hxxps://www[.]steamcommunmutly[.]com/gift/activation=Dor5Fhnm2w

Analysis

max time kernel
1143s
max time network
1145s
platform
windows11-21h2_x64
resource
win11-20241007-fr
resource tags

arch:x64arch:x86image:win11-20241007-frlocale:fr-fros:windows11-21h2-x64systemwindows
submitted
15-12-2024 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.steamcommunmutly.com/gift/activation=Dor5Fhnm2w

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133787669930806180"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
5020	msedge.exe
5020	msedge.exe
1600	identity_helper.exe
1600	identity_helper.exe
4932	msedge.exe
4932	msedge.exe
1680	chrome.exe
1680	chrome.exe
6056	msedge.exe
6056	msedge.exe
6056	msedge.exe
6056	msedge.exe

Suspicious behavior: LoadsDriver 14 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
680	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1856	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 4904	5020	msedge.exe	77
PID 5020 wrote to memory of 4904	5020	msedge.exe	77
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 3824	5020	msedge.exe	78
PID 5020 wrote to memory of 1904	5020	msedge.exe	79
PID 5020 wrote to memory of 1904	5020	msedge.exe	79
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80
PID 5020 wrote to memory of 2504	5020	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.steamcommunmutly.com/gift/activation=Dor5Fhnm2w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc13c03cb8,0x7ffc13c03cc8,0x7ffc13c03cd8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --service-sandbox-type=collections --mojo-platform-channel-handle=4208 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1152 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17647089488915876901,7197984440992203204,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2256

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:796

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:952

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc020dcc40,0x7ffc020dcc4c,0x7ffc020dcc58
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,5208552644356587525,1161046578548433931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,5208552644356587525,1161046578548433931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:3
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,5208552644356587525,1161046578548433931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5208552644356587525,1161046578548433931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,5208552644356587525,1161046578548433931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3092,i,5208552644356587525,1161046578548433931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,5208552644356587525,1161046578548433931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:5200
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6d4494698,0x7ff6d44946a4,0x7ff6d44946b0
    3⤵
    - Drops file in Windows directory
    PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,5208552644356587525,1161046578548433931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4784,i,5208552644356587525,1161046578548433931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4600,i,5208552644356587525,1161046578548433931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:5460

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\92dfdfa8-3da4-4976-bcb7-80653a077a22.tmp

Filesize
231KB

MD5
36a510f15a2d7d8425708dc638db663c

SHA1
7d79e02b45b96ead6c410becd9fe8ca4b79335c2

SHA256
93fe1e37fe065943cfa3b8d7468595dc330123d4ba2a3dcff326f0f5bff4102f

SHA512
0073e4aed597849e8096b83d6c283b09af6ecff7b94f1b497d9e707631cd86a3d94fd8828e3852b880e5cd92a735fba20807633ff2ed9dda078732b1810bb5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
920c5077602c3db248a7b466ff81ebb2

SHA1
b0fd8aaa365cbc5d4ca5b38bda60cad9f79a67c1

SHA256
48b4d0287ee27681366a5bf80372c9dda6886121250ebb87bc9202d02b765549

SHA512
518dc8da4693598e67d58e5260fb5ca3d4ec9d8b7d085270135b4aacb02642587601e7415a6906031794e80649606ab733e471ba962034b94fa25e656895cea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
94575b112f2c45e284d5a0ddacdcf5a1

SHA1
7ecc124f5e272d38d8594bfec6a2ef432d4b0655

SHA256
904cb4d31eff51e0abb17cfb6c55efbaf2a9edc4d21b192dbcb938e3653a7bb7

SHA512
c8131467b795946808e74b5b2a2ca23bd17d3d63bdde67ebe1fdabcc93ceb0047acc1d2dc59eb553994f249cf7abfbdd53283540f475778b6cdd9c1f92515ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cb5062bb33071373b60f59f5e5dab868

SHA1
e75094b591849e2fdf77540d6c58295a2fbd8f6c

SHA256
3828a37b4c5209e9e35a546178325a09c30cf392a9adbdb96c82344a7bd50bb7

SHA512
92b85d4d452d538fb4fdb1e1e6933d34ec150c081a06b3f5ce1ba59429e27346e10f4c52d29ebe538d7f1582cca62c112dfe7fc11271e0a16c320be192685387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2c917a059a05a9d713ed523130e07f07

SHA1
c15c4aa771d383ea5c439da164aef66967120964

SHA256
d72423392d613aa3c16aabe27b3181ef5a9c0e681ddfac1771235fa4434eb1c3

SHA512
e5be9040b803786e65d5c7f24a243839006356f416d3deccf641523df102bdab36cd5ce2a44fb2a155c025ec5e257ceb0c2a3b08bb525421127c1995641b7e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
80be2d9b0bbbc3206b7fbf24f6d122b8

SHA1
b232ca7913f429bac5f3fceed1bb3a0a92e3723d

SHA256
769d447e87f57d85e6a1363e11f4007cfbd6d6e2ee479e087df24fbbb5c94e84

SHA512
bee2e885479b91b3167dc61fc485a2f0902829628f30223c2eed6599e522d8e3d9f7bddc6b7ac2718e10b1df8629e92d3312e2c49d37a25cb0589f4f16621986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f320e73fca99b3649ad7422bb5815601

SHA1
a8f901d48ed5b8d482bd5f98dbc0e8d63ca9461c

SHA256
fe8496318edeedffac5d4f4d03f6b26800712d7e767556567fbd5b477359a8d0

SHA512
696547519802dff48aefbbcf9958140d1d84ba7e85f32594450d5ba9c065f936e8ee7a64cff3a80e528d1f2447dcfcc8c88fd73313080537451ae20d04efcda8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea5dd681e386a8771b78f54db2b3e547

SHA1
b5f4dab04e793ab4ed5af6f4a4d26cc49b765b37

SHA256
8f2dc07e9f5ddc8b1f5c8726889e939fe1a986d2f1491f4d2f2db7278af2f8fc

SHA512
933b39fd162843cc24262a42d90af47109a788ac775e1f77befe93f1b193d30486a1d2a6366e0f4ad88583721a936e7014cc86e4c5c13adb082b51e5b9fc5980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8dc0f70d19ef178d0634ac2e983aa91d

SHA1
98eb285a26c9a929bd4d8161a2359e422c3fca2b

SHA256
8be7c4f547ba1e590021a24cd75c8f0c207b85a056ee5a4e7b4341b2b25a69b5

SHA512
ac965926896ebdc8d04b35250146d41ad99752c3bb88a390c7a859b3310c844249f0e8e4765f1db2eaab0f8a2a1b76c50c5181f1bdd97730bd4a10afa4e86632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
299633d3caacf092a2720de050c0922d

SHA1
f21201355ac83a644e404e1090616258198e87a4

SHA256
03bf1548a5c15e2c623d738df8932a7cf684731cd9dbca80404f03ffdd67fc07

SHA512
acd2d180a7e5297fcd22f564b8bf6526a6bb97c52a2a5c93327a86daf61b70e28a8ceb1797387cd86eb64063b23ea78e24ee41f8d35369f8db42555b1f1fb8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
4542d9a84f9258225fff7a26ed428f61

SHA1
7e35e58e5a8bf7e0b9cbc2fbe7a45f9c08eb03d3

SHA256
fe244e16b1e7bc0379da0f33d3a74bc88dde2d7c44173cce184efd084a073423

SHA512
3080536aa2b7277dee6dd107ecc32e2a631429dee0e99ec95773d11926876f8c1e0ca9c3ab38feb93171c5b474125d3db7bdedf840565519f3af743d2254d777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
321bd383412fd1a25d00202944e3dec6

SHA1
a0373c7008ce116da0809137c37df3e412e9af16

SHA256
66f11661b378c593b847461814efdfdf4e247016425106bab26380e35309696e

SHA512
366f04393902cfe0717682ca85a59cb9a34048149476171b4603d1ffca1ef7214b1d449eddc2c2c197e9d6f336817e7b906f4c7c3e870de06625d0d02b6490af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
c714511a717424170de37ba3494f98db

SHA1
aba35550b0f41de46972c80f7fb21cd9ca217b83

SHA256
f5a428124cfeeb7073ae966eb8c9ffd228528698276fe6c8c1a44ef02923badd

SHA512
4cdcf7b69366fae6c11df15594627231c2052edf5e64b2346b1c2269bf47aa539015d94109eac62650bb535330e04984eabc9147c7aa7277fffa9e07681a1092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
777B

MD5
8cc8199713a8bc3a0b2e59cd98483176

SHA1
22d078ce06546c8441d5ef32752d3ad4a2310877

SHA256
2a206e2179f7b2f6f5f1c46b54f6f08405c49a773032aea960d0c090c5e5738b

SHA512
02b702655aa351c4268b40ee695ede18a57862e19d788a479de017a42282611a7476b952a506e61072829ae6b28cb878c9df31ca56f12529ad976f4123805670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
328fdb64811d526e5ddb942586bb5a4b

SHA1
8762626fb7ff1635d9e5c81878a17c4c46c8cccf

SHA256
de33cdac48b00657a2d7a5be55d53cadc8887ab7017fbb3f6be132348daf6a0f

SHA512
671f1a3ca939c5a0bfa2fdfbbdf81bbf8499cb371183c25750dfbb7334c73935c824c4948dc9905c1cca7e0a82dd25d7838d003e7d736cd843049fa1a196a5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35d34612b38f69280390c3cbdaf92ff6

SHA1
d75e38f539937b0279f8f714ea193b547123fcbd

SHA256
e12da17d4e2120e85bc6f3594b2df22faf77767bf63941389ef6dc0a84570d19

SHA512
fb90c694d0f184ffb2cf011029c74f95e4cc10738209b5a382655a37082ffbc9d29a6319322381bed2c00f1cbd3b2334227b3d025d8e9c92b1becb7298394c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
774dd9c8aa4ad32181d4943d7faf6c31

SHA1
57bfe3aec365d2426b24508dbb94cf9b63b11b1f

SHA256
d282062eb2a70b6eefccd2e8ed144ee3a5031435c3aa82de6e4a3d00aaff33f4

SHA512
2c20a6e2abb3a91a385e9c1754f2a0d3a911c74618aee1d1328d383d702c08f57fb44a81211703c9c8c5d902013daf116088d0677598a9485a66d025fb93818c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e731605d42829b6d6724ce4260b20bb

SHA1
fe3b352f88bd793d31e2b3a8cccc0a923a479b43

SHA256
a822d68059e9aca947ff54af6da37f9d1bc44d14690ba1e7c9f9db449d7cf068

SHA512
c2ef4e1f98da3f18b95e01b4e54f3d945da78e824fdca4c300fe3a6fe728f27e529036bdb271b34f3c1f12530a9ce868b9dd9c28410df3663765456513f05adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b983174934597ddfb8be9547d68ee2b4

SHA1
ebdfe14bab8d65fdc0306f44e096c73d10adfe96

SHA256
7014d925ad3ffb97a998d95f55a97736e363f7bf00dc938814df3cb60bc5d4e2

SHA512
5424164e7cebd775c34f7cbfab0bf0053ea228c3eac6bf97e4e54d0f2d63607eb63a0e1f8607b11d55b91e60533c354f2d6bfa4bc31b48f63debde33d5fff404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c8f4755d41e76b77d4f5a8f542c63b0

SHA1
8416ed8d74fc65228cf8e424af1b24e79a93087f

SHA256
cfc1b49654b241692d6e21d56c39c31d307208dd22b41d76b0ad25887405ea25

SHA512
ab8459447bbb57469f4a31e50e164abc4b693ad9e3e89387a8685c02c5b81b5a9f22e5d930087e98e4fd858e3a41b36e153c8d1a75ed1108a0bad0c18ccabcd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
8587bdf1b83bed4d21fa47b9e03f2ca0

SHA1
f93c80b2710c7383d537d317a8d0e5afc39774f5

SHA256
edef8a2a9c2ef5e9e9fce3de903f287f544bfeb0e53457a2ebeb75fa50b177fe

SHA512
f6f45b6646103c0cc6a7a97504435ed48ab81f262735a7e3a085d4ba24a2f34f160ee44eb76d2df069e731edc822e46f7963fd4fa276571dd82fabea9a3a23ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a03ca.TMP

Filesize
540B

MD5
c0ea75f67e1d602583863e883be0db8b

SHA1
9fa38183f92e85ad791540803f7119f1e505d3c6

SHA256
20cf4796ac6fc6c3da22f4969c601deac3097120f6f97ed7136a431766b82660

SHA512
c8687b74387bbdc0c66f90f796ef2e0eca8974311b9f801d744f855b15de974c0082022b138a7b95c1f0ccf6d4242250e50f9521453d2f88d392d19858c1e9f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
967a7ef69ca9215fcdd89341a2025acd

SHA1
98a9fbe05f88b91635615bdcaeb824583f8afc99

SHA256
5a208cadccb32a5dffb13dcbd2178162dfc82130c96438da323e0c8e30fec509

SHA512
53a218501cbcd7de48b8c7bdfba58abd021903928150a8c7798d7cbf58fe16877873d2739d3c7b8df4923cfb1ed15df8d72a20e8ba49a716d017d4980a4fc3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4ecca40c1e743b44bacfc679000b6e2

SHA1
bdd94e38bb7e5024ea40d57b1421098dd72c0ce6

SHA256
ad5fcfe5584a26d9be3a92bcd5e8500feea2d9ea61060d4d1ad9449f7cc6841c

SHA512
9d43604d332d6647bcb01172be28a1966155f159080dc381a894a7a6e69265332a70ec3e697ee3b0fdb545381528b33fea4d55127fd38c14228bcd1a3ae791e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8bae7724f3986778b0b769a500e7453e

SHA1
b7c9f7b1d7234c026336cc51256f6ae504db32d7

SHA256
7836452b2216a9fd532ff185112489eb151c86fc2979452db06d4d597942a656

SHA512
86daae1bd197fdef845c29542fb0822b610d8ec2f7db03808749b3b8a7c1c092c80f9e53535a23c0692144859c2ab90509320e053d3405b474f09bf202ed0524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e884112b4d5010236494b1484ba0f490

SHA1
eba0e32fb1f0de8ce83d0773335ec7b69d3dc7ba

SHA256
5924d164688bf877309bc5c499249fda0fefa92542418eb7675344838c9c7c83

SHA512
5a483dfeff53fb7f97781f9a3a0f8ae11da2d6a0521310ac995ba52c9c54b4e892392e59895339ac0198800c8f8cf6510f608c9a8992b02bb6717c7f631fbf59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-12-15.209.952.1.aodl

Filesize
706B

MD5
2012befd989f1a063ecf32d4e0b049c8

SHA1
b1bbb36322c10a730a121366362c9184d5750378

SHA256
df217f2f683ceca0b0f4304a316c4428ab962c8b60db21b491d863e89fd81e4b

SHA512
eaff7b4b2770df94b8ce21811934dd7e6a98e1b3914979e4ab7af235cc7bb98990ee08ab823786b89194231a7e14b6c672e08eb8e35c9aaf6390ef9fccbe4b3c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
72817a3800712573342b0f8bb2689952

SHA1
fdcb993be33ba05b89a64082b7135477aa991a4f

SHA256
8e2d5c04bffaacd9df55afaea2a88a50f58c1f19a68c8d1ec436c899d9f24060

SHA512
2dbe78c5ecc40233ca1f4a337aa93766e8b3df035fec4b0acb2b36373e5e492109a6e12443da96a58e70fd59c27ec857a976ec4830a7c540fd0e6bfff62e37ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit