa9bf137142b9bae8cb4f61a385da425437153cbdfbb4e67c7fc1083de4fdaebb5595d746c5d872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0ce030c93672ad63542486d19c07f3bc

SHA1
add1def217504ccc4a264d847b7338b00c7f9a2d

SHA256
5a624e3fdf9a159ccbf101d5e7b2e73064c4b37c6f621be5ab947dcf84ad0171

SHA512
3972633aed6a45a29655d8ff31045afa27cf9a8bde83d59e3e9d2d370efa9c69b8ace5c45b5ba5dd169cc5c7d0b46e5fe82772efa34d9ba24f0ac253d27fd730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a6e363e704b6e312116d904fe74016e0

SHA1
94141f1c2ed2c751193eeec9712635553b436f41

SHA256
2d5ebf7fc3e42a97afa6f5bf3cb692d485d8ff8f92be15b0ed27c2c1d360acec

SHA512
e51d517a5bc00fae8ebfd53e6175292c15f061520a4b8a01a1792ec1899761f28b450e87d9796572f14a828c03e01decafac6658c0493e807503eeaf5e9f20b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0ab5ecaa862c8898ae4d0db059a8e9b1

SHA1
0ffec7d10b33f70e47af3e90ddc5e2c554568e1b

SHA256
824cbd2feb500c96019ba8cc014cf33ecffc2604aed7613986afbea139dc871d

SHA512
e9d0dfdfaf47463f95baa832f999b00aaa531c60c936cb013d7d358fbf077453741a8f48e00b17bbc1bf0c474ef97c1467b01d7e287f9a1ffbcf2f7462c699a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6188392fbf408666ea89dd61f9e8572

SHA1
db49dd7d423e75eaf25a0490051982fa6e428431

SHA256
39b9d5335175a6a59939dfb3e52c5cfbcbbdbe064f09c6848d02b041fb2ec4cd

SHA512
37434e952a850a4fe7a2d72b088270a621a4a31992b8b3c513d76e810f8e6946064a847de7f2197c7331122d8cd24343059f5c93577ef82b4ca67f83a6f6df5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4f8f6205-83fb-4461-b214-e8a300d04ec8\index-dir\the-real-index

Filesize
624B

MD5
a05fdd943a4f6fd576547872e8843788

SHA1
be7fa1f4a9fd54bd745032fb09ac90c684db27c0

SHA256
66c506ac7497e4ba91b6e8a70b8c43b9565dccf69c1357128faf4466c1afcefa

SHA512
eaceed8b8fc076a1e831e24853665ef578924bacf826acce2e343cf3a8f40cb21dfcb662bd82c327eccc094796a800e3aab05b13965b9ec42db05bae5cd587ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4f8f6205-83fb-4461-b214-e8a300d04ec8\index-dir\the-real-index~RFe595133.TMP

Filesize
48B

MD5
ff01b2afd1aa6241ddf07f869d8d3916

SHA1
61d5de55017423b78cc1d23b431b4b135c4e5ce1

SHA256
4fe030e955ef617a506924587d9cdeb5779ee4cdbb622edbda6602df77688d16

SHA512
f27f00fae8fd6f627ddb285144aa91fa23b3413581388f4d82530d6b4ef1d529004d6945d65aa462251e90fcc9448550226ac3191ab0801ccd9a5079bf91a041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
65743be604c143c12954216d17e367fc

SHA1
055b263683f7dec374f57160cee67a0012e600dd

SHA256
ec61a21e6f8b56686c21959977a94b47a92491ab61f9ad4ea41ba1d8843320ac

SHA512
d483a45fd85c181a717a45f85b8bcc0ff8b7ac61c61571998c3ee64111ff567e08d1b4f1bfe9f30095febf8afee2ee22d4552e2daf7e1c7a1a2854cacd4910bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
a344f3d431d78898d2bdaeb8b550b3f1

SHA1
d073ba09808dc4c1d7cab23752d08fe67765f047

SHA256
c6924dbbe8b815704c81f3f1d2e4ad187abadc0a1292b92744436f19eeac9e29

SHA512
292c4a053860e36781177ff48bd2db6a293fe61c01aab552d644891a466af9870a4925828dd17b0d7b8f1e3a8c3ab1d6691ee1d57947416389aaa5a0b10ad894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
4746619d4a1ce1b315a97e5016e4e163

SHA1
16ecae09191594d642d0ff47b94819324e5ddbaf

SHA256
86e52c69b3c549e3353b8e21b834489585f578c3aa08c85222ace02d57460470

SHA512
7ddc7f9b15d01aa20f48485d183995a7be75da9f58cfd82ceb3324ecb12c87c8da5327d1dae3371b969ec821ccbf33073c6f94408a973ad6c79ba4f71b58c898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
a6b399427e91d509c8390a0422a77bf3

SHA1
f81a33aaa91bd211bd81e3bda607e23aa72aba40

SHA256
318c679ba4cb6ebf62f62b7dfaa0ccda5436ad99a8080a7d9effc3472782b215

SHA512
9b3d5a1d4a8719e068f98c168bd9f92ae9806a0c1ebf52c5bba5a29b0a29a2d1cdceeef96661ab91a52e7204038671408b625c32e9f157d6e0ebef9bf2afca06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
244274ded18f2abecec2c415883a6d59

SHA1
e4e2fb0b40ad9703262c9567b09a21190db1d09c

SHA256
1d77c85a72bc7d699478cf08e4e8a5266a823e8a3a3efc83fa346cc7cbdeb0dc

SHA512
7d19032bdc4163c51078fd39042cb167a49430e80f804fd69ead802d748721048dc03f031b94a9358bb7aba49db20f495d58c1d30718a8e4f515d63cad4c5b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
151B

MD5
574f893b8e63f29d9074b7bdce361928

SHA1
29b0182039e46740801cb206c1c6eeb6996a05d7

SHA256
aa764562a9cdb42a6e0f75bd4bbed43c78d41adb2d35a84d9493a2348e699a6a

SHA512
21c34225642372942137a356f0359da8d3a241ca538df3e938ca7c832d324b641a1855b45447bec443137a4eb088f2d71883e1c468a92575c8fd3459690b2869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\59ebea02-e42f-431f-8f59-c2b2c8c0a263\index-dir\the-real-index

Filesize
9KB

MD5
3396611db919bcf3fb182429b745468b

SHA1
d11c5c9b262823e6d7006d23e08eb55ac392525f

SHA256
d970d9d6a0083c7a41171e3a9cff11582a5d62923cadad2c7d22bcb0eb21fa0f

SHA512
1f665f8e182a6375688a85d5d1aa416f388199bffd058d3dac1a17b0ff4fefdaef4b169e5d4f1c1b72ddaf55809047efabe53580cbc88aee9c223c6ca0fc6615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\59ebea02-e42f-431f-8f59-c2b2c8c0a263\index-dir\the-real-index~RFe5931c4.TMP

Filesize
48B

MD5
877d53557354f0551d01f4a50c701c3d

SHA1
3bdb8dfe7035b492984a0275cbef315edf3ca7c6

SHA256
7baa6924f154dd0aacdc4e3cd362c62b473a935c436b09d170fce0a6d3204a7e

SHA512
047acf85733d276508c2c8c602c058acb8a15c0b945d286701ed6f59ba0bea9b3c559cfaa7ca8a6af62ea60b274672a16cb3a4a3c1bacac326022ddb7c7583c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5b1c803e-a764-4ba5-818d-398009cfc1ac\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5b1c803e-a764-4ba5-818d-398009cfc1ac\index-dir\the-real-index

Filesize
72B

MD5
8421f53bdf7fc958b2d91f2d8c60d27d

SHA1
bb79a25c5400832768f4d138b15d000419398d87

SHA256
c70907f00c87b4a3bd1a6d33191212411004d79335a50826cb203c4bbce575dd

SHA512
464f46f40e57e9a290a6cc7af34657fc9aa040ce8852708f2490a09a516af6a416ea210770a73f7e17bb4c60db7c204ecf8b697247b01b496abd8f6891b04a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5b1c803e-a764-4ba5-818d-398009cfc1ac\index-dir\the-real-index~RFe58c2be.TMP

Filesize
48B

MD5
66a289ff9afcfdd4174a71d5e0b88fa3

SHA1
e00ce7df40a07a3fcdda7fd0b6fb4fba1eb47e48

SHA256
1c702b03aaba52aa8aa8049b843b03a16ce5c4383358043b753294945105db5d

SHA512
30d971d087d349773b09fe2db5897fef5fea5639bb3bfd7b7262ee549157d32ff85a7220c08d83e72f250597dbd9c9a3b9fb6e3f2e1b9051b243adda38905e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
138B

MD5
7ccc7eb05d5b883ee6f88ffc57c662be

SHA1
3d913f7c8de75206e191a59a53ed5729181565f2

SHA256
9c585cd7ab872a1e8a565b3d4e9e4ec6cc0e44d8815259a7c94f3409461661ec

SHA512
f247d790da86680fec4902c91c3c7952c438fe6f4e9a6a847d414440a7d2639750456a0ae67a31d752ef47aa4493e417d09ec887f91b6f869d6aa4bea45ebfe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
147B

MD5
61f508221214b4ed6733d0317dceec4d

SHA1
d1a66ae50c43efbbe55433c5baaabb034d95cc35

SHA256
cf62b9152ec7588c0cb726723b4c79ea4d8133343fab905f6fe9cca000bad2e6

SHA512
19918df35e0ad92125137b58a179374112f8bd796f940d67fb6e374d90330e17ac4e063cac6b080d5d051674efcedfef0642a4fac6a1a1b38dcd05cbe9f230a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5870f5.TMP

Filesize
83B

MD5
a50fec8eaf87ebbab396d3ebe1d4ca93

SHA1
995183d13ab65585b5548a9d611d350027a82c64

SHA256
77838d097fb8e9d2a3f059c801f73b9078ddd0a0abd02578a7c29c03c2dc4f13

SHA512
4b1b9a4a5a2dd50431e685aea96c65770e4d8dc40fdf59588e417bb96f4aa04191adabd862ae689650206f4ea066935e5ab94aa4fa15ebb17c449bcfad2f5e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7903080765ad1d7ff041c01be1d1bf98

SHA1
af0514a99899d283cb6952fce91449eebc959e1c

SHA256
994a50c160e58607ba893f97fc41671259c2e366ae2c946db96af99dbe22bf90

SHA512
1dda89ae5c3789972c2f641637f91926d9f14a996d1736ba69e9d7d56b6eae1c1a7ee38056edac8807bb9b2d531b43121c0da66b97d384b979612e20a657d634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
28f8e3478b02c7463c503a17cb402c40

SHA1
e99a6f85d0fe9733816224149c49b7e4d00d85ff

SHA256
9c4a612d185cdc60f460f3882e6292fa99b639c528e042411c52a90571fa8223

SHA512
1dbcd3c61bab3aa118a515c715af9dceb7133a911ac5e6af340a539fcb0b98ce52ae7041f116ffb30d70a0ebee6fb2db9898b1255d376869915b13d84fafdc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58bce2.TMP

Filesize
48B

MD5
35f36cc522065d063173e8e238349bd2

SHA1
0dba23dcc4dcb923ae5aaa29d459600741994a21

SHA256
48a791c826c3513175d15c05531e7c984c443abeb4c977175a5a882d9074c2db

SHA512
6178f10b6216025aea2a082b4f7854c9baa872b6f9400803faec1fff9aa0c43981917fa1972c9dd21f832817936e688b8adf94a2c8f972ba9d33e3746fdad14d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fed95c273a609f035acf285c10e1b2e2

SHA1
5176a5bb2b4f0b5317732e6257ac4484907af8e8

SHA256
7b73dc6c4cbadb2ed6255bd0e5810cba17c3d36b6f526634e5ac9123d1e4cce0

SHA512
2ad2a1bffee9a4020ecbec670581786b0c8801d94cc5671fa92c8c60dea57bb275d53f5a35f743c2dda08fc67bbd06da2bdf04f10d4a15f5e959be5e3db0c309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6b104201b3f3594a14ae4a85a1b600c7

SHA1
4754ab3dfbe8bd14b8097673aa8c4c634a9fc1f4

SHA256
441386d66f771ce3c78896cdfc3fe4efa07e60615d51904bb75298f869290947

SHA512
91011787c3f8e609610b5f3de09cb2406606ed09dc48986b67eceef5fc1f234edde3275399b84d1fb267a3ad3c60d88fd862b356874ab2f07418c671511fe768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
23b52ef3e6d97236d987fef258653780

SHA1
b0b7a21323489c349bdb9aee583fddf523b84b83

SHA256
c4c908f4aa7916989a31a51d6e1b4e64f9976395c2b9a444603ca93f11231fe5

SHA512
017c72631f34ea77b4fe15faf335d79c1b5457d39332a5fc8dbe9483f4432f159e72f5aa56f5a80f23000ce4db7e1588f73570e417e5562965f8e6787c53c4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d0e60f671814c7d15ac531eebaef971a

SHA1
5e8338209ac6743a30142a740dd0164e1dc807f1

SHA256
911b62c15fe735445c4d205b7f807df924f4896f6a9bcac3e2191b053ec61014

SHA512
41470b06e62b036e55f0f65dc68888bb990681f3b6ff11c4997debc2b01eb9c509638cfffbfebf45a8d5a31fe3231bee946ce88383d60721d4f743d3ec16bef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fa1cd11f1c46a162fd8fb20774754d19

SHA1
cb67f3028cae7f6d64c43fbb8f77a8f82d64f029

SHA256
3e33e5f9d8b43d9d3f41a557960545a6410ad99dd23a1ec112a2a8a8bc81e34c

SHA512
c5cccf573c3de3a5124472e336fa7d2e0740592cd0a52d97deb4863f90fdb7caded53549df9bb9044fc077ee8ea83219726d96702215a98c4c0fda3372875e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d46178ab45b3b28d868c36e35a0d259e

SHA1
98c9e0532b18db501d832f5eaeac9eb3e6ee5d59

SHA256
422c448ac69445b4f56bed028d7be2b7186255f1a176f88c126a1a35706d6f7c

SHA512
048819e542c16482e249dafa5f3649026d8c2adcf97039584c86045409efb24c98b5b40b260240bdb1f597c3669c55cc54fd61d5d73a5ed39556efa226323004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584f15.TMP

Filesize
1KB

MD5
90206cd086b9588b66a7220e9c1848db

SHA1
f3bcc62bc41ef604bc76b5190986be283482eea5

SHA256
0b82ab5c6b5dd97e014239ff7d2aa3b43e2e567c1d51f22ec49616fb71389dac

SHA512
15a7e486705c3fc30b474ab668b185d45c621830de0229e71b1d8c3e5e3ed34cd7751a2b2c884b2ca588867c7f837953a1d623c48ba9ae3759ef404d9835846a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
8bf4ada8b01aca7706b96321c0993637

SHA1
5808d124330fedba8695738ce75d5c611c088d77

SHA256
b0d62b0201b61273b45ba968e3e371bef34e71dda74df53c59799b68328540ef

SHA512
32b4457c889b8162133321f16d25e0c081236db695a9799e45c0182953308bd2a8aecfe168ca2cb207d954b9915847b033279f459a1ba730bd96ab11cd966ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
14dd857ec3ce427269aa630516d85935

SHA1
828709ef3ba37c7300692942e6c21ffe72cc42b1

SHA256
edf43d5d52d6da76c4455051cf94b2318720bd39b362386915e03745de0a7023

SHA512
36047bc56c61888b2d97a4e177e26e43ecba8cb3e99ba95d8754961f9542b493a09f56dabf971e8e94ee5a0ec1ad56b8b9923afde800de28a47cabe38eacfb08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
14dd857ec3ce427269aa630516d85935

SHA1
828709ef3ba37c7300692942e6c21ffe72cc42b1

SHA256
edf43d5d52d6da76c4455051cf94b2318720bd39b362386915e03745de0a7023

SHA512
36047bc56c61888b2d97a4e177e26e43ecba8cb3e99ba95d8754961f9542b493a09f56dabf971e8e94ee5a0ec1ad56b8b9923afde800de28a47cabe38eacfb08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
549aef73cb403a2e52a5c1ff02cc66d4

SHA1
15633f98c2ae2c167cb40a9e49e211e1bc7bd1c8

SHA256
5f2c47e3736a103d437e56bd453ed72680c3d3dbbad3b7c7e2599c3a021c9a7d

SHA512
c7bbdcb40cd277144c77777c7ae1cc45e276782f99ee48c31782860e14aed97949b2948962729afe1a9f05c2370a81ae21ba77564db2e7a90f2a8fa23b1733f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
bd226d4347de4e90432f2099837ac015

SHA1
b4b71034ffe713a870fa312ff5611059e5461239

SHA256
d92b2591a98c8642daed65a4297130c7fa8969e280923341134853111d85e750

SHA512
c9d3eb2e35bf55ab00c60e734e5fb5f8f5be17e2836130cc95c4c46e846b1ff7ecc5c6d021472e59f85c60e305a8b0f21ede06c212df5bcb39346caeb64ed5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
bd226d4347de4e90432f2099837ac015

SHA1
b4b71034ffe713a870fa312ff5611059e5461239

SHA256
d92b2591a98c8642daed65a4297130c7fa8969e280923341134853111d85e750

SHA512
c9d3eb2e35bf55ab00c60e734e5fb5f8f5be17e2836130cc95c4c46e846b1ff7ecc5c6d021472e59f85c60e305a8b0f21ede06c212df5bcb39346caeb64ed5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0d267701d2201564d2078daa84bcfaef

SHA1
41f3aa6451323e1848f33f212e3fd40d8542291b

SHA256
b4f54f8f28111404b1f8839e758ec460fc1bb22bff84869d2f0103b80a1d1699

SHA512
f28630f7cd329120f656000d29e99ec2c041fb176f1667df8b2af2664609e9135a13d0eb8b7b53a92341ccd6071a39002bd17b6b26bc15e27ab7f3d6458d8e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f0d08210afb9f242028eafe1c0407958

SHA1
68b6de84659a24d4ca5777afae35c9a294180b81

SHA256
9f3bfd6749d8495c4ab76cae022dc47698be52dec289ef0b869252b40ccb0b7f

SHA512
836079f300bbaad9e9154c3b80d2c9fbc46dda2fe88dab38e3d7ac7d4b4b8d4e4c886e517e768411a17751296bd1d63722bb8d5f42a2aff3e28499660209f1a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f0d08210afb9f242028eafe1c0407958

SHA1
68b6de84659a24d4ca5777afae35c9a294180b81

SHA256
9f3bfd6749d8495c4ab76cae022dc47698be52dec289ef0b869252b40ccb0b7f

SHA512
836079f300bbaad9e9154c3b80d2c9fbc46dda2fe88dab38e3d7ac7d4b4b8d4e4c886e517e768411a17751296bd1d63722bb8d5f42a2aff3e28499660209f1a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a742dcf1b11dcad940f1aa1b9168e504

SHA1
e55bd3b2acb0257b7f59f9bae8517fe23b779de7

SHA256
4bcbe8de88661d638b44848cb61b0e646ebb781034a2802ff2e3f11e8b2be1cf

SHA512
756e334ca689e81748fcc4e3f0d7b9ad9b1563fd18cefbfd237213f86ab6493ac8c4d1db01df749e2921ebbf393e8881ba826a59003ca562bb20e8650709335f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
ec633010cca47e544cff23f2a21b0229

SHA1
51effbff58a4807961bf4d6d548524a25efcb83c

SHA256
7d7c1fd42fc480b803ef70cbbb93c6b88e31de9f3cd63d47091ebacac43cdf62

SHA512
ecc13f1de5603709b4784b9902b20516204d22ce568b2092303c8919a71ada3fc4cc8315a8bc0e0b0797114b7c0be581d23c504ceeab93b110a51a2dab6d6a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
ec633010cca47e544cff23f2a21b0229

SHA1
51effbff58a4807961bf4d6d548524a25efcb83c

SHA256
7d7c1fd42fc480b803ef70cbbb93c6b88e31de9f3cd63d47091ebacac43cdf62

SHA512
ecc13f1de5603709b4784b9902b20516204d22ce568b2092303c8919a71ada3fc4cc8315a8bc0e0b0797114b7c0be581d23c504ceeab93b110a51a2dab6d6a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a742dcf1b11dcad940f1aa1b9168e504

SHA1
e55bd3b2acb0257b7f59f9bae8517fe23b779de7

SHA256
4bcbe8de88661d638b44848cb61b0e646ebb781034a2802ff2e3f11e8b2be1cf

SHA512
756e334ca689e81748fcc4e3f0d7b9ad9b1563fd18cefbfd237213f86ab6493ac8c4d1db01df749e2921ebbf393e8881ba826a59003ca562bb20e8650709335f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8184e97191b79c63eac973bb003d0215

SHA1
20a6ebb1f7a9f8f1a8b66230ade5d084538726a6

SHA256
6ab3bbd5e82e7dec4a8d98f22810a805a9708d31f36d5950634d98cdbbdae2f2

SHA512
ffbef172ac221024e5aac7d4cf9e35c91ae6037d9ae0ce55d47d7264d70a941ecb78e9941b7e99ce25b713f5350a789952fc43559636cfa911fff893ec7b1b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
99de098616576eccd8b705ea6cd6553f

SHA1
6d61b1ae9cc5d6bc4bbd17760295e1e619935c37

SHA256
9bdac9e44a83994b9e98ef81f15f846b1504e660c502cef624a0d4e30b626ccd

SHA512
af71fc933e5d476d110044f9dc2e8eea9ddf7709d5f4739d67bfed95cc4f426cf01d7bf2ac13a4d4c861835b3b545f80997671d8b6d14aeef5e90c728dcec82d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
99de098616576eccd8b705ea6cd6553f

SHA1
6d61b1ae9cc5d6bc4bbd17760295e1e619935c37

SHA256
9bdac9e44a83994b9e98ef81f15f846b1504e660c502cef624a0d4e30b626ccd

SHA512
af71fc933e5d476d110044f9dc2e8eea9ddf7709d5f4739d67bfed95cc4f426cf01d7bf2ac13a4d4c861835b3b545f80997671d8b6d14aeef5e90c728dcec82d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\af5ebcfe-43c9-4b9c-b56c-270f8d319fd1.tmp

Filesize
2KB

MD5
549aef73cb403a2e52a5c1ff02cc66d4

SHA1
15633f98c2ae2c167cb40a9e49e211e1bc7bd1c8

SHA256
5f2c47e3736a103d437e56bd453ed72680c3d3dbbad3b7c7e2599c3a021c9a7d

SHA512
c7bbdcb40cd277144c77777c7ae1cc45e276782f99ee48c31782860e14aed97949b2948962729afe1a9f05c2370a81ae21ba77564db2e7a90f2a8fa23b1733f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\be979554-d0fb-4a4c-80f8-1558c45f250e.tmp

Filesize
2KB

MD5
8bf4ada8b01aca7706b96321c0993637

SHA1
5808d124330fedba8695738ce75d5c611c088d77

SHA256
b0d62b0201b61273b45ba968e3e371bef34e71dda74df53c59799b68328540ef

SHA512
32b4457c889b8162133321f16d25e0c081236db695a9799e45c0182953308bd2a8aecfe168ca2cb207d954b9915847b033279f459a1ba730bd96ab11cd966ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ee382436-bbc6-4260-919e-70fed75cd8df.tmp

Filesize
2KB

MD5
0d267701d2201564d2078daa84bcfaef

SHA1
41f3aa6451323e1848f33f212e3fd40d8542291b

SHA256
b4f54f8f28111404b1f8839e758ec460fc1bb22bff84869d2f0103b80a1d1699

SHA512
f28630f7cd329120f656000d29e99ec2c041fb176f1667df8b2af2664609e9135a13d0eb8b7b53a92341ccd6071a39002bd17b6b26bc15e27ab7f3d6458d8e9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yz2Or75.exe

Filesize
674KB

MD5
b8831e4e369b9730bf9aa0362aac2dee

SHA1
2f73fd6170f80e9c5455477fbd4f05d6259e90c4

SHA256
a41de1bad725f7f18aa2fa37af4162748ea744928778fad9fafb48a3e7788f81

SHA512
87d28e662c7b0010c674cf88a3771462b9d1cc2cc01d58b48b720b8c89926b113fa4ab909311038c99b2906ddb0343936b025441d9ae7cf276e4d59ef685a0e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yz2Or75.exe

Filesize
674KB

MD5
b8831e4e369b9730bf9aa0362aac2dee

SHA1
2f73fd6170f80e9c5455477fbd4f05d6259e90c4

SHA256
a41de1bad725f7f18aa2fa37af4162748ea744928778fad9fafb48a3e7788f81

SHA512
87d28e662c7b0010c674cf88a3771462b9d1cc2cc01d58b48b720b8c89926b113fa4ab909311038c99b2906ddb0343936b025441d9ae7cf276e4d59ef685a0e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Ug965zD.exe

Filesize
895KB

MD5
c89ddcb1cf2473e37607f982d6cfbddd

SHA1
093bacb46f5f2a2c219a0bada559302e6e086cbe

SHA256
fce010369b0904b11616208ccf06d4d1140ecafa46287598b472cfd8dbad6561

SHA512
5fd83e951e0e54644c10ae4efef0ea341b9b3488b5a4fda89cdefbc8e2f2456df6bb790ff2247948f99b27b6f316c3b332c7dc64fe35e07316713a06c506428d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Ug965zD.exe

Filesize
895KB

MD5
c89ddcb1cf2473e37607f982d6cfbddd

SHA1
093bacb46f5f2a2c219a0bada559302e6e086cbe

SHA256
fce010369b0904b11616208ccf06d4d1140ecafa46287598b472cfd8dbad6561

SHA512
5fd83e951e0e54644c10ae4efef0ea341b9b3488b5a4fda89cdefbc8e2f2456df6bb790ff2247948f99b27b6f316c3b332c7dc64fe35e07316713a06c506428d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Nf6BY9.exe

Filesize
310KB

MD5
3322929a4f9286c5062971cfa79bcd19

SHA1
d66b0c21f593119c60e4cd8f9ee1d72c3bc170ae

SHA256
72d6b4406c2783fdafaf4fee4f8568ed277219c53742f55264527b9c3adc809e

SHA512
cbe33e987f1a51155ff138ef51720df9558743949a6adedbfe81ec49d3c994d509eff6bd18216d9cf13190104d72779c268f5b90532c9d976db9fa3dcf867bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Nf6BY9.exe

Filesize
310KB

MD5
3322929a4f9286c5062971cfa79bcd19

SHA1
d66b0c21f593119c60e4cd8f9ee1d72c3bc170ae

SHA256
72d6b4406c2783fdafaf4fee4f8568ed277219c53742f55264527b9c3adc809e

SHA512
cbe33e987f1a51155ff138ef51720df9558743949a6adedbfe81ec49d3c994d509eff6bd18216d9cf13190104d72779c268f5b90532c9d976db9fa3dcf867bb9

Download Submit
memory/7204-325-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7204-323-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7204-322-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7204-321-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8316-436-0x0000000007850000-0x0000000007860000-memory.dmp

Filesize
64KB

Download
memory/8316-494-0x0000000007800000-0x000000000783C000-memory.dmp

Filesize
240KB

Download
memory/8316-500-0x0000000007950000-0x000000000799C000-memory.dmp

Filesize
304KB

Download
memory/8316-805-0x00000000743A0000-0x0000000074B50000-memory.dmp

Filesize
7.7MB

Download
memory/8316-478-0x00000000077A0000-0x00000000077B2000-memory.dmp

Filesize
72KB

Download
memory/8316-997-0x0000000007850000-0x0000000007860000-memory.dmp

Filesize
64KB

Download
memory/8316-474-0x00000000086B0000-0x0000000008CC8000-memory.dmp

Filesize
6.1MB

Download
memory/8316-444-0x00000000076B0000-0x00000000076BA000-memory.dmp

Filesize
40KB

Download
memory/8316-477-0x0000000008090000-0x000000000819A000-memory.dmp

Filesize
1.0MB

Download
memory/8316-393-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/8316-405-0x00000000743A0000-0x0000000074B50000-memory.dmp

Filesize
7.7MB

Download
memory/8316-409-0x0000000007AE0000-0x0000000008084000-memory.dmp

Filesize
5.6MB

Download
memory/8316-410-0x0000000007610000-0x00000000076A2000-memory.dmp

Filesize
584KB

Download