hxxps://stemmcommunnity[.]com/105842916025

Analysis

max time kernel
134s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2025 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stemmcommunnity.com/105842916025

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133820678500860663"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
2492	msedge.exe
2492	msedge.exe
1596	identity_helper.exe
1596	identity_helper.exe
4464	chrome.exe
4464	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
2492	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 4656	2492	msedge.exe	82
PID 2492 wrote to memory of 4656	2492	msedge.exe	82
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 2632	2492	msedge.exe	83
PID 2492 wrote to memory of 4492	2492	msedge.exe	84
PID 2492 wrote to memory of 4492	2492	msedge.exe	84
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85
PID 2492 wrote to memory of 3416	2492	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://stemmcommunnity.com/105842916025
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1cde46f8,0x7ffc1cde4708,0x7ffc1cde4718
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3112 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16359221792211229283,3624647495537430045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:1116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc0976cc40,0x7ffc0976cc4c,0x7ffc0976cc58
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3400,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4396,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4648,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3324,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3336,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3496,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5228,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3456,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3316,i,7682967868638084734,13560293033687443372,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:2
  2⤵
  PID:860

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
90dc18fb10e0b63b3eb5bb28f7792639

SHA1
425015c490a9c9bf4d05717121b508d1d211aa56

SHA256
6ab7f849843566ba3849df82b289b3ebdaf4ab5bb34bbf9770d4e8595c7b6846

SHA512
16ea1c55ab9b7aeecc8405f797d0fd04bb0390d85e2389b12bfec351de43ce3782debe414e596614be265c8087365a505cd2429b9cb1cda74dbc533157b6d473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
9f3466833cc070f427940bc6471361f5

SHA1
61c34772b2c49f130df6ad4b79a71f1e9a157879

SHA256
aad934965cd5dfcf1b09e61d2ad728bfc9e8ee4b3880784f3ce4d26e76559003

SHA512
6b95dbf2b40f789958183a7ebf1e3d32b26350b3f48e88e4d0d1d98f8a08d3aeb6c49d9f310138242e2eef45f5a4fd4b62a3070f752f62a4715503fbadbc16a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
90706713ab86c958870d038293947f67

SHA1
3775278a49995912052c4f3ecd6c5d6063c56d2a

SHA256
a0d1c179d2ac0ca39971d7a68f607bc12f3eaea335f7e3b11a076115cdb4662a

SHA512
ead8969b6805c2fe303a23af5635ffc22eaedef8aa9d03bfda32fb191934d1102d6286aa877cc71ec7dfbe4a84a838bea352fbe34d5babab9d00bdc3eb59c4ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8008ded5f7b526ef072b7d0b9450c41

SHA1
e48aa98ddce08727a8e8bea15c072cc4e310349a

SHA256
333bbcca8ebcaea1b39b7c7c37d2641a0a5134d91bbd1c200e63b3fb28a20561

SHA512
b43b25598dac36f3eb2d7e8a7c6b374a1e3b74f4f55bf3618c1107f749ac08db3992e6b1ca8019469a295b5b9b462fea6482d755968d1f8150845a0a23f764eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fecdfddd1e369e6bbbde4258a854f389

SHA1
d6321907260496cccfe6bd4829620b3e936b1be0

SHA256
80aae91a72cc09d19d25d1ed86dc2bc766610eade0efc7d60b71658c878f51eb

SHA512
4ed47993c3b76c77c7b04eceaeeb444ed44a1f55dc2d571756681659a99ed3af64a68eb0124aa3598eb534e1da51ee4fa328fc62c71d571408fc5843922cd35b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46bafbb1e20d5f7859615cd8888dbb14

SHA1
b5846ddc04000477237a4ac84b95cac0558f3355

SHA256
2ca3778e071f22bcf2221e187db66ae46d909545c1b4347d1b9c11a277327990

SHA512
97a3629b23c318634a68f1e1dff36936b5c5ddf2646b2876e797e7267d8aa03ea457cd66ff2430d3cdd5c0dcc4f6f2eeea837d9b47c62f7a8d1eae139197b427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aff5695d14e981659605b5d5975b9eb0

SHA1
5dbe9fd3e1fa824dcdac8ca76a8e27e3989e188c

SHA256
4ad165d1d913bec4ca91e0aa64f23201bdc666f24290e05b77d1807d35a0d5b0

SHA512
332c67421852aa2aadca129e672311901f3ede5db2555ff630594baef77306de017c8fe7973955a5b6e29530e72874f2dd389af0f1c51c5eaed7d11ef72a9170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
de3f6a5eb1e27c5eda4bdc42518b61d2

SHA1
d96691778fd9108b4d36a1589cca036512f75e75

SHA256
31041bb455a94363bc315a7217643c501c7a282cd6b2e001e3ff8bf323a13140

SHA512
b6af06fe88f114d548c6035e6f272538eba3e233652f5e4f533abe4c1cfcd32ea7648fae757b85a08d7ff01e9e80e706b7e004a5f1082f46403f1baaaad631bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1d5f952fcd7389f2034bb338057fd5ee

SHA1
5d42087266d34974c51bd261888821379068cd91

SHA256
0279c6e72ed3c542fe4e1da789282fdcf976178e3f2c215d2b81b4c6082e0320

SHA512
4f6be07eced106c0a0f8c048b0fb9c3c0742373818755f4cbb362dc21cc74f6b1c1497c3f74b9520192aafaf77c70ea2449083e0b478de02b4b754a013da555d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
f253b99cd84dd16a1986a9530390c217

SHA1
ba1076c9e66249157833313508c895dd57b01c0e

SHA256
dd25deef1d35a901946bda2bee89cb5b1e64757a8066d493f9ed1c4eb6ec6da0

SHA512
fc484497f180aadf62da17551067bf7b6a53d81e8955eb15fe58264f326cfdac7955f6381bcc9a68c401ec5ec595e7a8124e750eecc49b2060fbe35464e73bd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
6789afe769e801e2ec52fb9e9655462a

SHA1
15feb5fa8552ee720ff83be19056df19c57a7897

SHA256
99eccb052c5daf5b280adaf774e865f3c90e47e6ad2205050d120025a3e5566f

SHA512
1f2ba0fb3015fc1ca2f330429656b2dcf890524505a1780b31fb306b09e831e0aaf5da3095efb22fc33ec9620d2b7c4f5db5794594b457cfd077ceb448fccf2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\40e65ab7-9538-41a3-9249-721f73e22fe7.tmp

Filesize
855B

MD5
91993d947e8d6a001668b042c75e6d87

SHA1
e3027998f5ee17b17bffad6f9850674955c2a86c

SHA256
b049f892b5dde188fe6b0c3288b2ad1e353b0c0ecb6dc18f33bad92183e9330b

SHA512
edb1d75db7f494a4ae0c720d993349c8e380d16dda7f6ba1bd9633cbf4d51983b857ec9f5dba91613ae3fda1e27e54b1ed010186a7e215a8f6879f69023738ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
0a11097eb01656a46a0b1184ad0e9034

SHA1
6912d0ff69560d14d01b31b0f94fc66da11755ef

SHA256
fa48fa52d60fbb1d252701e79fe425fc58a787678a76ae0516982b28ce515fc5

SHA512
3452168c557854b1b6cf79fcb82a356cb55282554bdd8a91ce90f15e3235550dcefdc6111cbcfb0ddc990ba8dab03f687844875b4cec514150b93ae0417996d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
855B

MD5
cd8c29e4f64699c5237ac98511571849

SHA1
2d10618494e1c437b3d81b2ca6ad0943bb79d4a2

SHA256
4c707116cbf503d6b5426c9b4a8d081fff97d02d69aa19d0e491634d640c7328

SHA512
73b9bf689abcc0c7118e983cdf5fee65eefead906621a35ac6dc35009ed26b6a2793ff6cab36d96b377929283fb95d4cae30f0b88e3af57c42dbdbfe0072be98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a0f848642b2179f10e825564e17ba85

SHA1
1a7f05ebd9bcab1d30c8c37d18dd527cc1423f39

SHA256
16b4983a85de669f0700a79c5feea64748a4102ee46304e310df2ccda34c5ebd

SHA512
4f69cd6adbe2f07309ada420c1773ae2525a0464760f67864b0fdd0adff9ed6124643db3614c0cf471717ff225348f6a8e3083a282482e09a154bcd1d81b2c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ff7620ab7afd9ff1fbd535298dd2f37

SHA1
1db86111b9c2be6364f37c7e3df2636b44c68fb9

SHA256
4497acad068b8183ad1e2b531d5a8c62f971c22a400ef2a52eccd6fab159b76d

SHA512
2441ed60c339f64209c634546cecbcaa58a4a3e62bd282c00e351309c626b9ec59ebc3b0cf3f00577965de55002a82b9f39813b17cc51b296971d8888d75cca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39d4ce48de20d7679aeddb30c35f079c

SHA1
c42da1e4f50b7945ae29e8a6e6a077fba7fab5f1

SHA256
748d6b69ee69aa8dcf9901ad6f7ee2283de02ad92c963ca80fda46d0225eb682

SHA512
591ce12df4c6b5248afe2237440b7894f24a3930eda6ca2a2d5993e1329435786f6ae7bbce5687efebec7f6791b3893258b4364e2b0eadd006e1823f835a80c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1e54c37e8e0bcd4ec33efbbef5d20d6

SHA1
bf64975a156c860448d8c488bb57598fbcda6173

SHA256
29a99c411f42f67fda85b7a6d1441fc7b291ff667ab987c32fe2cad9effde641

SHA512
698292d3157ef9170729a62f7e197cd5a3ae2d9eae130b34528d80744bceeda22819b32d3ba73700e3172c12e5c479861bd4aacedcf24f5a2328995409d7ed85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40b961a4f4dcb753fb0c0f1269960fbd

SHA1
aedff87de173e3c9a05db15bfc7564c85150675e

SHA256
ba3f0bb56e867a6df0691fafcda2f893e928610ddb28fefba3d7a2693a621027

SHA512
4e4b988513298eb413042045cb6e06629b1a737cdd1817d8ec6b3d606f57683eecbeddc265956093e984b4239817b60a963b464503543bf691142e719c7c7558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
19a80fbdf14b62f28b6dab1f45af3eed

SHA1
42a4035b2d8b129f364b773b21f4a260bf7c0418

SHA256
38e9dbadedbef1d23b9b90736a47d928901799be47eb4a5a87ab5a29d817e0c4

SHA512
5ee3241e607b9b06532faacf0b0a421e8ed59635a490c25d47f2e5c2d7cebe05fc21f35bac9c88d6568981077c283782ccceca87532e65d7695ff58b0f9a5843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586c51.TMP

Filesize
1KB

MD5
d12ccacc641adbe24a7359601ba9354d

SHA1
6d1e2239b0024a8e48f9376261b8b129ac787ba0

SHA256
4037ec91e34ec8afd896aa9b76631e9ac442458e49f14d535b6c8ba83aaffa7b

SHA512
f57f34158dfebfbacbee05e31baff07655610b1403a8640f12a9a09769d5672fac7e82458c3d823b50a55da9ff3f01993e77fcf1b9638b7342b05a7fa4cfa4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a8a37b3fbbae962a9fd1a1eb56881f6

SHA1
711df988852b1047607e36c24743d685bf1c6190

SHA256
4f719fe3d4ad194be9a5d9ac5edc4169308548a6018672f480eb7c653a2c1dfe

SHA512
11997775dc6dcdec86fc515e143fe675d55423673d1d408f85d4d9922834c66bddce1685777d5bead77cb128724b8ef0d54fb2c5c43dbbdb6da7e0a7ed9fae05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2933bf1649492a481301dae4735c76a4

SHA1
6b6cfec71f8b03fd8cf12e56b51e126f82039053

SHA256
46709ce8199a60be7312fde5026bb28f6a8fbaeb57b83d246dd2302df16295bc

SHA512
d27b359f75026b3aa3ceefb4e1a58e8fb29899a11c9c7a6d682f3efcd9efa09e73ea5261f554b4c776ee5042667581ca994719b3bdd44f6bb3c21d200b9a3563

Download Submit
C:\Users\Admin\AppData\Local\Temp\bf85fee0-23ca-4804-894c-aaaf97ad8104.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4464_1740360360\18578230-d2e7-4bdd-9bef-aa86c3df4de6.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4464_1740360360\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit