hxxps://steeamcommnity[.]com/utre84/nuber/tres

Resubmissions

17-12-2024 02:49

241217-daz3gsyqhr 10

16-12-2024 20:37

241216-zd9lzszley 10

16-12-2024 19:43

241216-ye7ncaynas 10

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-12-2024 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steeamcommnity.com/utre84/nuber/tres

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133788550833009929"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
680	msedge.exe
680	msedge.exe
2248	identity_helper.exe
2248	identity_helper.exe
4576	chrome.exe
4576	chrome.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 680 wrote to memory of 4432	680	msedge.exe	83
PID 680 wrote to memory of 4432	680	msedge.exe	83
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 608	680	msedge.exe	84
PID 680 wrote to memory of 4996	680	msedge.exe	85
PID 680 wrote to memory of 4996	680	msedge.exe	85
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86
PID 680 wrote to memory of 2292	680	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steeamcommnity.com/utre84/nuber/tres
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd65c846f8,0x7ffd65c84708,0x7ffd65c84718
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1369865509524554067,4154469820217789549,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd61bacc40,0x7ffd61bacc4c,0x7ffd61bacc58
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4604,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4996,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4780,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3172,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4728,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5396,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5532,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5624
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7b4734698,0x7ff7b47346a4,0x7ff7b47346b0
    3⤵
    - Drops file in Program Files directory
    PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5692,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3228,i,3466555639698464500,8007260038809838770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5216

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:64

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\966e7629-381e-4181-8c35-dac258298ba1.tmp

Filesize
116KB

MD5
ba6c2276e6567c0b3690488a048930b8

SHA1
da26d75c3b0c05f748baed6b9b8c7e3c5b80268e

SHA256
f127a0e0b7788de0ffda37bcdeba432ecd401c67d6b9f2d464e80be160877e7b

SHA512
d07b17fb6ca5c3b944ed3346df2180008c3f8c2c8ecce79a9523262ad834d9f9c14bd729d36dd895eeb716d9aa142260b2b6cb865769936e17edc47e9540415b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7ca8fa42-9b17-4965-a7f0-8f1b0742d29a.tmp

Filesize
9KB

MD5
b7d2c2f90f86b4b2b243f392f752c48a

SHA1
d9e3174af0ed78f2c140e8e74763356e5c0bae09

SHA256
9c9510181fe36604ce757dc8636d907a53f70b61d45ea965bc80f994673ac439

SHA512
ca86b944e1e2189b03bcb34122d67c5c2d73b2e769d7fb50749a88c67a9a3a5ae6b0cb863d14a1f7582564f74ebe5a013812af85c46e9d05ab11c5d676b22d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dc3730f83c3377f3816a43a922370d0a

SHA1
b8f7215653330fe8a1ccc8ae708323246693fee8

SHA256
2831d9ff9d04865f4b3d065fa5aa2dee1b764e849550fef3587e257f8b552e6e

SHA512
93177f20fbc5dbb349a28dc20a886a86b24e808564c2496da93c5f831ceff78a8860152678fca83cb5d17259bb99a446a23cda63e7ebe2abd6e5009ffd862d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
b8ff76d1e951518ba700df8de6dd7b6e

SHA1
e6714b948910a2b8774186203c81a39f625d1374

SHA256
1d2191ad41f41acfd2c6a07643471df76161ff0d30e09ed1e34e101e114a335c

SHA512
65f5f81e0afed8f0e993fb7cb425c6b8728f0052b787e001541de754bb596e5b54d193639c5edd5828bf4de4eb43948343d8dc0c5a44de1b21ee7329cc4f5d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
026fb19346929532215f1f1eae31e6b5

SHA1
0e48a5d678fd9c1f0486107b592079d0b964d622

SHA256
e32022f312ed6f85c44fc7fae685521cfec7298b9d59444bf5bea9446006d2b8

SHA512
2af33bfcdb97fb89b367c6389888b257fc6bf0201199532764902add8512d3fbbe61adb1c42190aa243cd8f202f8a025828b79b5a823c7c440546b6ea12250e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
98cdfd578860958a08b9bed5b6a277be

SHA1
94b06e6c48c98eb6a9b91a559923f76368643dae

SHA256
e4b395285c948ba29b201f8e85ed84082240d9b4982ed662cb0959ffbfb6ccb5

SHA512
ec80b7a189677ec815aa4bac86d7dfd6074da35d288e9d1af4e879a5948034d8e18f7e6205c3961488822ebb2157bdf8ec1e03d815f86c68a6a7c616cceb84a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
efcad34525f2cef630c7ae19529574dc

SHA1
addd66831057e7d6837e21792aca7f876c91563d

SHA256
61143e697dc9aaccebf2a609a92086e80b4c979d1139c1e9f3f2e4f9759c1a27

SHA512
4ad6970c2705a696ed546c3b552e594c80255b1f7ee09cda423dde1bebdb85140d880478cd2db14ead6fd893d4d35aa14af53c61ec74042b8f87b3fc73412de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
f8649ad88d867f30f117a3b67134648e

SHA1
12f4a3dee71b37e353b8ce90e1c0b3205b0d8004

SHA256
501c4a7d08ef213b955f77cf5b18e6ba9964f3c1ecd7a59e129f1d60159b9631

SHA512
1775c92d8646a4ad7f08d051b3d2d8bd38353c007480777f7ace017a31fec0534dcc7dddae2bac0130fd2f6b56a9d486f8f1b2d0197e8df71aa4130835483f16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da27edffcafb77dce2e771a288425fdb

SHA1
bbf4ab1ff050b8e525c66078fd05b934d8f0aea3

SHA256
06b825ab0a7cbee317ddb654822467c102f822e0b6e10f1def7b1f3d60b8d84d

SHA512
0cb9bf5e909c14f3d48586e32add447c576ba236537954a9171f0e6fe3d04fa5c3c713df6f1aadf5ce8dc2e4b02867509719e4fa48e6081cc428e331563d5575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f3c74d3a750c9d714b2036406572788b

SHA1
bcd661b6f102351b97942b409cf41abc011b3966

SHA256
0dda812f4885e52d6f8395464dea19579f8fe3705804f3424ab858d28a5a742e

SHA512
b614a7cc6016a9e2009339faaa1565f8e2a7e58d217d923a00f776d5f57310ed7cc730f68733b9f49de5094d3a3b1ea1a1151afecc73a8fb2483022bc459ecfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0caa2c45478eb5ad0b0646885b8ac1e5

SHA1
2de02a19ca24fe12188ff9cc97bde3592e31e3b8

SHA256
ee1d5ce98aec3c4b299cba04727c7f2b0629a8c41f1b8272bba970860ad4f367

SHA512
e2f93feeb2146bf5e0d2dbb97f976ac701660720d0951fe92da5e2294e87671b7fb5218f3117aad507b4fced836bb30635b7dd11b9eed4bb225f6bfea149e8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa6568b79486605be1569d5a47047d56

SHA1
baf35d1d09fe4532670042848bed9250b539da14

SHA256
483df1992b9ba19a143a3a605c73e3756473606960292da20284d3d3a31f2a6e

SHA512
09807f6d24133cd899db1b6c8d62fc0fbbcdb85b10cb49458b734bcd9af1b2bac91fa47c66a344195bf242fda9d6c04721feb6952c64f866438f7818b7387435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
87f118e2c1b9a6f6e1f271c3f637b1fb

SHA1
3bd8a2f62216596e798e62d019643d68dd510924

SHA256
4cb185a4796af42bab8a06c570de5b5ef11a5786a482634dfebf1ba4c1c07715

SHA512
016f4da93ece870a41003abb13ce6cac7f8cb32940cd7ec6b2396c6993331f4f78fa17dd18ce05d65fb41885e19be7660defb57e70594b4ea3b7a6b7c03e8c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4df7372e71dff87a8d3938564770a742

SHA1
59bb57424684d25751db275302c0d3dc3953f602

SHA256
e36f0f968849f807808df883461eb9a3b26f8bcc12f956a29a7006898b216f23

SHA512
c2d24f8d377383d60df10dda62bdaa8d7d8c3a50461a91d5c284779c0bc431b2797e7d2fd38bbe5073946c2e3cd7675b75ad0e60595ad95f656ff50a59ccd42f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f59146289e4af9ad6a4f58e7e418882f

SHA1
a411d130937dca13b6724e2d7688f132fa0b899f

SHA256
fc2906aee89b57fe8b30cfc829f33e568d9610017344e0663726c33e8e987758

SHA512
ffef0148e1fa83f5fed8b948ce89d1f12527c796dca3160c589afefc33b666c9d5207b7d46f7651281b506b01c13b0581dacd424715cbf59e04617cf2ab8720a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f1775937638663646c62cb69ebf5bc01

SHA1
38587cd701b3152a8acbdcdc13221fb2451b30f8

SHA256
d4cb84b84fe64b045e36c22b4dbc41faed645bc5c52b3e35bcf89d837961ff3e

SHA512
e77d09a9f5b10e4187698b5ed37d2d9606f55dcec6d015a635760d7c26bef5742bbd34a745f767f79d4682fbe05f3261a1c7d2e81b7bfd8577be9811a5158b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
893a66c64f6801f5647eb6d9a7c8939e

SHA1
e3f2c30c05ef45b338ccd6b6237b751080d2f314

SHA256
54d64bf9f7d5880539519f3114c0259dc71345f1ef952aff96e772881d5f8b7b

SHA512
e74b0f6649853e2bc282c91bde53ab482fe458393ac16b84573852d50762369ef8b9bcabdf8328674ba76c239478809f670dfb969b25276e629508a6c78ac98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
bf06089a63d27480f98049abeafcad9f

SHA1
6781395535d296eb36a2c8ba8c09f86586cb4c7c

SHA256
dd2c032f6ddc781f623c9fea5415146bc6ac50c8e002e6c517594d89253f6e0f

SHA512
2b0e0314636e1cf9049c1848f80b50d18f4a3a3d340d878ba823101405b52fb0a46b82337543cc49bd9c7b9f2bf97c447c520a04df344ddc05118dcddbca4acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
ebf5524abafaecd9181359a5c959dfad

SHA1
4ce62562ccde0fd41f409217b645cd81bae04b80

SHA256
6a2d951cb17d8db03bd050be307f3f122e3a4df49b1ccbd926e6aa9294155049

SHA512
7fb8fbeecc2d328cbddf59a3402140ddd36a4217a467eabee2b6bc5f266cffbf0b50d633087320456e434f8008a23b25a860a933bfad14a8c70a3b7e14fa7ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
8f060bad4a4052cf46a2f2410bde7a74

SHA1
11cfc68b41bf37a20d17ebabf41330862c2a7365

SHA256
0024f07c4db0390a5594a68f47dab0f3ac54c757d96b9a61b9115eac5590add2

SHA512
f953a98a8a6522fd83395f04ea0c898184f423ef577551d4e429e1884d90f1b5ee46370bc8d5fa89c4d6a0baed94ff269f79258ae8b3583787a826eea87b993c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
512B

MD5
6d88e31d480ebca2ba14e58b879a313a

SHA1
7a62b625027302d77b50ae53b0aa44e3eb94f3cd

SHA256
f683553ce8a5b4e09acd451a5779e718e9d09c4c25623f2788fa157369e96fdc

SHA512
f0bc591d7fa753dde67099873572a0169c214c50034bf788f8bc3019ad4bb514cb18512e98226652109665a16398b6c04e30b7fcb8fd9815dd91f002f5784517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
25cb7cedd61d65560523ad3f7dffdc14

SHA1
1f33605ce65312e91ff6709ab54ee789b7e7a4e1

SHA256
db1154ac7c02e622fe9a5b2c73e501913107e6f9ea981c4a7742f0b44b7c4f9b

SHA512
edc9503ddbcf78fb47bcc939aec7b96a2d65f39f2c6b00952c6b35dc1b2bab634fea974c82347a987c1193a199459f7eba674db15482422a39aeed73cea77d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebd8584eceef68f092c35ad447678f61

SHA1
22cdc719ca5532821c4d2d1a23cef7b3038ebd17

SHA256
609660072a5cfac69643010a82174639b51ade0a5bed736a847efadc6cd16ff2

SHA512
49f2988f29baf8417401404eebfe6cd4e7a52b645300c4ef535efadc9fc733caf49fd58e60729c4d3a7cf32a8d60175e3e493da4c084ad8b6bc336cd93f5d37f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9d8a89d7b96c839280cb8353920fa79

SHA1
2bdfbc471d0aadf99873476df949aed9ac1020a1

SHA256
5ca24dd9550c0c13f8afd06db0dcb02f881f5c3d639fd1a37c27d24d348a96a7

SHA512
e917bb91cd5c3c2cd60afb85fac31827f38ad406580c84960a91e0698685894372c8da9243960dd2cb92439642a2195ba8bd1bb597ce37f54ca6034b97064767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f3733a0724040e4b05f3a85245031646

SHA1
2abecf62afeb035f73c8549c9500776d364fa353

SHA256
5311860b264d33e913c9904a87cfb1f1b0d6ccaa449ac21a57c86fa910b39790

SHA512
8c579267c356d60583846b0fc055275e144b69121a2a227a20e56203ba97dcc686a497cb906a2fad39fdc823e7439b95ddaaab99b583228d31dc30f85998c822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08fbaad9580a0851f68c94ea9609b6e7

SHA1
5b5527e9d89926628c36da158bd9fa7acdc03ca4

SHA256
ba4adedfb7714a7013c78fd3df7ae7253c696fe1c0c9f682c5a7d4dac329cd29

SHA512
984bdd6cf8018f4ed6aa73bd94b304ea0ee1c37c010eb44258ab3d5f76269762cf1ad1897f08a4209c53e665f4cbd59c177f760f401a0fb6e443812c0fd92447

Download Submit