hxxps://steam[.]communityfileshareds[.]com/M4A4_Celestial_Moon_V2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam.communityfileshareds.com/M4A4_Celestial_Moon_V2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133556831879815325"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exemsedge.exe

pid	process
4324	msedge.exe
4324	msedge.exe
2432	msedge.exe
2432	msedge.exe
396	identity_helper.exe
396	identity_helper.exe
4556	chrome.exe
4556	chrome.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exechrome.exe

pid	process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

msedge.exechrome.exe

pid	process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2432 wrote to memory of 1704	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1704	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1880	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4324	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4324	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4412	2432	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steam.communityfileshareds.com/M4A4_Celestial_Moon_V2
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb23a846f8,0x7ffb23a84708,0x7ffb23a84718
2⤵
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
2⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
2⤵
PID:684

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
2⤵
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5244 /prefetch:8
2⤵
PID:5824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
2⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
2⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
2⤵
PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
2⤵
PID:5796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,1711065142392149630,11576825174347379837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5876 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb116a9758,0x7ffb116a9768,0x7ffb116a9778
2⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:2
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:8
2⤵
PID:5128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:8
2⤵
PID:5192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:1
2⤵
PID:5224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:1
2⤵
PID:5240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4652 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:1
2⤵
PID:5524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5280 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:1
2⤵
PID:5924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:8
2⤵
PID:5804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5904 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:8
2⤵
PID:5616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:8
2⤵
PID:5380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:8
2⤵
PID:6084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1924,i,11228892399073910997,10935862655380284182,131072 /prefetch:8
2⤵
PID:5416

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5484

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
Filesize
471B

MD5
d55c388b838f0c154b1ab96cade76cf9

SHA1
9861892a5324085130256163e947fa2470cfcd60

SHA256
e52011f18e957242670dee2425e1285727ac542b59581727f814d8c05a036234

SHA512
fa53a65998b00d3cc00e659ed789acbc5ce14a2cf67d06492d8b4b38e040ff2615f4dc793ed0df06746ce7cb0b50f7dac716e61f2484d12973e72000b5487e2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
252B

MD5
c5583369bac0182e6581662ebb02c420

SHA1
af6d0daee097cdc7dd8e0e882c6ba5ff56abbb0b

SHA256
3ec0c410d9520707317d65513307e19ced18c2d1cc967254c981cb04d01683c9

SHA512
ca6f58d79ac253e6646e62f886c6a036b66d81415f152d1835b61c1eb36b6aa89d3444b2087e30036b9b4b74f610882a17f5cf096ce6c7812e3504f9d20c1c07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
Filesize
400B

MD5
5b45e130dc01540861e8c6e208f58743

SHA1
2d87193221f0dd84029ab0121d94806e8e8deda3

SHA256
b0f1b66dc239bfaa10f5d743b34205cf933f4d15835cd8ff34af8e8b6c6c6014

SHA512
58b96251e990c883a7efbe3b85cb5f8cabed546304f275f301327f4bccd9f05b9072059286f7a4d291f8ce717671fc790b751a6a8027266c3f8a819ca65ba313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\89990a4a-8110-4a57-9d49-28de70ca0197.tmp
Filesize
243KB

MD5
bb55aceee140847097a8e7854ce0eb09

SHA1
88ebd6741433cd2edf35622938b4af5fbdf62150

SHA256
873596556da654658eba73bb5740206f359a5158de080e7ff9ea078ea970afae

SHA512
2def0a2e7d148d00c952d956f31ff46212e6ddc7b06c0257da06fff6402f130ba9fcd814669c37e78adcac0ca3a4ed9c158dd7f87be44303329a2923c85f4cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
47KB

MD5
fe56b032dede6e95ac3666c2a7bd35c1

SHA1
0e4b02d246652bb00651c869b442115435bbd549

SHA256
85db9604d6da167218ab6ac2d16e1839941eb3fba02bffd6bc30589c0cd82a27

SHA512
157cde7d10404ed13a6494435de87bdc460dace1b10fed3d2a75dbdcf565c1b540cc71577303596b347f73f1d9ac1113a0aa63a1b16c96047231612699a790ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
557eb9baebd4bb29f6d05ff921c72823

SHA1
2789b0c5fc5a50848e13cc7b87d05d6a3a4a80f1

SHA256
11d42030a62066449feb7a3be37c7c8967c61eeca7264c82b97f328cf4a36ea7

SHA512
aa035f1dc7e85c48b79d84365f62fa1fac48a7c74113a88200b36592e74273c7dfd0b4c637e79498efef7dd9698d1afca5161a8e9f369b30b5f20aee98afd7d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
3d62fffc98aafc8b2118631ce29c2e92

SHA1
324249e2660c44aaf3f6b76a2bad418c29822306

SHA256
c677381d34970e2acd53a3fd8dc700f2660e41ad910dcd6bf3bb6fb90e4a94ec

SHA512
1c7df532c575a280c7c11129e00332cdd9e1b0e10aee4f1575e17cc5829faaa45d33a8457702170d31ab0f88e280ab6b4209ba2df11659b159725271117082e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
90378c1d41d0c261fb8986ec45c103f9

SHA1
0691e50585fcdd607890483d53fd5b7d840301a7

SHA256
b82356072188b2934e95a2e38639099a53a85cc9710bd09f5d04722f5d3829ad

SHA512
b1325eefa78d4c85f47213ddfda8d2345b7f7cf394ac1f274fbdbd5a133343255cb93f08c24a8833cd72a24b7575126011c54c709cdc96769ff4c5499242a1e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e02b0a27e86c37dba21cb46ed59bff3f

SHA1
8ef2c5dd113afd15bf782a051752f53b1a46fd71

SHA256
bd59df1676fc742ad020f58278929f5db2505dd4ae7b7baf125e85b34b6130b9

SHA512
9ff0e5fce1335ace8119679a7ddbd1f231a64002d7ad9e61ce6da47be0be3e887cddaa443d39100dc7a9ecda070e57b8489393236e59fe61dcd2fe9187a773b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
175e65513e9aed119ba2b9adada2f1a1

SHA1
4ef1774dccadba301ec6144b7c7a58fdefcd8b95

SHA256
8f426bf82693d027840d618c2ee92a611858c04733a626c29ced9fe69fdba2f0

SHA512
de74b5a7ec67bfe2e6c3843e577482255aecb6f19f303e3cfd8cdf1f86821055c6142b20e37000ac51e24f97d05e30cf9a263f1b6ab56f872eb3d5dba058aa79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
63e6eb32acd80a9723d321362aa8622b

SHA1
20ee8761713f8405d96e4ffa94362f7f572361f5

SHA256
51188ac8fc086a4aeb690b870718180e28d3dd6ceea37b566f5d71e16dff3d7b

SHA512
c7141379acc5052609e1dd392c12044f0395a25c47e19531b6266c07c0a0b3333989682bcdb83b4b941ba425ccb542159e4cff9c9414b00cff9112dd80afa492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e8be0fb3bcbb19d3b6a54d1e36fe9724

SHA1
9df46b8f610375cbdd6c81d77420060b0e66cb02

SHA256
318bcf9ceff30e2c24e7aad0b3f723654e51ff531209a68dc2a12f61ed676829

SHA512
e8acd8607b16b97c0c92eb4fda29f7ae9ffcd7de187a152b062205a04cdf33de62f2e9c6b2e55a3daf625f10582a0aa44f2fc45bbbf067ed6f7c6c0894763b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
c3fec3e85148a5148772c4378cc537c4

SHA1
22f9061b1067ba383de7d8d69d901b7aec6ff500

SHA256
dc155c33c3dc6690e5a35da3c2cdc60a5003c25c0594330989d4b1e9b043b9be

SHA512
a8823a90e84c6587a8eae1f95e70d1365d117b5acf4df975a56f42f117c4396e12b03dace732bc5e86b3ca32163f07e66aab6f75e1fad0855c2c485da814aa46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
243KB

MD5
f9719da12e0ab3a322c7b68578e99d1b

SHA1
12dbbfdc4256a1ab8abe255a3b2061278a3eab10

SHA256
8ff700f3d33e404a48ad8e3861b9f2df2be5217fae32af5496541306886e4e09

SHA512
aa82b34fa1c752948f2e0c8fc0ce74e61c9bae9ce08e4cb505930cddf2b8857e4b01b84d57fec66e43116b66f1cbe8fea755eec3221fbbf8c9ebee31dc141097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
243KB

MD5
a3608230c6727133911ffd93940734f3

SHA1
d6f853a6c75027237cb89ace8100ddbef7d9a8c8

SHA256
53b68c1fc7f7bfd46a090cfb03f372251eab11bfab3a3c841a49446f181bc516

SHA512
39bff1055775e302c61d20115fb2d232fa282519702a463bd1b96ae44532efca4de5a638ff67371aab77a5c3eed93c6e2c663778f6456c7dc83e315701049d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
243KB

MD5
995dfb6b6fe36d3440ee46c041967e87

SHA1
42a228423d4ab24401a83d3e272cb6e43c9d6106

SHA256
f856146cf130b7e221dae1cc7bafbacd223006ae3e5202a688a955e85a4dc4d5

SHA512
ed6e219aa70aa038f825ec5136488f0b7ed4a20b684d8974fdad698a785a7ca6cab1b1edab7ee916eba6ea6bae4d393d4e9ff713fb61c3771203345d3cfe1f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
5ed1d9932d2f4605653ad739fa093669

SHA1
ccf550574ac43eb5c13077f390a27435e5e12949

SHA256
27ae85b9b0357c098a4ba1adf132148f259bfe01fc7175e538e4de5ea2e87ffe

SHA512
581a4ea41fc75e88c4253e2aee85e83e787ad7badd0a8f87ec3dece66b2d63362d572fe26e44398cfde73c24c3cfffdf986fa646b36529b147b52cbb9f5cb96e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5944df.TMP
Filesize
98KB

MD5
32d4459f8b363d749399fff159ca1fca

SHA1
7046ca0fc90c2c31c7cef75ba9704256fdb34488

SHA256
d0518b5a266261f96a5ba76b9dd1f13806701bf7a1abf1ac3c4b39baa524b5e2

SHA512
8e6a4e5e3aa0f22c1e85c78aa13f506d1349c7dc118836cc563795a568de94fcd254f528c2b2d1b925baa5e783c2ba1d1b4979f4b6ed274084cb7d546c9f2ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
f668e5dfe475f71cf4ed80653cafc493

SHA1
1267fc964efb4a18088217756cd9599766fab4dd

SHA256
3790518238675525e214361445cd1240ba5580240ff473c4b1e885ad68b324f5

SHA512
985848a73f05591aae174c80016d345c880b1efb7b69a012b177618a771d7773b63d42521664311d00e690b816d3d4d72e91bb6ac9dc030dcc1d1d28e2edfaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
480B

MD5
c110313b35483b73c7549b93c3b26ac7

SHA1
51dd992a8e5d4337ef30fbd958346ae1941bfeec

SHA256
7cce69df5ddcf452db00a34cb437d5a006258d61f293cb67978c8f56db6d9db1

SHA512
a875a35d7c3dcd794b434985144ca2a22a67fdd871714e4f42199611c86c45daa0ecb2a50ed548b1530dab5a5c559f0698fa8c0920371f94ff17e66d69f0f7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
afb342f3bae889bef736c997266c860c

SHA1
00ffd6b9c3c719a0ba914fb6d017fdf270c40bac

SHA256
4e2d3709f16f1c8e1d9ed98a2363d65c021b042db6d11952dd566ad17c3724ee

SHA512
38699414825f62cbbe1f7faadde16259fe7f160c236389b071c23771a9215c6012644ffbe81cd5bf26da5a038668ee87f6a68d377c13f1bda69463e4d6be1ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
002b5ca4395b4524eaa54c595846b381

SHA1
e1f3715d5fcfaf42960f11e95b2d4e29173ddf93

SHA256
546573786444c9b1ac6fb0031c851f6d2f500caacca88c7c71eea24b9a75529b

SHA512
d18eb9b5c1c6445c800e2c2ac31b2cf7f9c8b8e4c176654b7f84960b772171439663e530860e73eefb7d45159a5262b2b6aa1559c36644d28d371d2294e91326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
40a07900d09d83367fe1d598d27ef886

SHA1
9a83532fff6111f077eca2cab92502961084fbb6

SHA256
1b4594cb5d6c9c78bdf7841edf155c188507e0af51a7a5e617f43b43dfd5f071

SHA512
f7910166185d5c7e13e09a70c83d3fd598a6dcdf142f49a3703989a4289cdd3c03bdc29c05066147ada10704554594dd6e506d4edddbe0e04a1fbde43ec2ece8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
38761a90ecd5568d437b87d6fd62b74c

SHA1
0b4c22ccede8d8a9b492949668488b26cc49d14d

SHA256
8b8ddf0534f20e2f18ad48c82b90d1937a2c218b1176a3a5e5ba80b705584d46

SHA512
73b2ad5ac1adb742664c4cabfa4a0dcdf458c9b04dc24927c4f80503db5841c986acf7dbccd5d23fa5f7038884032a224c5acaf3118c1eb877bc7c6207b524e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a6b052cc9d51cfbbc40e239b2db6a868

SHA1
0e0c5481b66651bc5adf546bbebcf0bec5c093e7

SHA256
144b24cf741254527fc0c9a054dac34b0ce0ca8637bdf683cac3a923d3ac04de

SHA512
c84ef35a4d682f143491cd57433c72081433ea4b42c979c61004584c2a403174ad27a0abdf4367fdf22acc1f9f037aa31fac926571dcce942984b85478d6572a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
a4476e5e6c18f3d4f3ae703e70dd538e

SHA1
f1200cdace01a03bc4285cc47a1a89a3c7eaf418

SHA256
d09d3d9b74e98107badb63af2e17c89e893b60f669dc055f31c421f03fdb3ae5

SHA512
5c76a06e30acebac40260a3113417e15bdc28b2aefa0e7f0581fb4956bdd3cc979fd6e50a1dc6eb481839cb582a360ee9fb0e3b9ac6ae9de26d749a78f2c4857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
f44c9e5c353574a3d8a9f0081dd5c66f

SHA1
4ca302d76176159af524d1b67900e15933700cac

SHA256
8c29e07357703c9938259bf3286b4a88ba94d01c6a8d40f553e1351db9794598

SHA512
912f9db8e8253fdff5c5a8f2fc39b5cd7cc6384d4f9f59b4c5ef611d07b44b7ce7b74ac32e529b6e49b9ac57de7c85392697fffdf2a37b5a8078a7893d4c0aca

Download Submit
\??\pipe\LOCAL\crashpad_2432_YXFIWEUXVHSDVIRV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit