hxxps://steamcommuntlly[.]com/app433492923

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17-02-2024 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommuntlly.com/app433492923

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 48 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exemsedge.exe

pid	process
2968	msedge.exe
2968	msedge.exe
3032	msedge.exe
3032	msedge.exe
4916	identity_helper.exe
4916	identity_helper.exe
1756	msedge.exe
1756	msedge.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
3832	msedge.exe
3832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

3032 msedge.exe
3032 msedge.exe
3032 msedge.exe
3032 msedge.exe
3032 msedge.exe
3032 msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	2968	taskmgr.exe
Token: SeSystemProfilePrivilege	2968	taskmgr.exe
Token: SeCreateGlobalPrivilege	2968	taskmgr.exe
Token: 33	2968	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2968	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3032 wrote to memory of 3612	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3612	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3520	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 2968	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 2968	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe
PID 3032 wrote to memory of 3912	3032	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommuntlly.com/app433492923
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b21046f8,0x7ff9b2104708,0x7ff9b2104718
2⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
2⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
2⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:2460

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
2⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
2⤵
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
2⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
2⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11020095097654582832,14501585765147480438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
2⤵
PID:1512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault68faad81h11eah48bbh9267hffdce9263bb7
1⤵
PID:3676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9b21046f8,0x7ff9b2104708,0x7ff9b2104718
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16770898554208493719,4571772951858007822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16770898554208493719,4571772951858007822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16770898554208493719,4571772951858007822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
2⤵
PID:868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:876

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault59da0314he84eh4ecbh83b0h50d5b33b3493
1⤵
PID:1408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9b21046f8,0x7ff9b2104708,0x7ff9b2104718
2⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16927548857045951086,3945712821293500772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
2⤵
PID:2628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16927548857045951086,3945712821293500772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,16927548857045951086,3945712821293500772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
2⤵
PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
a36026d43258dae0242fbfb50e2b201e

SHA1
150c3e89f8a8d4de9f4cd06c9fc1c158ad47709b

SHA256
8cd07fead96aceceb599261ef33697ef6df22d3367629aa8b08484a4f81abbcb

SHA512
ba640c742bb8d0053ed6cd5f44727479b09ce1b5c6a3f516dd1e78d4bc38bebdc5bdfdb603f707c3eeec7b880a9f5edf30581e304cc11b2c6577c7af801a6df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6cca9cbe1a7caaa218dc900afd76079c

SHA1
18f2330cc85a7568c2c4df44311937d3efb3b211

SHA256
22d2f794cd58e1e784fde0cc72ffa59233ed8cac017e570c4c6d18f90fb0fe4d

SHA512
5cc5c1260f6420c6c00d3d89fa71085918285847b73383920ff1fea0faf8ac74d19410a6212e3781c4e152342dc13fa3fa943ebadf361deeabf66c643bdfdbde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39e5f7d169a91e3a8fe202d6c92e35ae

SHA1
d6fa61b25d54a363dd582fddb8f35a8b5b89644a

SHA256
1e6f3662cc0e6c833350ff8e726d85153ee3403ecac5b3ec8c1b50b429a92e64

SHA512
78aaadd80c0df4a1aee9a3623c53a9f6c596879a3edaefae8f6304c9b4f8954055a04a7f6a8009b8dde49abbce5dbc215586c622566934c3fc4eb635c21b84f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\81892a80-b40d-47d1-bac9-cacdcadf966f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
524016d0360415bc2098efd8686d70c1

SHA1
8da8044a20906919496b366d2d8c6954e0c95cae

SHA256
c2d1705dfecc9f74f6e4a768bc47ab31890ca5c73d95d674e26d1de45c6aa909

SHA512
8dc4932b2ff142bf7cbbe063d25a3484f0468f05ea405aab781d2574a290a04c61e4055f3ba6b71b2a472bf7ebdd9360a9efeeb82b783bba7da5848a2555115b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
ac829bf4b553608dd2d77196eed41da3

SHA1
a9774f301b71c73c0d9c0f153cdb5ec65b3ed912

SHA256
b0575b7859dd65bba13a11e64bf226cefdcfafde616fd70a483be91f5f94390f

SHA512
8a6f837bf5097bc98242cec8487c249fd884d9e3e7018badee2a318e7f14451ef1bddd2de4b25580d59922aac90afaa38203aa57ebeb4d606d07ea3a7a9932d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
175B

MD5
dfbd01713cd5861da899903307ed61b0

SHA1
71803022453178a45f7405fd8dcab3a530b56977

SHA256
c90fc6bb9e6cde75a09cc8a7aa1178bc8761c9777930910b1580f385ab60b865

SHA512
26a31cdaef09ca2da5dba7d377a2d0f16e9fba61d50839f912838551511542a1bca552c9a7b7f2ff06126307ea0cb388411ea3c8f8d4940d07135fae576b3a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
fda1af14788e8cf2e8e2e34e9dbe654c

SHA1
7b600d3b5f9b7273ad379cb32c6d0d91dce2708d

SHA256
e6f86fd2b40be577efd5f015f26349c554363432e5fe688bda847a6cdef77ccd

SHA512
973689f4ba5474b60e8f3dbd1d1f85a13a5d1a6c70294703f873a3c9bfcfde7d8697db26f6ed590d315819db10575da112786c19afc332c9ab5546629527ad34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
c145cbeea092790c1167150f7fdd3e0b

SHA1
7b4e782f231b6e224f596c2a1f318fe6a1ef64f0

SHA256
e9241f892c179dab9dc6e5d9e4faa5d965ff602234613aaf776c515d40677da1

SHA512
08452f789c04572ec18b904b4cc01f6332c30c8575e44bf4d80051ce3c6a400210685a7e167836150101eaead66a4d86928742bf70ec5acfb7f6f856554265e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9a58e169db70374efda7dceff8cba6c3

SHA1
4c9b3273ca069f530bfb4605c25c8f0603feede4

SHA256
0e9f5225690a7d57c806743922faf4ac45d4279528270844602991b60be4ca18

SHA512
3d2e02b6f2b93ffd8f333efc7aa0983b565127a3f4fd0d5a50809745a37ceb4ccfe91fc7bacd17e8360bd1c1c39f4f36203c54c57f46f1c794258c857a831c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b4b59a7a968ffa0ea60f070474a7e060

SHA1
4c6fd57f69a22212f4ecb8993c37a5e63fc4454b

SHA256
09caf25451f48b9067be0a38b715f27a1db7029d87a3eab33f6be517958be7cc

SHA512
bc939a736c170015c71ebbec7781e598eac348bf5c51cfe07d499a1d5f39cd71ac9ffe3f3ad675b882fa41edbc6b4dee78b2e2002dd011a478a66b70f789d67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b54882dfc07075557503c96d5ce167e4

SHA1
9da40b27eef0204a89c94452a3a050620adeb0e4

SHA256
67616bd8846bc2172dbaee5b213d3ac5709b602dbcc9c1bb048654ebb45cc327

SHA512
728df68091686c2f0d79040b909f967d8c8afc0caa6c2ce6c3251a3f4b19ba7535d1c781658db61bb4ebc3011febd8955e2eae615a4884cf98522101dc2e2967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b24ab955e5368861dd1b3c0af933889b

SHA1
d6ee56677c112f9e96b796725a5630dafd8a999d

SHA256
c18ba0dcfe9636c2915ef294561189a404a3c9636163cb02127c597f0e03d023

SHA512
a6885d330905ba916101e4ed591b3b2d4a90a2b3d078c80a2600af81726093cc747799e2b9d312696618fb31d9a68778e455b3a0aeeb6234413283362d033f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93fccb58fc9fa9b5094ee5de608f33ce

SHA1
58eb49de7eb326c9c1e997e550c0f9c7e87256d8

SHA256
e4d77413b353cc9b515f17625c479371fcfd25d9aabe3b4ee2cb3da095804726

SHA512
cb06e5072cdcb6f7c9251a6d0a100a98ecf62942f4849110b47258c5aab633532ccc57a44811b8c86a7e99ebf0b081464a3874f1824a6b8798150ffc889c532c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5b1d55b4b7ccc9c234799913a47a8297

SHA1
108580f68bc3c4e484d53a487e46f0027394622f

SHA256
1e20b7eaefbcec282f9343107426ce61be9d39684f0edd8a261044e45fef9af3

SHA512
c5bb363640249f296a19066f22926a120721c872c12450d8dddc42b675e26ce895a71609319a0086d5506726c4f333a380bc9b2a15f3f035ab4a2d5918b6f77c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b81042cfd14e0c0a9e4c5199c377f79

SHA1
3e85aae247fae521f2ea88fc3637aa3c64db01e4

SHA256
fb1d8278abe720390e932fe4649fcab592a44452180b2a2f9e12387e29b70385

SHA512
f7f726d62e2677f0477c4f60cd11d8c09a1e250a07aea6d2085ba190bd9b474896c7e12bb7ad8de52323b20500809507a4e3502eb1c3e1c660d9d1141a462f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e029efe70912cf57d40d04c01776d41d

SHA1
94eba5604a8e4523d23565ac3ebcdcda4005e4eb

SHA256
57cd696aea3594a27f18b3636da302823ca687c6a326ff9ed2b578a23a96ac37

SHA512
3c380b2c1530a103030562135f9b71eb36a15c49ea96082f64f717e7045ea578ecbec2d1f53cd569d720f7e37a3c091f9bc6ff3dfecde6775658c1c51a03f01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
07d2eb6b00fb56622c33d239a89665a9

SHA1
58b7ad2508a8e5b6092ea44dcec002dba1925951

SHA256
f06a886beaab2026a3aa3e5a22413debe6334b0066ea8818296d44f5c18ff085

SHA512
a4b19b798fe3f2ea28356bf8601f6b0c46ca4675aa536156a8d10fc66890c90f7c0d6f634e0754981e2a0f56b97831f345b76d786efc92376e58ffc98b4d0841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
9b856f7947c66424cccfbdf6a142f6c3

SHA1
9dbbe07a89fc3af77cd139ee6ba1d12ea50089fb

SHA256
3b7041902c20d014dff4fd62d384edc5036ab6082f4e05bb4b05ac5f0775dd6d

SHA512
e75d186cd744b01ec2aedde225cf928f56819b4232f693a89503006550828896ec623bc8f7a9ce8f048541851a8811335e1adb3033774beacdd91fc0a7c7c72c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
ab2f80f7ca5756bb0802eca6c78be576

SHA1
9fce64cbbacc28e1b747d2859d127db644971b03

SHA256
b77462fc5c40aa3f9c6babda4a4b6480bdbd1bf7479faa1c589f0385141d1a50

SHA512
2e279a47fde06efde633eacb92c2182ff7c54aa0932536fde3b7ba35676f235405b45aff6f9db84656bbceeeb960219188eeec022e5a8969469e56f432cb0963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d814f06f4017c0564378e11d5702c5a7

SHA1
634f038e3eb4e096fd2d95c6b4058fd51783cdab

SHA256
681d0c529449df57aa25d48de0c279cd433c55722ca1d693ee5c9d340e7537f2

SHA512
21e620a70c7a37567565b542f56dd137819fb5a4c3c4ca14d92e1a67a336c42685bfbbcbb8774973868556740427480a0f18e3d08f041fd2981b805c577ce3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
1f0d4ddf9a79eb8f609943d83e957e49

SHA1
5f461b821cef5f6aa23584a99cf808d4d7d2117a

SHA256
f069d54ee131567705aaba4fd9ef47c1ea74853918b9b846d63c0ee4089e71ae

SHA512
f3ce2d5fd856f224c08cbbc2253533b6461ba2a44ec29cbb426d12e0c923459a2cff022e6fd5899f03d250b6d898dd226a73c24df1baf5dc366b2f8957d0b80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
7a353d2d4a26325c22e545470098c9a1

SHA1
cccbced36f6ac78963478c0a85b99805f0a4a1d7

SHA256
578f4cb0684d88eeb6167caefb3027889cb92a656648123cea7dcc8b888a4561

SHA512
22317e861711f25373f905650069566bcaa2f2bdbb60b60af43d5b8c5c75e37fe7446548dd6dbea29af0778473a049fe36ca6ac3491b675f08317b8d960cd988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
d9620e81ae144077975d47c99011eb6c

SHA1
9bbc12156e6f3bc85cd1c262ba193b53b6eedd21

SHA256
f4c194f36ee1a891da0ccbed824be56c8e1a8f76623c8a60ebdb8b5e57bad56e

SHA512
080a86ea724083791c0052245becbf4bd07328f01b59e28b471423755f529221c2b647e3f2091296c204af3e283edc700e287fd45a237cd44e5eb25e557c79c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
03d3de5deb541544449efd1cc994a8ad

SHA1
c7ce531a900edc5aa6ff372d7d3d3ded97808e2a

SHA256
6cfb4f2cca71b489db68eb5ae2f1674d40358d97e4db2e3662c2edd5bc45002d

SHA512
1d6fef4ed6de5af22169b4f91a4b99da71a00d6d11aede61493bb5ae6cf0920d96d65cc9664ec47f329d920fe9e57df4d58bccca66617b6c08458dae3effe221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
0a8889a8dd67f6894f7c2a488a57e863

SHA1
57e6fb458cf293aa12064692803e82ddb1c21127

SHA256
6d2c51925d643cd50a3b2a86852d78b2fb24c1a6a7a7eb8c66999de357849a12

SHA512
86c1fe0ce7b7a51efcab33334d025d3313fc376a4baa24ad9e7482cfa9b98f1e1dbe6aa63c94066cd4ed61b0a642fd03027c8852031a1587187fc17e33bb7c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
dffb7164984c0c892ad67aff97aab87d

SHA1
df94cce03775263525ecdf1a4f6a55adf2e0b6f8

SHA256
6103cd48521fd7b05920814ed60455f92b327e00330008ec4f161e9bf5135502

SHA512
bc8c4f3643e19b8e2ead7808a433f9b3a07b7c64409b9428ffd5ada52052516bd7eceb77f0d4de1340d0b08b4fb943aeb827667aac9935fc1aa559173daad97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
16KB

MD5
e7f884f3e93b33420a307305edb14ed4

SHA1
b951204502dda9221b5089da9e56107383736b60

SHA256
e72ee977216ccc0e7cc260bcda1051d9525987c831339146979b278dbf5cdb9f

SHA512
4fe25ef726acdd7f8917f2dfddb0390f30b7611ae510d88ac56f6d527a122a667973be34e74ce364aadd5d9ec9d4fe340e3aee186ee9c50bf93c13af6ee8f503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
20KB

MD5
a4e164f6a15386763f5a9915b9b2abc8

SHA1
8d499d52070f47a4084008fcb8874fb148994d4d

SHA256
dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85

SHA512
9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
030c7dfb63d666ce931b2c687e61f2de

SHA1
27592aa033be4da59ccdc424ff52cd841f033032

SHA256
a142725627b77caafa66eef5e0ec4936a84af67348f390822edf3965343d9e60

SHA512
ce13e6ec98e9786ab4b6659789ec2f89b6caf019e595e3b64613adde9e1fda6c48c4d894a621fea9028b49471e6536b3b9708f4a24bcddd923f8bb9f5d468d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1c04b5913cdf294af4a0aa0a42dd5550

SHA1
0310d6c96d2378969141d52e7d384d2ea071ab61

SHA256
b0ef0a634be78cc9b464a917a75e4c7ffd122f3c157c821854e66dab84b89e20

SHA512
d75fc53e01174299678c43004973cf7ea92d3f180c9f57902f79ed3f50049e0df6108fdb9bdde3038f96b6e960584ceea08607dc68ec2abc035a52ab84e97801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5195d67619605476b0a795b551618143

SHA1
1f28cf4f997c533e37e19027a8047eed7682ffd8

SHA256
dd947dd8d3a28793193e9caa1d145815b7e2b5938289205586231c860f2e0512

SHA512
35d1ed7c801ab2207c76514d5dd05578542df5b4f6f5b56e2dee98d172317a95269bf108d3f43b5515594d5b82a3b6a7f90583cb640b079c197916af01a346c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
266991c56b7fae0f0135ef737fb315a4

SHA1
86aa5a0ccda19bc2deb5060b2eb1f156a52859f0

SHA256
da3d2aa620738f9157c5e4cb8a0ed0b2dac9685c0171183ebc087f804c3bdc60

SHA512
30afe6cbd5ce643a54ffc7b43334086d7860e99ad5120aec413154dace3b30fa22bfcd584fff616cee37ad61c05bd5f4138fcb092a278b70df00f75556e1b8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
6dd3e76e168079f7b75b2e9a7232824d

SHA1
ea54c7db25f17834833f279bc2cdc7552409fc6b

SHA256
6d8aaad3ed93641f7e3d4adb57607bfb9b878a8a5ff4ae10ffcce55b0c441e75

SHA512
bc138123383c336d41a2dafff315a8ba261fecb7995f25ef81b3964dc088c3f18330624cc59df65b4d94624cc2d1c1b45536f8ce663ff27e759f8846b0a0f2e3

Download Submit
\??\pipe\LOCAL\crashpad_3032_NSHBERLGQMGZOKPF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2968-423-0x0000026FA36D0000-0x0000026FA36D1000-memory.dmp

Filesize
4KB

Download
memory/2968-433-0x0000026FA36D0000-0x0000026FA36D1000-memory.dmp

Filesize
4KB

Download
memory/2968-432-0x0000026FA36D0000-0x0000026FA36D1000-memory.dmp

Filesize
4KB

Download
memory/2968-431-0x0000026FA36D0000-0x0000026FA36D1000-memory.dmp

Filesize
4KB

Download
memory/2968-430-0x0000026FA36D0000-0x0000026FA36D1000-memory.dmp

Filesize
4KB

Download
memory/2968-429-0x0000026FA36D0000-0x0000026FA36D1000-memory.dmp

Filesize
4KB

Download
memory/2968-428-0x0000026FA36D0000-0x0000026FA36D1000-memory.dmp

Filesize
4KB

Download
memory/2968-427-0x0000026FA36D0000-0x0000026FA36D1000-memory.dmp

Filesize
4KB

Download
memory/2968-422-0x0000026FA36D0000-0x0000026FA36D1000-memory.dmp

Filesize
4KB

Download
memory/2968-421-0x0000026FA36D0000-0x0000026FA36D1000-memory.dmp

Filesize
4KB

Download