hxxps://is[.]gd/zuaqm7

Resubmissions

18-10-2024 17:11

241018-vqjtwaycpa 5

Analysis

max time kernel
132s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/zuaqm7

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133737452704465951"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exe

pid process

4584 msedge.exe
4584 msedge.exe
3680 msedge.exe
3680 msedge.exe
4416 identity_helper.exe
4416 identity_helper.exe
5404 chrome.exe
5404 chrome.exe

pid	process
4584	msedge.exe
4584	msedge.exe
3680	msedge.exe
3680	msedge.exe
4416	identity_helper.exe
4416	identity_helper.exe
5404	chrome.exe
5404	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exechrome.exe

pid	process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe
Token: SeShutdownPrivilege	5404	chrome.exe
Token: SeCreatePagefilePrivilege	5404	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

msedge.exechrome.exe

pid	process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3680 wrote to memory of 1296	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1296	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4160	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4584	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 4584	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1964	3680	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://is.gd/zuaqm7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8df6046f8,0x7ff8df604708,0x7ff8df604718
2⤵
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2
2⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
2⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:1476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
2⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
2⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
2⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
2⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
2⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:5140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5167799756582519491,4206788285970736691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:5216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8d0cdcc40,0x7ff8d0cdcc4c,0x7ff8d0cdcc58
2⤵
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1836 /prefetch:2
2⤵
PID:5672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:3
2⤵
PID:5688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8
2⤵
PID:5748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3376,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3168,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:1
2⤵
PID:5956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3720,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
2⤵
PID:5992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
2⤵
PID:6112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5020,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
2⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5044,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:1
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3396,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:5244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5168,i,15892641381408068599,2760765316501841283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1
2⤵
PID:5200

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0eb7a0e20921eea404211ac17bcf2add

SHA1
8c191ff460c2d6ec98d36a40b7a2090b85d2d464

SHA256
c0433cf5b6722067690cd3e31f5d19eb5afda692ebd38fd8647b922b18bcc10b

SHA512
fcd3a75cb2b9d6f872962815e9ad7a3dea5cca51ec84e4a7be906380f9f5c38ddf9582e3e308efc509ce36c356728f63b1075f6bf83243ec6930fd37dfe1978b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
46180ca6f684c93c554225ea8eb50f87

SHA1
7cc79cb966413802549c8f7c4278d4e3b93d46df

SHA256
f422539f603abd902b52da3f68b7d4509249c09c341c579702704a5e8d9e6836

SHA512
53b1e8a36e0fc9155bee0d626afb0951a68cfd497837d63ffd3d6009fcb14a6e0f8f06945510fa50b180bc230e04b5f40e70e5efb221c138de8c161d33488897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1d67ea58e4efb49b18055b2e0dbb218f

SHA1
cb9e6bc12efbc6648806dcf0425def26378a482a

SHA256
e0effc0ed9cfafdd480b998ab49c542e115cf6da543eb7f62ca029b4779cb8d2

SHA512
ad57706602ca139a9190943e5ac4b5d2e6c8bf5b44c8c66e64edf33211ddb64a67c4336ca85bae78cfad0bd23a66127a457781611544d9ce51876a6aa0d76827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
abfcce9181a32347ff77cf1f63bc9038

SHA1
fc5279b429a0cf24910aa35a2b83785d0c5db445

SHA256
dcade70edf0a896c68d17059a6d9c4fa1c8271880f3b323240e000a5dd17a625

SHA512
115b389bbcdf3c291c7cbd7d3d3c3f459158a2e766dfb889a49bb67b755ac7043e53b43276502ffa2e25f7c473cbd0f0cc3f9c1024bb2c631036a42f6f0ab1c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
28fee828ad802446969ef97152647b9e

SHA1
1043da7bb06009ac19019264e9c9e33360a20a0a

SHA256
82e80cfdee2c304a9ce2f9a3fbce4a8a1f565085cc6ae5217df9dd4e113a5495

SHA512
7f514838bd6f7d4a473b26be7e6b01d14058712896d8f27852a68088a340a0060484d9e62d04e3fd155b054b385df4f3746f6d92c89c3c81392a6ebbf5230bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c49be9b3238f418303afe5d61cc3e6eb

SHA1
cee3106fed37e9794a375797d4bf79c5904df925

SHA256
6a71dae66ba2c094522eec9dfb169338903d1781bb3442f989747ce25d2755a9

SHA512
e5107350befb5e713d3d67e0deae92d3b4a2d7556ef1058c1933af0f40893317eee509f1e39ebc78e21434de630bc38fec8170aa2815ae08aa59916716d8adba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26a7998b630c4769187673aaffcff7fa

SHA1
029c6d2be4d4d8cc1ec81cadcbf797e2d6bd0b56

SHA256
75c409483e984ec809b4894e848b58af4a609ed66ce75d365516cbf9c97d317c

SHA512
755302b809128e7bd54635291a0fb5593372e4e0de00134c14c40dc6f444a3ebdc40b40d8852d704459d9cf76489ca6c46a97420c0a950f9e7ac7c6672663b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9fb55a115f4e59c658ac7fb6a717c489

SHA1
3352afee76d7f9b70090e89d8639b58f8a732418

SHA256
0f7c090a1ea1280210c0c63d69d4ce11f9bee3c8e4a51a9ef66ab0e51a9f9c54

SHA512
b711536c5be65311760628a86162843ba55af432972b3dedc6d2e3409230ed71b10ba9f89787f3011400a182781c51fbc713cad5f60d66391efe3c2e39e48cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b30e298524e57ba8d8c8051c7e0933b

SHA1
c5227b93a007bc281109bdf11a8b0751adb04723

SHA256
ad85151f358d9a636b861c7b18654688263e13c351430ada7aebe83921210b45

SHA512
15df239cc826fac2bba5379bed913f26c815b9471e1d5848e566aac76cc7dcd19deb76dbf5ede770162aeb887d0c129b71d140584878115dac35ca30a42da0ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
101d7cfe6453e6e19840fc6adc37a8a4

SHA1
1823a5c1a23ed2463cbde383cd7a26ef85375e94

SHA256
621020771fb5678b89024cb20cd5abc5da7ef2d867c92816c6c67e2b9f541b1f

SHA512
d09337dff97e7d713c32142d9f3d67a6b85bbea5c6b73d2ae137d8f329b7a8f3a7a5bb6b68629b34baf3c43be5f4ba43d5d93579c8a21b082d5110e35e2d4ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e6d3cc03bf370d987d93b8392b9e499

SHA1
3b540ece86da93b50f482ed701e635a40da51cd1

SHA256
04cc701c5551a8165c9de0dcccb135bcba4cad67e71c8accebb4fd1652c67d4e

SHA512
2c5a5eb52f2ae8ba077cb1b52a9258a171d7d4d781298bd8d2059fa77bf2d8aad9269ce70bb1b5f62f0aa8d29ccf3be4bd81a653aceb16e66ada122f1d4c453d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
72a5601120019e2f9511c3a3bdfccaf4

SHA1
30ad8a761b2c699fd1ce6044a6c2d2a79415db83

SHA256
73469f0e34dec4a43191d870fbc3e6e2e04bab92f74f6283df1eda472bcca8aa

SHA512
f2ddf645f08a0c34d9c6d0bdf94bfb6f106c48a647aa87bf8a59679520395d58a93ab497dade0918f1ab097a86babdef40d2021c6dfb26160ee768de8a0b9c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
0422794d5226d83f54f0dad751001e27

SHA1
2d2bfa2e148f7f0bd3da01626f779e82db4eb1e5

SHA256
5c4e99f263e3d526f3b8423e01315564bd01d7877de5ab1d131536135f5114b2

SHA512
79a7426b8648cdd0232cedadfe89017ad919ebdd06b2eee60d5c3cace31d15589e74e10b556bf22671b6936e61ce5955e8d49f6ff127a69bbb2154e5a7825ff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
7e2f543ca3087f6abbe6973b515533cb

SHA1
4f7271f1027175bc33611592028817c2b9a71772

SHA256
238ea2767da6001fab8888a6c3107b54566fac8ee9c9741a3c9551dd79335c72

SHA512
df479dc6df72fab7d51dddb0d6fec1e7f813110d6e8e9f02538958cd9546b834e0eb1d03c4ef4a6a22d7e19b5e02a70b21fa1cd5a8b9ccbf84ab501cfbab7909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
bbe57e4c90719e14e7761be3cd5931d8

SHA1
c86e6248fe314d615550187bb85f7ec6025a3fc1

SHA256
495f9f769a4ab95b7abcd305c9ae24a259bc2879512900b4c3331ebf8a7bad4f

SHA512
6931c5e60898aed7d24a39450fa691ed9d7df6477b6a424bd98c3e12dad8dcf6877669506a09a06b0cc1893e9273593409dd0bb41f4a6e91c229913282d7e0c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
6a76e2c871bb192216c3fe91b7f577a3

SHA1
fecdaaafe358f5b51c703abae712a096e07d0758

SHA256
9e21327c30b4c5e33bbdf62bfd106ff7d83eaddb18d9b4f63bb151aac51b4908

SHA512
47345ec1f7d45960801ffa9a4c03e88ffe3fd91a7c0912aed391b2fe1954c75499a23b402e5fe34a5d37e09dec7cb78b6b64d1c9407b342caf5d7128091ffeec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
edc8236a1470fae93e40d2c7f8f689ea

SHA1
c4722c5d698d035c1a91f2c49f5cc530c2a11a4a

SHA256
223519f154e96922d8339b16619e0ee91f489efd6030061282b6801a855c29cc

SHA512
0e77180ce62ae33fd4c1dfaee51842c64074971fad37d531243973461f14fbb8d8c6245e222fdb0c7cb1435a3e0d43996eec70f519eee3e2bea8508ec4171786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a284e76ad87ed52955180823ab3e869f

SHA1
56edb37a1c7274161375ecf7bbd8810598c8e1db

SHA256
b5986412e905b812f5fb4c009fe5eab4b5ff8c34c79e366b67e768351d751477

SHA512
39d522672d32ffd4ec087f715e9cb3b43e0b1d7cb405907a588dfee88eac43007fe21085c4f72115ce9ae04b7cd65c9c0eb6e54ae4a2e588bc65c550f453df3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
986ecfc309d2d2a7a8865fefe5d21c40

SHA1
10953eab4073cb7680ad4ee83d182c40761580f8

SHA256
915ab36c78b54b73ce06e1c5650280afa266b9dc7e533568dede03770028f29c

SHA512
d80b19c48a54c0977c07f5c17a6c6b3656d430bf5c6ef013c2f91ceffe2887b58076bd0fc6d459155df2b7e7371e1e35dfee2e1d388d90c5d7b03a68657dcfa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68c43a7587bbc0d3b8332483f9924ae8

SHA1
b8e061a202f5791fd3d91efbe3d6c79238b2224d

SHA256
d1f8465ed8c1e6e8df0adcc88019057b48692b802591a9dc4529e4e54849d5f2

SHA512
89218b5c4033de08a9ff160be8ce652fb8dccb4282d95eb993c11513a9fcb91dbf71a4f7d3bcf10db8ff90f443f710dc0e320371e0b43365ee0ff0436240524f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6cc80f11c097233eab6778f723f4dc8

SHA1
ed0c4267688816d7b99d9fd89aa575c968cbc92d

SHA256
218de81ca7c44ed97c11573632edc46848948994418fef689e4a3631acffc4d0

SHA512
1f1fabf1e7e608a0453837ab9aa1eda9c645cf57fad6e6b67148d8fd61bbef81ea48cf78a3cc2b5d9116c3783e9bcd1d83ff4c6e064183bde8a0780ee74f2472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
db6da61d183d579a4648db3f11acd73d

SHA1
5bab1184cf8e107342482547d2c31bf94ebadbb1

SHA256
c41faf07aea944c2928e044b685fa1405ad80cdace2ddecaa6d16b9b13b5d12d

SHA512
990770a5cb8ff19992494370496e93bd3ec02c631dab81e480f1df2f844f4ab3bec550b4a843db23ddcc2f8dc5ec0e1f6f8e08b6cfcffebc476a2229aaa89a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e70.TMP

Filesize
539B

MD5
f8107fc4612f189820577cfe14da76b1

SHA1
315051311109e6f5c6cf268e64c43fe2f3eb153e

SHA256
163bcee3b54143a14013ae8012f1dc047e082d9cdb8c1158fde6f077c2307c2b

SHA512
e997bd0b63ec7b714d4ee5c8bb37f82d0e2ca6a55bd11d668ad78916ad05633d64178547926dfff4e20c4d253938854575ad7da659fe230f3cb9bb8e421479e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c18e3d07-34e1-4831-a02d-fd5a90614a82.tmp

Filesize
7KB

MD5
16a6d999d3144e405042442680ae2cff

SHA1
5e53aa83334aef9d03d74431098783c12d3be89c

SHA256
b57dbb18dd7bad201efdc38766ade82e8e91a1151e275234731335f51739d77a

SHA512
ae152f01f4ed091e6c9c9b904f8700e7c98b877743a78e7ed27ac99f792c5cc967b5dd7abb9db2277153e51c358125ca2917c16314f89a87c6697b015b51ff49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b67e5a1ce26255d25ade527aadcc1f2b

SHA1
705ed9a36fa0f38f86db4ba3ab4c86f6f1370332

SHA256
b373e0f8502ae95dcd8510a9b6d9c15f4d7977f05adc2843634f5d60332656bd

SHA512
7016d85dfbe608d3956d53ee6d44c53e304520ddbe16af95ef5fdd5bc5f9521f64e87b9248db95cd544ba48e12ee4bbcda1d7b2a1b8525f5809d4bc1ac10e4f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a23bbf28b53b0d6ecb4e8e458d357758

SHA1
8f4eb6396ec0e711c5303e211574d45254502ed2

SHA256
36f672b51ba9a8924e1cc107fa7d6ad0938ad7457867f690ad2dc601cf5d3bc8

SHA512
b15ecf135355637f3081f792a8c7f97a4b692b742e2880b873202852f6366029a97b218e43e8f62691771ac32ff12bed6668d95e38ba3b499a3c2ddad5d642eb

Download Submit
\??\pipe\LOCAL\crashpad_3680_UVARWDYXUWGRDINN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit