hxxps://steamcommunity[.]com/app/2972800

Analysis

max time kernel
454s
max time network
460s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-10-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunity.com/app/2972800

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
5068	msedge.exe
5068	msedge.exe
5076	msedge.exe
5076	msedge.exe
2916	identity_helper.exe
2916	identity_helper.exe
1984	msedge.exe
1984	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 3760 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 3760 AUDIODG.EXE

description	pid	process
Token: 33	3760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3760	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5076 wrote to memory of 3872	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3872	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4116	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5068	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5068	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 3404	5076	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcommunity.com/app/2972800
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb11233cb8,0x7ffb11233cc8,0x7ffb11233cd8
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
2⤵
PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
2⤵
PID:3404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
2⤵
PID:2100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
2⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
2⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
2⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6232 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
2⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
2⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
2⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
2⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2660 /prefetch:8
2⤵
PID:2484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14058776518344335501,16399393201371430094,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2500 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3760

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
1.7MB

MD5
d1895a5317927c903fc6db86439aa7c1

SHA1
ae8bf82490d692e0a56039d7d2c8c4b1643174d2

SHA256
9f6a13bcba30e79854b62ca703a248b2f140380a456e1e8c2d49ba28960722d9

SHA512
59be1e874d8219fe05326f1f6cc40e706a82a1231b16104a69b7969c80f00ff4b0a000ac73cc866fbf3bf954214db7a2ece980b7189e433d7860b845260e0dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f6

Filesize
101KB

MD5
fe1ab03939fd9f936c4dc0a3c527daec

SHA1
673a066f833a3d16f4568ab99df513f8dfb74fd1

SHA256
720326683338028fa675bcbe49421ddc41b19a2bf9c52a3893c3d769a2c2b89c

SHA512
60581cc2c2ed01553fa0264eeecfa2e6148915877f18d6a6eb08c9d7941083d9809e812c7294f57789faaa4ec677c0333c19a74f6cc6bac0a00ababd3cf2ae9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

Filesize
99KB

MD5
a529264b6aaf2df63c62a302300bafc3

SHA1
c1d26fda9572dc0601a6b0fed78494ef7fa1d615

SHA256
c35478a2bb28b5f0516999378d80414706b34caa9d54b59a1e489abd5e84f943

SHA512
c442dee1b4380db697140e3dba25bc4178afe04a53c6eaf2bafab0c9e05219029fec17a4cf489cfdca2bb54c4d59e2877fb7e0f8426b2e06551d0ddfc78a47cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f9

Filesize
87KB

MD5
709fdccdf23babf6555d426c4af3eea8

SHA1
4db0abe57002fe3fb239dd28e1135dde3df6a846

SHA256
42eba684db633b177b8e0a52f220e0f57759684ad3da79034f3222a18cbb308f

SHA512
2e5ad588eb3d060dadcff6130f0347d00ac2039438f4c75c15d837ba9c8730e34f73ac02b1feb0a62fe9c8057c2f1bbfef891e8772c55aa86cbc06243e8c0f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fa

Filesize
91KB

MD5
16bbccf3ddfdf8cfd5d20919b7d817e5

SHA1
bb7af4bd4f76ddc695a4592c96e8fab421fc4f7a

SHA256
3ac139d229c4018f50524daec5ff30ec86a449b88f3a2dc32fac3fbdccdb43f1

SHA512
a4451a0ec52e391938e50771229e85e7a51683f3725730293f62a508eed7c5b4957989800747e218a1490309573a2fbb416d3a5d514330b1527e87ed585e66a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fb

Filesize
92KB

MD5
106b5b51e341286c2936113a781e2f06

SHA1
38ce485e3e45761ca237e0e488144c608c7cb05a

SHA256
f3915dcfe41ba9ab63480cbfd581f9f4f3f903206038741fd277e7f97eea28ff

SHA512
7f5a165fe4cfdb67615d5917d21a16fec0e5a5adb2f4f764aa435ec68fba09d4e141225abdc0bf4d8429d90e53a0ac8ac4d04f3efaf538f7670a20a78c183e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fc

Filesize
91KB

MD5
6191e1312ae6c8511d5261791c8649d2

SHA1
bacbdbf014b0ff845d4ff1145223aa7f498ec701

SHA256
f10f921fc24d31fdd2fe086f93d066d3b765470fb0cb59c5e389619540993db4

SHA512
35ae3a52ca8a5079cedbb9c29e5f64ac93aa04266e59b8cd4ad87c45d3b42aa8427b22f7c0648cc765e23e5d58b9a4b153b47020c0466c0486cf31755687661d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fd

Filesize
85KB

MD5
1cccb409092987b2a81fd895ad09074c

SHA1
ae1a411c604515a8af95dad7c72bdc534debb275

SHA256
86f3ab4e0ab5a2f7021ce6565899177e26a54a38e286a398961db5df33159b9c

SHA512
9ad72d7cd46d315ac67344bf2cc8041e9197d25f492c5ebc45766d09f96c5afbd74c5fa2e654d3961e8ac03e4ca71bc48ef974c9888ab0ed053e700e894b58dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fe

Filesize
90KB

MD5
660d39ae8be9b8631b3d3fa4c5e58998

SHA1
eeef4bbae0b8dec63b57b0a04b8b4ec6e43a8368

SHA256
9b430fa47c8364cb9b3f8891e27166f97dd7bc5cb4c1b98aa0be4c5d763e2f81

SHA512
c9f167dab6b342f889847631f2e44c8a0fb2b8932c52ce019450255d40f914be1d5dceb5d956aa5f38375c7abb170fd826af2d2cc3ba7c7200d74a0ec4c4c1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3d93916163cdb92a9561de43af325ddb

SHA1
895e82f2639a4ac027d2b431e0bf30c46c1ecc05

SHA256
c9425aa46842087beb8a52f14d2a66a5fc3d94aaa345fe2325d9be833fb1ea92

SHA512
7cdefadd86cdd7e8de4938597c9adf29a822d902f5659f62efcb114bca4815c53b737cff45f87381c61c10da4287bc493f8181af8e3c887d0c5bde565e4f0113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
13ff4c74ece3f407ef06aa2287785fab

SHA1
1e0797aee94b68174243cdd61a407b17290ecd28

SHA256
1d880c5808ccaf5bb24fa48e02711922d86d9387b38be9862f6a3fd8f508a931

SHA512
608135ac54e9f3004700fbced41c53a6bcf38f2c9306c712afd2171d79efa254cece51c15b5bc32908e0a4f9f9ed48f8f066ab1eb3d75bfc094373b4e0948262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_html-classic.itch.zone_0.indexeddb.blob\1\00\10

Filesize
512KB

MD5
ea28c6557f79afbcf35f4af7ca991230

SHA1
5f986a27f8401fef34365be7cf778c5d344f5a73

SHA256
46756ab3b0e497b2b52b79616acab0f74d12d84ce057767ed9c5ef0b4795007a

SHA512
ca0d18ef1ec64f7d4402ca0926d69753bc942b11309af41f966b4bbceeffb11072a0308dd8ceac6cd7cd625eb1c5a97810be8d1cc9a9587e36f70cf8e64065d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_html-classic.itch.zone_0.indexeddb.blob\1\00\1b

Filesize
341KB

MD5
58fed6c7b09c7df1dbeddd8ca683c1cb

SHA1
0f18fa200ab4cd9583664c836885def28aae8ecd

SHA256
101d9596a3399ed475b5bbd0ed537fa9c375d1ab70777390e1e257498f757a4d

SHA512
e85721370ac15365df6ac7a535bc19f11fdea45ba03c470a344cdb648d04b1c96d2103b5646b5500d289e698f0a624e7a8b2cb5eb58483f12f7f55c52a823b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_html-classic.itch.zone_0.indexeddb.blob\1\00\28

Filesize
512KB

MD5
8567c1d5f1c7aac2c58805859878ca8f

SHA1
1c480aa905d1f192a1bb2cb0851bb79665a95934

SHA256
22f80926e7132a0ada8a4731385751d8939cc88f678012b4c82f9dc7be23d742

SHA512
42fca64b95b7a0c3cd2a5240f9bb015e2964e820f373fc2373c9ea8e08bd69038d9bf3966a3289d0abdc01d5951e7144403f0bd784cae951a265294e20f5f4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_html-classic.itch.zone_0.indexeddb.blob\1\00\8

Filesize
341KB

MD5
05edfededb7c6b53227e9ca9b33c5323

SHA1
436a3a96111c8cf5bd59b2b0d37d45d60c8d7635

SHA256
942d87814a85e3904d8000f7fd0cbada79019b479cb637653b487e93000e739a

SHA512
2ee67b7f8ed765750e26f56653a83ce64e5228e9cca49e5e55c075030d5f82959d397a5075375e93b6556e5a912d4721377623de7fb88494a15e730c9b6933cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_html-classic.itch.zone_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e079706ec1084c5dd7f90a3574ccd976

SHA1
08aa7852cd4af0a9be5977ef5f666740f01248a0

SHA256
59f731bb30b8dd8bc8d966a83325cff91f382f0bbd285424206a719e8e87f831

SHA512
b409a4f6a9bbe4090a675325c1ada04ae7e80c016ffaf79f3fae00f0a521c20fc1ce5c39a2b7a1cba4f12d009e88fe686e723c06137f00a159322ee9d1664b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
052624d3c42ed6fe70ec6a234b7675e1

SHA1
1d8e4ada3842d74659677e92b03442b809eb6b5a

SHA256
791b56c8371f88ac04832cc5e7700d895badbdf61ac88759ba9cde16b0becde9

SHA512
dacb6eb701fc14e23143788026f4604ef26f097e743a6c0819281a9b7b3eb2d07b2e02ba903418e3fe32eff8d8ce97cbb13f2cfb75d6affc2769140319aaffcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0959e4dc32a8567b72c4abecf4bf7aba

SHA1
228ed188a734e1baf25adfba8d1e737858635971

SHA256
0cb45e95b36bd14a8eae4b337e2b9fe4735975c202993d821c127e50a32f4c64

SHA512
c305a1aad70686d5975e7bc8d46185c9659cef2ae4b5a7121e48a22c1bdf61a8cc0ea2fa3d57dd99bd8119c7cf414189419c25f3e83e96d8c48c7b58d6416dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dd4002d5ef7bb21e215848c66efc3296

SHA1
6fb092286a8c9236cdf20882cf6654d90be9b866

SHA256
821c80283236c5bf4518aa8c828c4ccad67ba04d3068ca001f23ab89a3586e73

SHA512
ddab327d2dbb0ff20c067e73734a3a1e40cd31e5a74ce2e8a2a900fedb1406d14c6793c416ddc20dc39da85a0c97eeee135f104f2e6858a9d986c0513548a6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1acfeba94010423e2ee98bd7ce0db510

SHA1
4ace5c9ed175897b2abc7e3c3c95f86c5aba283d

SHA256
a6bfe57cd48d588373f1a5e840af0860e467ed88b01c46a4055ab01f2a81afe9

SHA512
de39aa5a824a34d705e5f70413eaee89f1562c1291f160b59d9c223cf1555959b73940fe7c36ceb20dbb6c09371c2aaf66f6dd65c6ad97b64436679dea964dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59d3fa9570844fad282a909ac4bb2edd

SHA1
2db4460c8ea40430467125240f008eefeef42e80

SHA256
434b8204bb079c01e02b4de64e302c67f2856a71bdb0cbb7fea3e89aed6a6059

SHA512
18636e88e712e9cb48d493edcddfa7fdfd091c6a4b06abba66f79d6e1e69ad08351ced9e25be8be9fba24203cc52f4f9cd65bbbfd77b1ed6fd5a836f25c73319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
493e96001e4067c923b30f255696eb2e

SHA1
65dab7c485b1c6a926f7ad6d121354952d0bf533

SHA256
435cfdd31df47570942248712e02e1e2458b23376eebdd2327d7961c01ce2944

SHA512
6d18fde805e73ff8b3145a8c157e49a75afc28f8a9ddea90b1ac9dbc12cd7c029a3fdceb94dee8e84f602f8614ab4e1a93fbabada83704df0f695806b367e4f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cc944795eed00d80b63bd88f58ba964

SHA1
21850b8f6e22e48230ed1d75212fc25ad1373b98

SHA256
fad5d33d929b5b3d7a7a0c6f198017b801d0253e32c3fdbe4807a8227259159f

SHA512
7f83849b65ced1b3d0ef10125bd82d81eb066def4a41e7aac5bf9f41a96a178f1f765085963b2a716b0f421673098205b8bbef4dd94752fd93f917ecbf3c47e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9dc8a1b218e0ce1eaa5a76a4da694211

SHA1
cd8b6ae173b0c375a6b8556345c2cef7a4172a40

SHA256
11e9283d1b699a29784852eaa6ebba256c45db2223d5124cea7606b0ebc329c7

SHA512
4c00dc4b28e667962633b3099396a20a7845f39fbd7fb1c0025b1bb9dab81ecc1826027ecf462758f4ad8236e4d9b1164c281025c2f9d232470554d731b4ab62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c457bddeae7bad07b40f833826d08fbf

SHA1
2bfadacedc038ea1e7cff55f9dc323bd1e8f9954

SHA256
5036a14a3474de61b480855b74443918e4c192626feb5b90f3429fd62b1a53f9

SHA512
57ed56027389e7b41f95691f391b9e5e3fd7f04b2b161965281272c9b828968e05607ddf37ad49cf6880a2792b64550de93e86f6a91b7a71013eb855fe7bb5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a6b34092098ade504def65af1781786

SHA1
1bd2cd193809e9ad357bcd6ff9932aa2432536a8

SHA256
fbdb6cc7c02ac291e18e5e5cd239ce4bb8c99305c0e8b5df0c67f0a43f28d92e

SHA512
1ec4824104b482b7eab2650db529fd7fa02065f359451c380e88c4fb51cf7e98b00440ad09214c0407bcf738a178e0d4e2494849ed6fcd976c29a0ecf623e9b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a6a33c36f9ae5ef29cc45fd7c88e6a0c73e1c12f\index.txt

Filesize
96B

MD5
ebc12744ba2dee7c212f9dd527426794

SHA1
663acfdf4cfb6f8175c5f3b633582037b8e6b2a7

SHA256
e63c0a6decf166e20d7edd652650a6ab7f1f386810a92a1355283a4442c3768c

SHA512
eb588a558625389ba7c0a28eefd7392614f93ea0d830dfda243464023c1acbd73f20156852ccd7460e3ce8d63ed39672c7efdae89e41d48853baf128044d805f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a6a33c36f9ae5ef29cc45fd7c88e6a0c73e1c12f\index.txt

Filesize
89B

MD5
0555b6c0735cb612eeebf95fb77bcea5

SHA1
e97be6333ea386bb5487e410d94b76fe0d10acd6

SHA256
66114924c6dd26643dfc2148c4aed9376f0cda5457781856c77dfb5c480d18a6

SHA512
d4edbf55c435348cd2ff3fdf7fc981683107c186b97cdf4a64c2868010fe9eeae888e4bd26059238d11b0be2c14a86e8ef5bb1353e38536bbdca31eee3985ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
67b963bea07489717eee8ce318ef03e5

SHA1
f73f80c6808c84a22e1e29b704ec2b8491774c5a

SHA256
bd08d90b584e94ae1db0dbb312266f5ee57272220d7704b9c67e126d5e9f3929

SHA512
2bdae82540bc45ec0c2767f3701988a8476dcfbc5b47954cb1b55ab2d784c97d0484b6e1c8cb6c4a0f243e4d0d508769375a51c982d7a62dee26d24a3da9a9b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584c66.TMP

Filesize
48B

MD5
50fcbca2091a1458a1336a203f75a160

SHA1
966c67c92f1fb2248fb3da95a790ddc710f05816

SHA256
bc4a6427b1cc03a35d927203334421404b1c72457e9af28b93d780397cf1d779

SHA512
ab391435eeae9b626fe05a116c95b7ad54eefae7831bce1ac704805a28ed4e8c9f24245989bddc07624dcd93cd23d779561bfc483269b81a52ab76d9e202d518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69b3776b1c5add58d509feb6f4635e58

SHA1
af6c85cd79b1bbd33a6ce99a8104f9ad6c183b66

SHA256
2b1983d081bf243c3b4cb17caaee9716b0ea921b4093090b277fe32b518f6f48

SHA512
6cf64460875829abe91cc0c8c13d57cf39211dbf4b620e8207e13723c5728262536bee6ae49dfad51968e7110541e678c6d0bd86bc3cbed43f6d2f1386d9a113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea41.TMP

Filesize
539B

MD5
2c3d73488c4e1197b2f91cd2babde9f8

SHA1
debcb34d4f87254712d5b36ed7d6a73e0fe57c06

SHA256
20fd5f189770611d339ec7ee2f1de9c6856851a6e34d11dbb5aaf88ccd34b05b

SHA512
4de87aed38a76dabaa4045bad0d42c746737cf8aaafbbdb3f4352a320a722f4efc27d55f0f65e845a09de50806573e861f4a489aa7d305e813885972593dc760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13e86072573c45717a63d16c45993767

SHA1
931030a632e89e8d76d16079601dfbc1cf02aa5d

SHA256
bf1941b6ba6bb9f7097985e3c4e2723b0a2dc5762a5994b5dbe94d2986b8a629

SHA512
08bda5381453cdb5be44e3bc7f440eef77f232a8358ff1c112c8baf24ee432c910d3fc98f38a378ef30d84793fa2aa43bf4cd2dac5d8707df28be5556ec25591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3125178ffb3062c619947e404aad75fb

SHA1
0334e697415bf58bff4fa24eeaa93eefb5136b04

SHA256
2c3e9dad6886ab4069e534a722acbb7c3ec92b1540aeab72a24dc5b5cfc1d7f6

SHA512
37f0ec1efce283d1bc5fa2c0e977605a4f3d1ba8830260f8cb694a2ef2f43099dc38895148649ce0a2dbb65f85760314f1da986de045a4b13e6933fde5aaecad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8b6715e48c321f819115b030061410da

SHA1
51fe685b3ee36f920e92cff5f417d9a0b60428ca

SHA256
3f67409486bba7b6db40bb8222ede76b0bb2d07b66e265bd67968453473aa4a7

SHA512
106831aa500010293e57c42b56a3436f4eb3d55cada446fe2fe11a81ab8c10552aafb6ea9ef13ab6c3de9c6448d2dc01ef15e655aba1bc3334393033f1c2cac3

Download Submit
\??\pipe\LOCAL\crashpad_5076_JNFWDPOPXNTILLLE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit