97edea8bc010bdce4a0d3a732e16bf1390fcfeba1845f87610927eeda2a4d5f6

Analysis

max time kernel
1799s
max time network
1717s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10/04/2024, 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Byte-Stealer-1.3.1/buildExe.bat
Size

485B
MD5

cf8fe53bb0caa1560661a15691814a4d
SHA1

bd434b814986605929630d7ab3cd35fc840f3623
SHA256

5c2266b0eb1735a2f1be564cb89e43f1a1df75add6c2195ef9ab38dffc64d34b
SHA512

102e2636a76a61c2e54c671327ecc79c79867be4b159362c6f7597940c2a75f377b834edc7baec16e511d8e41e947f2b8c494d2afade1b7ca3e1180d294a8966

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	camo.githubusercontent.com
10	raw.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
97	api.ipify.org
99	api.ipify.org

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571827767500045"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\1 = 56003100000000008a58c90310007363726970747300400009000400efbe8a58c9038a58cd032e00000002500200000004000000000000000000000000000000212168007300630072006900700074007300000016000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Pictures"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\chrome-extension-logger-poc-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3036	msedge.exe
3036	msedge.exe
1696	msedge.exe
1696	msedge.exe
4400	identity_helper.exe
4400	identity_helper.exe
552	msedge.exe
552	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
3624	msedge.exe
3624	msedge.exe
1456	chrome.exe
1456	chrome.exe
3228	chrome.exe
3228	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2264	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2404	MiniSearchHost.exe
2264	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 3244	3036	msedge.exe	82
PID 3036 wrote to memory of 3244	3036	msedge.exe	82
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3544	3036	msedge.exe	83
PID 3036 wrote to memory of 3204	3036	msedge.exe	84
PID 3036 wrote to memory of 3204	3036	msedge.exe	84
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85
PID 3036 wrote to memory of 3268	3036	msedge.exe	85

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Byte-Stealer-1.3.1\buildExe.bat"
1⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9c9233cb8,0x7ff9c9233cc8,0x7ff9c9233cd8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
  2⤵
  PID:480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1788,14507404280385898066,909048348645362888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2644

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4084

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9c6ee9758,0x7ff9c6ee9768,0x7ff9c6ee9778
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:2
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3956 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5436 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2292 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1048 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2456 --field-trial-handle=1804,i,2786593534034339065,10387024319345913166,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fa877295f3c5d70efa604cd32c2cf5a5

SHA1
11efba78a790b20daeeba32201561bb71d69c2ea

SHA256
18b7f870801f62047881a315bdff57566592bd4811834d369a6428dac69b49c4

SHA512
a2d886d3d40d2e7b297bad7319e920275818af25a50683185dc7337edb6c4358d499f6fa2e6370ca4163b4f49948580d40880a51be48b894f1c204692c422146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
63b27b4ec2b92418c712f2a0984e8629

SHA1
e72edfb36e4a32af0668f87ca687482ba19001c4

SHA256
d1020bb667c2d177eef5d76c8ac8e02b1cecf2bc03f7a1fb07fc32e356154569

SHA512
327ebc532ced5f988cc78e5a59dbe85f0dfa8cf9ea4ce0acf8a909e755f9c2d02e9421f9ad1b3da0e471fc1d2d510b12d0e261d891d58125990c45bfa23eb3e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
f9baccd5e679049dbcb0c788b7f68ae4

SHA1
e50da6b2efeda5599ecaa57da91546ed6a22571c

SHA256
03937fd5cd821e4f43747988c0388a1d979db8d67080834441fe4054219c6fde

SHA512
a619b35001bf7688c18bd179dbaed53cd2a6ab8cce072138eee8c5ee76ffdad0a06dda130b8d221d8e151ccb8869c168f660787bcd4822f32a1774cad9d3195c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a9f5b856cd239251c1c0e792b576f626

SHA1
6da7390c003beca24ff3879f8717eaefbf322d1a

SHA256
4d74c0c7916ab99873c11d99d195083db5d3d00d5577d36b0625aebab37246c5

SHA512
3ed3ac88193eec4afe28f5a6bb19433e294b7af7bae26b39f25b2ab535f299a26176de1702cb07e269047e70f83d462c19993909a27b724f4ce9fba202c1dcc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
80249b56100390f7ab3039e19d34f227

SHA1
0e3b6fd1f7c5d70697becea1ff6073d7c38381c4

SHA256
531272417f42444a94cb2ccd6dac07c64b102d571457a343047b829ac4cc8800

SHA512
4d4878e2b8085f9a6a995dac378c7bf7f8d41fca82a9eca151fa920b807c47443d45d3f2665ad095c2abd271a2d8e9b2262e5d1f35cecbfeb155aa227e569adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
10e074904304b51cd4e37fe8fd8a4dd5

SHA1
f2d238fa968bd90ce7e24e4cdc38df69547cd7ce

SHA256
c25db12f968a2bb7ddd10fb0b04e8a78828a1ae6bd5f9facb1be07909c4eebe6

SHA512
e50f6a350494acd09378c767865df608ba32a0d2a65a34f57a2e88f36216ca738ad3a1c6e72763d4fc066ba94f5ee0678912a3e2bf6054bd54063860ce4ea682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5d97eae26b7d672dd16a34fc0e7691e8

SHA1
c5be6a000fc5c7fcd0a49e38627b60a86306ecac

SHA256
e8fd8886a539afe0b6c9b89d1b3ea424248b4b9307dfa3260eb04c3b50d5e4a4

SHA512
6628c1508b4aa61019b5b38fa1e96ab569f7af6cc30e37e057911b4795519895dd240186ad823de34c2ecf543f43a3b7ae8e3d0d7c909611a0d6497256fec059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4ec0297ceb5763155d54e5b8345edf78

SHA1
9331bb814384fbda7b199f38514cfbef16436bfe

SHA256
7c33ced075ccb5ba3e165491d752e5a9f4168e87ed3d87eccc1565788b3d874f

SHA512
2cf0559099f68cc7e5fb116f58fada00e11e93f4e3c88e104dc8259d68c0ab9d51dc31b44c14789c02432bde2e18a5d664781acd4aad756529c0268b028a5268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e3ead.TMP

Filesize
72B

MD5
7f191f6262fe9857a6eb2c5fa66f1651

SHA1
573853c92a8751ee90a0680ae58c3ebd1b8d2db9

SHA256
7f4fc995775f99012115453ccf5b839c742ead6513f7ba4df7a00e7c5082649f

SHA512
1e727d5d02101dc64af16a7d8fcb8ae191ed4b7d4fb26ce49798d0c57f7afd1f9dfc2e52f7275d815e81a6d03fe4df64eb9084d4ef0f9e59c992e3f5cd725567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
c81f5b2a0786b990034ae8ee0c878dbe

SHA1
28f2d4556eb0abc3bd7a0cba60be33228b5095fc

SHA256
e34d7796a8715b8f3957afce92af6a3a24312ac7b337bfae34f8fee4aeec76a1

SHA512
0d851b6f37d6ccffcfc56a4f79b9aeddd5cf04642c0bd0b53b5275fd8cf6beaed945257809701894887fb85b88349c0ebe6ac8973cbfea9c115bf82f97893db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c65e704fc47bc3d9d2c45a244bb74d76

SHA1
3e7917feebea866e0909e089e0b976b4a0947a6e

SHA256
2e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110

SHA512
36c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c3ea95e17becd26086dd59ba83b8e84

SHA1
7943b2a84dcf26240afc77459ffaaf269bfef29f

SHA256
a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc

SHA512
64c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
49KB

MD5
e1f8c1a199ca38a7811716335fb94d43

SHA1
e35ea248cba54eb9830c06268004848400461164

SHA256
78f0f79cdd0e79a9fba9b367697255425b78da4364dc522bc59a3ce65fe95a6c

SHA512
12310f32ee77701c1e3491325a843d938c792f42bfdbbc599fe4b2f6703f5fe6588fbcd58a6a2d519050fc9ef53619e2e35dfadcbda4b218df8a912a59a5381a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
43KB

MD5
670517042f58651562f284225b8403f0

SHA1
efb637df69f62a296951336fa895f8ae36679acb

SHA256
6c882fef59772395f7460c5321b26f63a6b66607ca5ddc08f79b51d45b3eabff

SHA512
a82b4bdfe8a4a3f699a8070a440bc71110349dcc8cb2ac2349a948e63644afa15b91df2790e0bb5c9ebf971a776e9f97dcee108ce3159612e421b2b63e96756e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
22KB

MD5
f650e6b6cae5279e4c89126960b6b090

SHA1
9f79318b36cc53712c3e7e0cf6e9ef91f62811e9

SHA256
86781350321e19d398b5a3760fd4c0af43764862c8c37e319b8b743f15c559c0

SHA512
eff8025498be7773e063c43137946382c408cb886272ac4c9f8cdc6b2447b8e4d4c559351bcec842b7436b3d7be96c51da967637c8e99ed48822876ded0cb2df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
70KB

MD5
03b690f9597d934ce452d63e24ba89da

SHA1
4d27ec9879394a82b58826aa1be10cd531762e92

SHA256
1658e31bee86090f4836e2bc3c9b99a3c9eeaaede5fc04f3eb224c700ad2a1f9

SHA512
88d784bba822cb3e1a11a743691eae0f1865c796a65bfa354b2a6ae741183d02b71be22c8e5ca29c2014eacccfcf4380afced14fb6548962e740ecc4a3b2fecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
741KB

MD5
286c068ab2d2f66bb0fb0023abedd54d

SHA1
719090d3873cc78a4f4499046ab134c41ea0c27b

SHA256
3cbe7338c2b60a360cf6c242a6fefedfa0c821d2f4dc6121b701c8ea2698df0e

SHA512
5efb0b45c7fc3f22ee8be6f8c5f60a9df7cfc5b8a50d20bc6511dfa1b3b3bbf4e89126eac91ea9b0cf117ee4c4f681f807802cccb83137ff49630406206a6ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
339KB

MD5
f532f590dc67329524fe1332651516ae

SHA1
8d4a91f9bdbd5dfbe087c98d86db12177fba1ff6

SHA256
70b6b71c5bf1f4e73c204d8d2c897c77e3cf8ad228aeb46acf97032290e65712

SHA512
9a620b21bb67eeb10be576e8e181b1ce9a7448660da583099f30032ab4423015a5090004d92595604224b4a2cf5cd8c6d93fbf4c53eb261556320fc689d63495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
49410a405463b6317a4b6f0449600d34

SHA1
7bb58814597909fc269b3a53cc0c53e7311b8cf0

SHA256
dde9eb830182c0a913903c1b00386f560afb1933be3fe3af625b09ac794b3d7b

SHA512
83ac9b5cf0f21831c9ed1715ea223643debe0ab60efd9c46a9841144adfdbf6a0a1232d03de51ed7f7843fa4b74966e0706b2c05f48820491bb45329e0b210e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a62599a42ed4baf53ea663466b8a84a5

SHA1
d43408b057103b03b1f2d4b9849f994794597e96

SHA256
d78d8b399719074ef73b769d0bc66e4d02e8ec63e1c29ba710149ac31e63ff6a

SHA512
c6111b189457f29d063e9957bb73c29e3d2211142c373808166e421f87c705120fabcb438b0d74744c6e7ae959f41f49d162d5409f35ed955822e1d5bacd580d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9d3872200eb29a073525c5d7e958352f

SHA1
5e17e835ae0ff58e4a64f87c9c0742ce36f41706

SHA256
f6115489710dbdf74d18837f0c931e27f2a4e6749ddd0263884cc2cb3f58a2ee

SHA512
0c7a0dcc72d266490d4cba4002a6deee6e4eada732370740f8159441d331f8b0f87d672d9bde1e759212514dcc99ba540e1c24a9ff688c29bc04d89ba1816989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a0f937d8220a8cdc52e005c577f1ed86

SHA1
d744a2dc7bc8ef6082060c3082f79d57c57ec6de

SHA256
61e46f20e714381bdd781a5f8faa00452efd14770214a0263befa4c3862cb504

SHA512
9905518f67f2c67c75dcf084288a68edaae9c5f4e895e23d85506c9b2a8f8d0008b08c3b595bb7cfe0551341c4bcb85a3671e4bb5efb45182e54cd8a4fa068d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
881B

MD5
f5da3bae1fac76c680cc157f241a615e

SHA1
9c65d461b985e503d1453eb3a6358ccc04fefd6f

SHA256
06500cd62f01286db04bef9325498ecfed42ae8a32464c1361ec4ad3283feb5c

SHA512
a195d8c4412fc6c66c356db122aa0c879ecba24ae8bc74ea8686fe9de2010a607dee8e7d7184a19f8e723f13b57e7f0a31dcdb28094a649528691c0696bcb7b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
958B

MD5
5c90783af4ea09d52f8285d1ee54b63c

SHA1
a61ffe4833e888d9f599b15a257dd399bf8c239d

SHA256
c4ed83bff79fe1789c232b93eab3f524dc6077ebee0f65987c0259bce8cdf394

SHA512
14520e389709d71c9df9e5a510b8049a0f282aa627260355a09f11af6d7456f3a2978143fa5790ec04bc823e609e74fb18f4360ec4cc41a09436f1e058373b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
100b5a02f01aa0e779e8c593ad4dd2a1

SHA1
ec3da43d9aae500ba36f2357dc2d11c20774cc59

SHA256
4c3e94f15e2f46c9268d5b0bd325b89e69e138241a39611632958d9b663c028f

SHA512
74ced8b81c6fc8c4b70d74c29242d87b4427fb551aaf0746cec7b4afab815b32da0eea6b8d2cc22cb9d6739be7f9d9db985fbcdb3daf46feba153afd63003be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b03f334f516803ed23fc3064ccb4250

SHA1
4c2fe6e5fc3f657137a4af03cfef23f91d0f04b4

SHA256
83bf90d1cadcfbcb08717b16da7d66fc31d4ca88f064221e5dc9cb9817be4358

SHA512
f0e365965732571bee5fee9fe7d2733c4a209bc049618f854d117e6f6e816ea70fceedfef0a4d2c2f2e8fe3bf70e078da1bee68ae8bfb027cc115bfafc0037fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2cc673c64a579a7cb9c886eff0b75e4

SHA1
47ba59a03e982bc3892afe4dcca8fb5804412c5c

SHA256
8b29bb798af954f4b45765af5067b523e18950b7a040ab608432be6799ae66be

SHA512
10b8a0aeec32f1c79a1dc94c313988f876c71bf16075448c31c39579e287168a96469c7fec461d2af1c99367ac710ee1771d81f7f22e32fb7ea4c4b7bd4b3581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e76b063190655dc6f323cdcbee4a20d4

SHA1
214ad76307c7526544c499e627791dcc6e4f484a

SHA256
d3567767f6124d58de14aab807898b1b9ee6beed0ba2eeebea459e16a6154fbb

SHA512
6c052f02184eb53e9202fd9387c4153ce35f05b6fc2e5481fc81391f07b028bca8b0f94ad3b8c69da2ddefab2e71860380eea6b2ede1179f9b82205eff39f66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0d1d8e2e0ebfe7ec15ab091233f9716

SHA1
e17140c1ddf87dd68271733767c3a562bc9a3adf

SHA256
ac634a7d261f1d70aee8f7be0f303c1568c24c464494a9fcf384e815c650a816

SHA512
ebaa099a0caf925e3affbc7c70b3ca40628346f1f7db75c49cc95fd0faec4eb4b1cbb2909046599800d3e540c604c764e68d1b9f4e4554305a48dadb33d81392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2746697abd69af41e9ed3ff967bfdabc

SHA1
b675946d5cc3b78611167aecdc0686a9aeaf6675

SHA256
54de9032e1c33efe55bafef9e83741f30374374652bae82109ad81cd3a0190b0

SHA512
172a2984e11c633bcdb4b55f370a7502c19da66a50424a602588559c719abfe722091d82cec218413e4b84d2514abb4b209a438ead76c7422601cfdf9d874e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d1e4d257c4b58a9309559f29a0d75da

SHA1
d6b53ac9c258f3ca0af934e275f1cf85499e8ab9

SHA256
dc326d36699c3c01b267c7b7f3f2ec2a43dbad35efcf84e657f6a4eb4bb6464b

SHA512
5d1261b32f528f3813d0a84d2add0bf9dcd63fee3baf533ea6a79a3c0b495dfa1bd13f1a9a87da6742f0a3230a81ab629e0795f63b0c538ea558f2d99bb01890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95872cb78eecf2aebdc48e2252bc07bb

SHA1
34f558314c16102563b11625bbf16edc522b6d4e

SHA256
d6e9628727e6f264880017dcea04daf8911421ae34c9046f397557bea2d7a64a

SHA512
23188bb5fe3557918b1fd9ebc963a6c1a30648bdffe3363a28159dfe05f4a2ee25665749e7ab594d0b3bb7c10effac8e00d04ab7e00c14600ad5bf37fa03f414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1414eacad92e74569e06a79395143f43

SHA1
02f3a402cd2da21c47a5ede097d9437503fa7021

SHA256
ec901330eae5bbac780298f2f159d192c19cc30afb4e9457208149a8c0dbc6c1

SHA512
c199bb773554f66fb9849f678cb504a098a1221e33505eb02b593d2053bd79b148961c458f4b0c4fcdfff67a32f1a6cbb50f47d2fb608652c9264313691e0e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9721238631e27376d6119b5f2e54f921

SHA1
8d27c4347ee7ebae1ed63504d762ad0fb33462a7

SHA256
7c25b0081d8579959c70c7da770686d9977678cd8d0dd1bf3869146961b3938e

SHA512
68ec614052972c92ec332290442f0d6afb1817210e594bab8ab0ec1279f972494207554914500a52093b487ecc5779fb425f7a7faad7cad1707e65b9d5a2e620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
836cc675d924c26958a1b15779df89cd

SHA1
5a1dd7ed1ae800297da5a91424ed01036268f4d4

SHA256
0a0b39418028ac5f301fe8d3a0850dbfa9ffed551897c43af247a3c401fc39ab

SHA512
b7b0483d267c06037b356bc840a4f56364ab08cd291dd761d79c5e882acf501f7206943c7a0ccedb20d0ff016b81b6276c33214f41a6fb5f76fcfdb7b6f0047b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
62e67d51a51d8c5b311fd54eeb7e9378

SHA1
5e960a2aaf29aa1d8adc1e65f7f083059daf0e66

SHA256
d8e03945aa98039b05b161f6f4e7ded3232c1d3124b83a546309bf69a1e5e9d9

SHA512
543f4c95e158ac6c8d43876aaeb0c18e03aa637b3fd27755a03245146704dced177cea47368174d034b3d3674cb1ec66ca0c24ded15b6f79b253fd7e8c42d345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07de0265c3e3af14339692d1a8c7ac1c

SHA1
bf57becf4155e05094cb96e4fe4bf74367ac2c69

SHA256
991460d4180535203b7c694822404561ee0cc95304225b735dd175ec78cd7448

SHA512
8d894c34a6b5a7f59844f6004b57b49299f557073f298a64a0a1a77653fc1606d3e65a200f13de5602ceeab22c85c749714ab39a5b9b087f9c3ccd1b63c46748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
513a2f0b6a6159d7244e7697ea73c45a

SHA1
b68281b8d422af6d2b365f5dc6b344b24fb8d25d

SHA256
1490f69dcf88f849bbc160101deeed8ac1aa0dec5f6fdf2fefb42a3710477533

SHA512
19ed7aeafea5af51218affb1a9125d7ff3d78dd5522d6b9a7692b8c62c3559d32b4ad73650c1cbec78eb3696cf6a4e90ad3744b4af1da80d24fe1804960ea70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e06da48e7084db787801ab3e9b40269

SHA1
4935d943c61d531fbba84df1543b53dd457f50e1

SHA256
47a2a69b89f05429246c86fbbbce029e2d9f4b2a6cec1c0d1ca1b5621bd3811f

SHA512
393078412db3150f90638064dadfff76c85baba97b4918902d3c402885e5d70b7162908742fc1af9e616b43a255bec1e09e47d4721ff40b2dc45eb6012b5055a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588da5.TMP

Filesize
1KB

MD5
ce8ae291488b9f826a9b7fcd59ada4a0

SHA1
ca250cbdd0481182cc901363dadee4ac08d5b85b

SHA256
ae3c374fa59380f26c88f8fb50ad026e08235457cf3a4afd9eb2c3a7f931ed4d

SHA512
101c7c77a74966505b8e50b4a16bb400510f878ee4c10db8ae51271b0b322b170b943e22f3ac8c60f43de0563b1342124c81d91ece0e9fcd581e7d786595c319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3195048e42c407b2c3d416c9ef6703f1

SHA1
736594756670e0c88ec375ec3c4bd37a868ae16a

SHA256
f2bfaa6c523f609cf81ed073cf50bf5461a9d3d2415a084f631c2a29de5b2d48

SHA512
693b912c417a95f8ac4a8677287d5e155797acd58e4150ce864d04c7987bdcff6d79b515733121ef7df18e7bc9a38e6be5c3a5166fa6237d3b3234061bda0015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85a09c02a7e6dd6cf53095fe83853a61

SHA1
8875e206865762f7499132b69362ad665d2a5417

SHA256
cc6bff2ea5357a12091f0f3f74b70ad90420172f14633cab63580822b4972af6

SHA512
4c648faa8eab24d9e36b459628d5ccdefe79a11630d60bbf9388d854a4320684844508bdfd0a266baea84034ca28201ed9d0bbf41f0b4a159bf51dde0cf30243

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
b1f935cbd0a4e7baeb4cfa73725bb226

SHA1
e5a5f4e788f95ccf950f745d01b8956dd14cb66c

SHA256
d7f24ca6d10c289d45cce23f5a19cebc0ea2b9c6b867f6b4b23c4effb08180a9

SHA512
8891f8904cf16da4ea8ccfc8bb993b6c0ad3beb7c146765d22e82388d2c4f4f01d84c2979b05b6c4bf11e1e93430454cc83dda012010ebf3369d94153327592d

Download Submit
C:\Users\Admin\Downloads\chrome-extension-logger-poc-main.zip

Filesize
76KB

MD5
ca26ab7be0fa85d56d8db183e908caec

SHA1
1e53eda32e20a1f6633c30179118f2973fd18767

SHA256
e760efaa276e98bbb12e4b5ebd8fa1a1443e128f886a67459dc6e398ff1171d6

SHA512
11d93d9322d33a6bd8496e1b2ffcfcb2808524d8287cc035aa557ac4b0cc15fa5d83c21b764354bca09e8e78096d1837356d56ea1e0d1e3e089e6352d2da4520

Download Submit
C:\Users\Admin\Downloads\chrome-extension-logger-poc-main.zip:Zone.Identifier

Filesize
185B

MD5
d89d802ec7c5b64a05f052ab846a9b64

SHA1
7f8460e94d0045d42c744da191393a2522ce34f1

SHA256
4238d4f187deab9604365bd09694501395527106d89ad8780cc04771d28975b3

SHA512
ee1d44379393cee7c8bb1ac0ae5aa0ea79c20813886cce96da70e2f4e783bb0e1aee39b6855ff42f7acd03f291bbb066e3aa3a362420f2f25f4a52fc2001598d

Download Submit