hxxps://steamrip[.]com/rebel-inc-escalation-free-download-x1/

Analysis

max time kernel
149s
max time network
156s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
05-09-2024 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamrip.com/rebel-inc-escalation-free-download-x1/

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700128864142030"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steamrip.com\NumberOfSubdo = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d56445f48effda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "10"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\disqus.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{A6A5C402-C84B-42EE-BF2F-94E58027ECDF} = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\OneBoxLoadAttempts = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\disqus.com\ = "24"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\disqus.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = d19793fc8effda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "544"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "653"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2251f7f58effda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steamrip.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "62"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\disqus.com\ = "16"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamrip.com\ = "44"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "100"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedWidth = "1280"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = efa2a6f98effda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamrip.com\ = "100"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\disqus.com\ = "43"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\disqus.com\Total = "43"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\disqus.com\NumberOfSubdoma = "0"	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
4260	MicrosoftEdgeCP.exe
4260	MicrosoftEdgeCP.exe
4260	MicrosoftEdgeCP.exe
4260	MicrosoftEdgeCP.exe
4260	MicrosoftEdgeCP.exe
4260	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4540	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4540	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	244	MicrosoftEdge.exe
Token: SeDebugPrivilege	244	MicrosoftEdge.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe
Token: SeShutdownPrivilege	6120	chrome.exe
Token: SeCreatePagefilePrivilege	6120	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe
6120	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
244	MicrosoftEdge.exe
4260	MicrosoftEdgeCP.exe
4016	MicrosoftEdgeCP.exe
4260	MicrosoftEdgeCP.exe
4248	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 4260 wrote to memory of 8	4260	MicrosoftEdgeCP.exe	75
PID 6120 wrote to memory of 4624	6120	chrome.exe	84
PID 6120 wrote to memory of 4624	6120	chrome.exe	84
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 3768	6120	chrome.exe	86
PID 6120 wrote to memory of 252	6120	chrome.exe	87
PID 6120 wrote to memory of 252	6120	chrome.exe	87
PID 6120 wrote to memory of 64	6120	chrome.exe	88
PID 6120 wrote to memory of 64	6120	chrome.exe	88
PID 6120 wrote to memory of 64	6120	chrome.exe	88
PID 6120 wrote to memory of 64	6120	chrome.exe	88
PID 6120 wrote to memory of 64	6120	chrome.exe	88
PID 6120 wrote to memory of 64	6120	chrome.exe	88
PID 6120 wrote to memory of 64	6120	chrome.exe	88
PID 6120 wrote to memory of 64	6120	chrome.exe	88
PID 6120 wrote to memory of 64	6120	chrome.exe	88

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://steamrip.com/rebel-inc-escalation-free-download-x1/"
1⤵
PID:3616

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:244

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1044

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4260

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4016

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4248

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4540

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa50169758,0x7ffa50169768,0x7ffa50169778
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:2
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:8
  2⤵
  PID:252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3820 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4784 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5244 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5408 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5440 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3080 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3644 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1180 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3124 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5672 --field-trial-handle=1872,i,1498137665207891162,13809099942579823369,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
39KB

MD5
344e0398d631c370148aca30dc4911aa

SHA1
d9c204bff575f2ad947ff7dc3fbb8bf37cf41804

SHA256
af1b202f16299aa05efb9d5c07aeadea3171ae3530ca5873c8e100c46cfacec3

SHA512
eadc8c6f93c8355d70b3b3c49043820eb6838b94d85dc6758fddd78a90c381f3a530154f8b353a6bf84b805a94f6f78af792621ce59d9868de482de5fac04b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
74KB

MD5
a06da7f0950f9dd366fc9db9d56d618a

SHA1
509988477da79c146cb93fb728405f18e923c2de

SHA256
5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29

SHA512
b53d839c5464f7a2904cabcd1e7d6456e2ed1702254450833fc586f4b3a4e6dc07c24f443415a2710e241af8d2dda1b9c17f050045e76501e9b5aa2cb4801ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
77KB

MD5
b15db15f746f29ffa02638cb455b8ec0

SHA1
75a88815c47a249eadb5f0edc1675957f860cca7

SHA256
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

SHA512
84e621ac534c416cf13880059d76ce842fa74bb433a274aa5d106adbda20354fa5ed751ed1d13d0c393d54ceb37fe8dbd2f653e4cb791e9f9d3d2a50a250b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
19KB

MD5
014a7af2ff2b33ce6e0c9eab71e25aab

SHA1
6f6d11786f1e9b878ad3c89338f27eeb94274d46

SHA256
c5ed0c3766d7337d2da0a649cf37ffd1d0037b6664010f7c5b797f72443aaa73

SHA512
0efcfee4429a76fdb0e8e45622819351845c108652ff9e2df10dcd6683658e32ff7f3398fb512f38741c514d6b039c63773cd156a13851c5f988644c78bab99e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\737fe554e45483d1_0

Filesize
19KB

MD5
35b4eb87d3c0a20d58a6e448c29c278a

SHA1
df5d35b349ca45772e64cd1e43865004899d2f11

SHA256
53cae02a5130b263463f0a329a1106f56cd4674a4cf94528228259e286efb494

SHA512
d85c33b0d6a3d12c60b0b2341649babe7faab6571fe19d95423371b8a67aebfa66cb97925ead069dae6a1690fcd2894ca3040191e4f51cbf6325269bc578074b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cf9d5101e93bbbea_0

Filesize
280B

MD5
2339cc2e695acd73d5bb20aac2563473

SHA1
cda3f1c2137f0b124b87bca65efb57761b36ad34

SHA256
cb6390d1e5b701e80a9352d0a2a1fdb50ec440d9f0ac6312944d897607d23a7c

SHA512
c2a1ad3bbcc20fdb34716d01990b102c778a7d7848851be87e6804a50b75f488a032beaf5611c0093a92d66251685b25f1f392fcb6014bc6901fcf1f87a0bdb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
1b24a31746c5dea7dcb4421e7ada17ba

SHA1
dd6afd5cb3666a9daeb42aec1229f19f93f4e29c

SHA256
15ff551ec8714acc98a44fc0736364743a46a790822524dfc1ee4df57bbc72f4

SHA512
caa10afd08b11206598a680c9f4ea9b205d8ee25377bd991660da3bf0ec24760e0f820dce91683dc55ca5df86edc6802692b9c6b7b41281207f022bcfbb3337a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ddb017efa15d7f1936baab9596a87193

SHA1
fc77f3c4da99d40f250552d81506f1e7bac39a78

SHA256
11283f8d9f4c5a6ac04451b980c8189e603722aadeddde7e43e1651896b30c06

SHA512
8afaf74882b6d79ff64435a5a8a81676cb30e84d84a809d680504d8bc1913212177491f60981889a14d6a3812c61c151793a646ed4ac9ecf3d548fdc1cf42170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f07ff07ce0a1e7ff3a2277282c7defde

SHA1
44d762f04de9f3841cc994d757c1434b7fba55d1

SHA256
bedfecfb12741c337f4cffd139da52cf05764a055ed5fb12cb7dd6c1be331b11

SHA512
d121a75dcfa4cb7a204c4be86dc3c79dfc6069ecaaae4bb212454aa793e952c7fe19beb22fcf0cd2b1d022488624a4af1984b1ae4d864d2e32626aa2e0fc0a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
55d1e59910bbe183caf993bc78b1c7ac

SHA1
00fd2c6ffdf3d20b652171a75d9902f4e14ebd45

SHA256
06800f0e6ac3431ca662e7ba56dd223147a9231e2059fcb758abf4cecca9b1b9

SHA512
e38d64324a521b90fd1c5db35a8377e705ebb83fc29a1456c0474bfb44b01a7e1b6a73bfe48f88a4803dc79a669a474fd47e7897b8d6ffc1aaf058b5c0a69ca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFe58e104.TMP

Filesize
1KB

MD5
11e8682598168887ba54619484185f02

SHA1
46b18453298ab7b6da12f4bd589b89cc8ab12387

SHA256
f17d63413be3850ea190f1263bf461703c491bf431b1ad3d1e161463090b54e0

SHA512
ce496005f8a1d515328157b1c0874fc1138fc0ebd0379677d672918c520581428f48e10ba130cdfc82de079a0d9a3e5a9fef54162b9bfba71471712123daeb95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1104f9098a5e97c2e33f8c971e3218c1

SHA1
59f922721b792018c0f91873e890e21435a63ffa

SHA256
864a750fc2c0669c247b6caf3849dbf6f0103c10934909dd95a3c1c73befa580

SHA512
a77c82f5d17a7321303ba129e56da14de1be46bcb415fc80eb3c7eb1f1d1b925d78e92e0e0c9beb96faba904cf98ef9f8866c91f08c89a47b4ef3cbab290a885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
be6a6d15865d01637925c9b28b3fcef7

SHA1
c65f479370dacececcf52c98e642d95bad9bd452

SHA256
07eaade55e0553dc30518db2a2c15ef20f39807d0a489b5e4b502cda4f61c311

SHA512
41312b36cb5b26196a83024cae19ec32ee46abfdfe098bed0ec4d8647099546d59dde152ae348e5e471c6ef9df51141229e2a86993e161657c40a8cea9a5cf29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
74f1648ff6842802c61746a42d008bba

SHA1
56dda4bd3a90375423e4a40d5a9d64a1740e3ecd

SHA256
35920a416765ce5279765b06c0cc03393abe57138fc9ea7578b453f68635178d

SHA512
25a95f31cc2cddce0976592b8024ef7aa45c44bc8e0313f3376c54c95d403abf2f4c6a23e358049ad9c307f8c6e453798b9c31f2aeb89571458a6348c8589d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f612d2afb082d3b4bb80b9c667baeeb9

SHA1
d675ea098b02148f1085574bc3fa966e19d4babd

SHA256
6741d128cf927092b3417b2aff5b1ad8448e9bad655b88e2aea209501143e481

SHA512
4c082780131fadbb67749781e5628474fdb876c7f5180376e9ac4c1c3b66c4a57e2d8a17aaec21aa73bee968d67fdf58de7d441894562d5d1a6a7e0ec9883a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c61b4e286deb75a99cf41e8d55bdbf75

SHA1
04527d7802fe41589f43dcf38ba2e18f3568fa68

SHA256
c0f2ea300cd1ea8afdbe616b89a2bdbd4cc91f1b341f93b3a11fb64a0216c291

SHA512
33104248e5eafbb7188b705251c0bafd7f37742bc3f317fd07bb65ba3b07bb2dfb5ee60148276e1b5e5ee9c407e90e62ab0b4fa36b00c007c894327a52fbcb57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
316ded3d8dc8d76d319bf1e7de77a102

SHA1
848a79e09f6d1b5e8844b98a841e865461cfad58

SHA256
0a4c1de739518d25e2f63c36f0be800cba05c6a32e09d747079b80911b6a81b5

SHA512
761f064978b418a6e181e89be6cc5959da0d5e4d9c7ab58f4cf69e223967746ec6ff41d81a15c7180d39f608dcd582e5f4a9e7493c79285bfdd0ecc7d5bc5070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
95fb22aad174d73042e7d558c9574b0e

SHA1
d5bddca1c1322e6046dbe0ffc31fdd47a46d1f2f

SHA256
14fc8affced779027ee02230c0e6276958dd23684794aaa7f15babeaacea3b5a

SHA512
c2a8f4210766f5ed0acd5bd4e165858f02b5105591c35740d9400c9b4dbff39dbacbdc95e40eb2e9917d31a99bec21d976294fec674dc43be0103f0e7ab04e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
4KB

MD5
a6df37f329a2575bf887b2dcff35c847

SHA1
43163bc0f1578293fc984f6978082dd73590c28d

SHA256
ea9bdd81fac00a71b76db9747f3c87b19f395636d1762ef4764410a623b14bfe

SHA512
5318dbf86c3c9ff48c240e8612a221c82eb6ca38186b9ae4ea6c9da3d05506876aadc74381edf23d31148da274f8a732f52a871b512b41944dfcd8ee7629f59a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
d46c987f68b057da748bfc64674258d8

SHA1
f6fd391ce46ab382acb582a68419e007ea5610d0

SHA256
2f649924acfde214ce602b6369348031b317cefd3e8544840c30ecc805422195

SHA512
adb47cdfb8307a23f6a8ba9976d17d6a4bf87570bb3b2eef323b78a2be4d662483818e784065a7d96369880d3563dc55a68a0992919a2ab17fd1fe0b9d4ab758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
a53775538e42306af8a653ff14c1e8a3

SHA1
407d47cd2e852db2c439db67230135def5ea8943

SHA256
430abc2505a4e48e2ad912e730b5c332afb237df24ffbceac8242fe961a76ecb

SHA512
36e1204894b5e35a783cd6e8642b55f53cc08a135051e9354fa0d8fd6cd15e11a71f0bb76f5c6376a50cca67717e78f49dd0355eb9ff2040ce72fec74e254c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
51c0f00a572ea7558f2d28383771daf3

SHA1
9d6bb43e9724e9b5297ea4c03bf28662837f3283

SHA256
f16e8e0f4b050c383f230aeff2d7e94ac60fae079791b6f4cc41fedfebe1e7fa

SHA512
2e5bc7293cfbacc9e73019c7cf5e1daaf702dd5aebfa39100f14a220034e8b5c30cd8fecce60afcbfd4627638471de8b7770eef663b8555fb336c02125e8a3e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
41566efab8e7d0dc3dbeb86575d9e143

SHA1
3bcc6fd40570fd4d9ecef9905e2940cd6b5c4b25

SHA256
24e42f2785bd67b4f3ca9964cff8719000223c67e7a4fc3b67ef3fb4ffddb390

SHA512
b0ea794f967f789e16e113c30ec418ca00a8a653e15f5796acda166f0cf05713491ed60812025c296732a4022ca4550382a3750e28fdf2e1f69914224797231a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\common.bundle.789c57e7383f99787817dfc19bc98749[1].js

Filesize
279KB

MD5
76293b9922cbee0479c8c6326c7f245e

SHA1
779efc8d88a0dc4e98de3d3f5cecfcf1aa2694d3

SHA256
00f946110373b0305814d8c734b3ea32840c7b0c993cca7905815d88ec6309db

SHA512
44b252b907f71648b3fd70a5cd8dc9203d7703d804a07f5cf9a2b2113c3d7bda7ee1450b7bcc5185ec90d65e03dc86da98147e70f13e250b372b052bdc8a211b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ECV9EZKM\disqus[1].xml

Filesize
239B

MD5
164686148382361aa8267a7fc6ad165c

SHA1
b31b022b908f3ae1c7d75d1194f85141da33a830

SHA256
ec5a37321721608c67fdccde6c4486d50a18a5abc2b7f63006a2bb830bd73c11

SHA512
1579d317c2f514d853634dc5f611e3851b2e1fba5cfb5cc51e1711209acee2964e413069b7caa8d5020e2de13467d63046827e5db77c4b54b23ffd1e47974a6e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\VIXTK1X6\steamrip[1].xml

Filesize
160B

MD5
febc3abb0db4a393d539377ed2a82098

SHA1
fe64dfb44921bddae390d809ce2b4fd937ba4b2b

SHA256
29455bdf8cf36ced62901574400120860aeb0a5a731edce4170cdfc31f69277b

SHA512
c20ff9789bc44216a5d754519d92c0817b374e271f0d3dc955fd923ee81217a400ce3255a1d888987da3cb2185b3f0352a8341fb98481e03dbdadc3f8362a1f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\VXVL5QP0\www.bing[1].xml

Filesize
1KB

MD5
320632e2a960c3e62372e765f232fcc9

SHA1
c476f156a086ec2c68e855a75e5c1c8273610a34

SHA256
a3a4a63c5fd26cdb25ee53b46e30ea0f79bf25f084857cd27795b45bd5f4fd83

SHA512
7a97b0105a6d922df4a92300269568e66d139b0123d7d424c837c44cb4e6a5bd926c0b691c0323110abbc20dd472e0e876ef179d0efdf50e1433f670a5746e1d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GAI0CRMO\cropped-favicon1-32x32[1].png

Filesize
2KB

MD5
f15373969db9539c119b09dbfab4686e

SHA1
7f96475ca6a090c6b01a6bdf62d9bc55601a075e

SHA256
40eee69f43747f1b85ca26e67fbc82cda2ac1555ce778754cc1ebe1b41b518a6

SHA512
fee8afdeee2c4301392d3a17d800670ffdfbe3f842fd3616cc8671dbb87253c528ae8dc7c8d15b76ab5e84160d38c4895c8066a57fb6ab06b2bce71410f9522d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF954874DC309C5BAC.TMP

Filesize
20KB

MD5
fdd9e0dd138075c566886ebe4d18ae48

SHA1
5c5b35236c995bcd7ea4639efbbfbdc2bd9e9fb4

SHA256
fa4ccb17a91263226dfe010d8f796f73e61fd1f77814a43e9a301dc4f66fd0be

SHA512
b3eea6faf16a69c2c08f680f7361c63a3f81ad0165be9c357d34fe43db21b07ea43e69865a881b427d828db49b1538ff840a56cfa8df6b625b836c9a2305e055

Download Submit
memory/8-296-0x0000024F76C20000-0x0000024F76C40000-memory.dmp

Filesize
128KB

Download
memory/8-319-0x0000024F76A60000-0x0000024F76A62000-memory.dmp

Filesize
8KB

Download
memory/8-603-0x0000024F63DD0000-0x0000024F63DE0000-memory.dmp

Filesize
64KB

Download
memory/8-599-0x0000024F7A700000-0x0000024F7A800000-memory.dmp

Filesize
1024KB

Download
memory/8-601-0x0000024F63DD0000-0x0000024F63DE0000-memory.dmp

Filesize
64KB

Download
memory/8-600-0x0000024F63DD0000-0x0000024F63DE0000-memory.dmp

Filesize
64KB

Download
memory/8-597-0x0000024F63DD0000-0x0000024F63DE0000-memory.dmp

Filesize
64KB

Download
memory/8-527-0x0000024F74E40000-0x0000024F74E42000-memory.dmp

Filesize
8KB

Download
memory/8-503-0x0000024F7D520000-0x0000024F7D540000-memory.dmp

Filesize
128KB

Download
memory/8-495-0x0000024F7D000000-0x0000024F7D100000-memory.dmp

Filesize
1024KB

Download
memory/8-494-0x0000024F7D000000-0x0000024F7D100000-memory.dmp

Filesize
1024KB

Download
memory/8-61-0x0000024F64410000-0x0000024F64510000-memory.dmp

Filesize
1024KB

Download
memory/8-131-0x0000024F75830000-0x0000024F75832000-memory.dmp

Filesize
8KB

Download
memory/8-129-0x0000024F75810000-0x0000024F75812000-memory.dmp

Filesize
8KB

Download
memory/8-127-0x0000024F757F0000-0x0000024F757F2000-memory.dmp

Filesize
8KB

Download
memory/8-192-0x0000024F756C0000-0x0000024F757C0000-memory.dmp

Filesize
1024KB

Download
memory/8-321-0x0000024F76A70000-0x0000024F76A72000-memory.dmp

Filesize
8KB

Download
memory/8-602-0x0000024F63DD0000-0x0000024F63DE0000-memory.dmp

Filesize
64KB

Download
memory/8-195-0x0000024F75D20000-0x0000024F75D22000-memory.dmp

Filesize
8KB

Download
memory/8-204-0x0000024F765A0000-0x0000024F765A2000-memory.dmp

Filesize
8KB

Download
memory/8-208-0x0000024F76600000-0x0000024F76602000-memory.dmp

Filesize
8KB

Download
memory/8-215-0x0000024F76670000-0x0000024F76672000-memory.dmp

Filesize
8KB

Download
memory/8-202-0x0000024F76520000-0x0000024F76522000-memory.dmp

Filesize
8KB

Download
memory/8-200-0x0000024F764F0000-0x0000024F764F2000-memory.dmp

Filesize
8KB

Download
memory/8-197-0x0000024F75D30000-0x0000024F75D32000-memory.dmp

Filesize
8KB

Download
memory/244-16-0x000002044D120000-0x000002044D130000-memory.dmp

Filesize
64KB

Download
memory/244-371-0x00000204555F0000-0x00000204555F1000-memory.dmp

Filesize
4KB

Download
memory/244-370-0x00000204555E0000-0x00000204555E1000-memory.dmp

Filesize
4KB

Download
memory/244-35-0x000002044A520000-0x000002044A522000-memory.dmp

Filesize
8KB

Download
memory/244-0-0x000002044D020000-0x000002044D030000-memory.dmp

Filesize
64KB

Download
memory/4016-45-0x000001AA3C480000-0x000001AA3C580000-memory.dmp

Filesize
1024KB

Download
memory/4248-356-0x0000021590610000-0x0000021590710000-memory.dmp

Filesize
1024KB

Download
memory/4248-418-0x00000215A0B60000-0x00000215A0B80000-memory.dmp

Filesize
128KB

Download
memory/4248-423-0x00000215A0EE0000-0x00000215A0F00000-memory.dmp

Filesize
128KB

Download