hxxps://steamcommnuiety[.]com/gift/activation/feor37565hFhsde3

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommnuiety.com/gift/activation/feor37565hFhsde3

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

Processes:

msedge.exe

description	ioc	process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5564_471121793\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_78_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5564_1429139255\_locales\th\messages.json	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645884573999810"	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{8180C7DF-630C-4789-A156-441286A9D4AE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exemsedge.exe

pid process

4972 chrome.exe
4972 chrome.exe
5564 msedge.exe
5564 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4972 chrome.exe
4972 chrome.exe
4972 chrome.exe
4972 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5564 wrote to memory of 5600	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5600	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5872	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5880	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5880	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5888	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5888	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5888	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5888	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5888	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5888	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5888	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5888	5564	msedge.exe	msedge.exe
PID 5564 wrote to memory of 5888	5564	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommnuiety.com/gift/activation/feor37565hFhsde3
1⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3592,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:1
1⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3624,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:1
1⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5184,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1
1⤵
PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5312,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
1⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5356,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8
1⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5960,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:8
1⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5944,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:1
1⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5952,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:1
1⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6028,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:1
1⤵
PID:2756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=4588,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:1
1⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultbc3b07fahccaeh4d1eh9d4eh55db11871cae
1⤵
PID:5216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6084,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
1⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ffdcbddceb8,0x7ffdcbddcec4,0x7ffdcbddced0
2⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2800,i,15368527435660655287,1331349489576079015,262144 --variations-seed-version --mojo-platform-channel-handle=2796 /prefetch:2
2⤵
PID:5872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,15368527435660655287,1331349489576079015,262144 --variations-seed-version --mojo-platform-channel-handle=2944 /prefetch:3
2⤵
PID:5880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,15368527435660655287,1331349489576079015,262144 --variations-seed-version --mojo-platform-channel-handle=3064 /prefetch:8
2⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4392,i,15368527435660655287,1331349489576079015,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8
2⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4392,i,15368527435660655287,1331349489576079015,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8
2⤵
PID:1028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3204,i,15368527435660655287,1331349489576079015,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:8
2⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,15368527435660655287,1331349489576079015,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:8
2⤵
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=560,i,15368527435660655287,1331349489576079015,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8
2⤵
PID:5492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,15368527435660655287,1331349489576079015,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:8
2⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4488,i,15368527435660655287,1331349489576079015,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:8
2⤵
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
1⤵
PID:5952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffde3a5ab58,0x7ffde3a5ab68,0x7ffde3a5ab78
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=2028,i,9836457028512611983,16468185738220702256,131072 /prefetch:2
2⤵
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2028,i,9836457028512611983,16468185738220702256,131072 /prefetch:8
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=2028,i,9836457028512611983,16468185738220702256,131072 /prefetch:8
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=2028,i,9836457028512611983,16468185738220702256,131072 /prefetch:1
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=2028,i,9836457028512611983,16468185738220702256,131072 /prefetch:1
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4280 --field-trial-handle=2028,i,9836457028512611983,16468185738220702256,131072 /prefetch:1
2⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=2028,i,9836457028512611983,16468185738220702256,131072 /prefetch:8
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:5648

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6625dae48,0x7ff6625dae58,0x7ff6625dae68
3⤵
PID:5780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=2028,i,9836457028512611983,16468185738220702256,131072 /prefetch:8
2⤵
PID:3836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=2028,i,9836457028512611983,16468185738220702256,131072 /prefetch:8
2⤵
PID:6064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4012 --field-trial-handle=2028,i,9836457028512611983,16468185738220702256,131072 /prefetch:1
2⤵
PID:1924

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2784

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
fb73c8d8c0ede4e3f40534d41e3779bc

SHA1
577d835597961d408cf0a14b466f1d668bd879b0

SHA256
cf52599658c2248e435979140d83906a92ed47007d71bad0c73e67969609fab3

SHA512
60fc084b8a1574ba77b8185ac3f2138ae3a6989edfc83b22265e422591e1d5a750acacb548f6ecd63424f337e2abea72357b43040ce9bd5f3d48318465f43831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
c9a3a04cb837038ba62ec5fd59d24f9d

SHA1
35d7314702fdddcde9fb0ac702883a7f0d3097b7

SHA256
40ef49527250ee4e3dc6b679404222b21aea41179441e1514cee97f3e7da7110

SHA512
df53e02d8bd583ae5693369b5831c3e18099f91280cd8643e22be2ee3eff8c3da40ec22af9eb2f93f7a023aa10232a7f4c19932ebd9196a6f4fbd1dd96167f94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9f34dbcdfd1e94c2e2f80fa8199564de

SHA1
9304b915dee76a3f3863ce703bb76d069f665aab

SHA256
460d6e81c37bbc1892daef37e5df8f1464f8246e06437dfc0299267673c4d50e

SHA512
d07519daca2546284a891a9d22bc75c6816560079a41cd70bffebcd09a250b9997cf479183aa593e7f4d827e847a2189e56b9f37042b6a2c6ccb3b39846ecbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
1fafc072f9a125503fd3cddd163bb705

SHA1
4c17a9838759d93740c9acddc20470309d81300c

SHA256
df187343bcbbdcd4896c20bfd9bfcf681b73398d3dcab40b75649034ed035df1

SHA512
8949e1c01057ae5b82a67f963421fccc6ce2ddc2f6bfcddefe300450f6b5561009f7582559415d5ed6c823c0927310a2ad881962b4a3647e83c8296372cd6301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
270KB

MD5
fe2bde627e18feef67a522f61d00d42d

SHA1
2c23da0f8992503163895d7c55364d7fae4ff381

SHA256
98eebcbf39ad2a5494a133ab38cd20b45f1a437c5f1e0f7f8b2baeb272a3e63a

SHA512
22bca911e0105523618325669b17dab0644ef67a8e51d2d983e0f652a1780910ce2a3a90a43895152be97ccd0137411e4a5c59f91d70eb19d13fc9d956606985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
bdfffa977457d1aba6d9f57959f91a31

SHA1
b6f207a6d4688d5dd80639212cbcbb9bd793e970

SHA256
dd022724e8becd087740889d2bee0350a419a4431f49ebc16378604e60a10160

SHA512
f75b5c8c8f6ed89db6f9b66dd06255d7617425fa6ea74e29453430aaea90fa265a12023e4214e1caff84aa12b25360ed1b11864d76927be0da7b3e9c5076ca4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
f3f7f28f27475611ce72194677d988a9

SHA1
127f50783c38dddf122d41d2e14dee3328cf9b35

SHA256
3b38633392dc9be5abb5357cca96bbe2097a906b44c0c4c411de4cd0747cbee7

SHA512
d604a4840c996dc6e748eaecdccc6b332159a99bb885fb386da16cff442ac68ae2d002cb9f4f0623cca65ceb200070429477493714e7892a654e57e6213a2897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
30KB

MD5
b0046fee053777df67151d4f960595fa

SHA1
79f30ba18ce1f27d9daa5029920b5340b1ec21fd

SHA256
0baa4d37adea1645aad801232507d66f58f260d43a717a11d08035cc0c3193f6

SHA512
25e5175b279e7cf5bd0f3507733bf747c70b3b2bae7af0ca5dab8f9c5f0b55297e884ba2162daf2522a52279a38494e252530b0f5db18988728140892dbe6121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
77KB

MD5
0809b1b42f211c6e884b9818668c2bcd

SHA1
2cc0f5096eb3435217ab4ee7b05d67bb82a95fbf

SHA256
383ed7bb25afeafd5a3cdc471c72f0745ae73805c3e305b5f4d50dfa5d0995a0

SHA512
833efaf6069081d97b68e3fbe3618c96d23bb5b5ee3ac429f1a3c3b1182de7f472d4d372ac11b5f8802e8da97ccafc89a9ee1b9b11fce20f129a95ea8a8b2463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
77KB

MD5
895e39bf4b7bee6e5522a9dcff411ecb

SHA1
c18da74c8bf87b2656b1e53781e3370d10185536

SHA256
3ed97cfd393a16c3dfdc2a7ebd68a33dd109f6a0f3792ca2e33f887e49a245e0

SHA512
5a05051d49ac20a3f5460e89ae9b78bfe873f259656fe4a0f952d738e64654a350222375b25aee8ed670f663ccd3ba165e2d942181c1672c5cfdad921b26866c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3df7cb59-ab02-4f4a-a269-b3c10297bdd3.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
\??\pipe\crashpad_5564_OXOWXQXKIXFUSBHJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit