hxxps://www[.]dropbox[.]com/scl/fi/yfalfj5beai76vexfzkxs/download-links[.]paper?dl=0&rlkey=5bkvhxed01z4j6iy411sloj15

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2024, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fi/yfalfj5beai76vexfzkxs/download-links.paper?dl=0&rlkey=5bkvhxed01z4j6iy411sloj15

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
38	drive.google.com
39	drive.google.com
1	dropbox.com
1	drive.google.com
14	dropbox.com
15	dropbox.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133558732368932252"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
344	msedge.exe
344	msedge.exe
332	msedge.exe
332	msedge.exe
3172	identity_helper.exe
3172	identity_helper.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1432	chrome.exe
1432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2348	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 344 wrote to memory of 2964	344	msedge.exe	78
PID 344 wrote to memory of 2964	344	msedge.exe	78
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 3420	344	msedge.exe	79
PID 344 wrote to memory of 1508	344	msedge.exe	80
PID 344 wrote to memory of 1508	344	msedge.exe	80
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81
PID 344 wrote to memory of 2220	344	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/scl/fi/yfalfj5beai76vexfzkxs/download-links.paper?dl=0&rlkey=5bkvhxed01z4j6iy411sloj15
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbc9d03cb8,0x7ffbc9d03cc8,0x7ffbc9d03cd8
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,6584534552958820877,1793166909901775756,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffbc9899758,0x7ffbc9899768,0x7ffbc9899778
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1840,i,10060974056846616738,6023871565727659792,131072 /prefetch:2
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1840,i,10060974056846616738,6023871565727659792,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1840,i,10060974056846616738,6023871565727659792,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1840,i,10060974056846616738,6023871565727659792,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1840,i,10060974056846616738,6023871565727659792,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4092 --field-trial-handle=1840,i,10060974056846616738,6023871565727659792,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1840,i,10060974056846616738,6023871565727659792,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1840,i,10060974056846616738,6023871565727659792,131072 /prefetch:8
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1840,i,10060974056846616738,6023871565727659792,131072 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5384 --field-trial-handle=1840,i,10060974056846616738,6023871565727659792,131072 /prefetch:1
  2⤵
  PID:1668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
225596659dd3d14035424512e188dcfc

SHA1
ff96fe072c4d4dc4d918ab714ae07cf8effe2271

SHA256
f38506fb15f5b893e7a0ba8a638f4e3c200886e59518d0d0fc72c4f0732a3dfb

SHA512
3512739894121632d3b52894fa2b11d62ceb4f06b0075187640e886ae5051d608133a17ea2534863a703091cfe397b6858417e30b7be18dc735bc77cc2716093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9b3bf9fcd387b1362b363698949ee527

SHA1
2b43f95e9cf210419d560182cf01c0419f1e9908

SHA256
7e01bea44ac82feb8c3384ab16343866cc87ef12b2241f25b6d2f5b8d4c25d41

SHA512
1605273934f1aa875c924798c7a51aab2767ff46b109a020bfd17ee926eadbffe683b32ee5caec2b5f633d5be59b3eb6da06c191fa6d34c6ca09a7c5f299cdaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
eb52cc4e2942d0dc16865f3274249d14

SHA1
62e5110255233d4b331d60533e9d60258bdc085a

SHA256
eedf8fa62e411b0ecee4779d66a902ba04894100615edb1e94a07b0f13ffcfb0

SHA512
ec123bde31013a04880812092442c2a837ac3a5377e61459192afd60758c088c2cb0134dbb3b8cc450f21389b64191ae525fef996b9f16587893e497ab8cfa65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
449a5a11c9bb5f85f030cf2f2a45a23b

SHA1
424b963a9f88d1294b62a1507684f474ea1e257b

SHA256
bf664860fab5c73a1e55f57eedd59587ee42561a95f14d50290c8bfc7eb6a5d9

SHA512
3c8dc32d3d7fa0948ce7be236e41112fe3455f424145599257283026d246f3605de401046dddb9e11dbbbf7f29a55500cf901e0589692899a56ac637a3ea2f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\09d3fc75-b2a0-472a-bcc2-3c236f9df631.tmp

Filesize
698B

MD5
06af282657c1e4d887c375d7f00ab952

SHA1
36d70f69aa25113c1cf4a0d6afe30e77c162afbd

SHA256
65981a2960698c633ec742544506fe3e3d56fc3d267d97a7e5ec9832d6e0b557

SHA512
69a6a30ee99935444f9ef42aa03e502c3283a8f8224b620f557923197af4e149f1bc0fa67b0ca30eac7b0df738314524b1d69f420bddd847e4cbbbe16476787c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
39KB

MD5
d6deb1dc37ab1ee36cf0740cd6b6a7df

SHA1
cb5db70615edd71285a2f3057d60795c3a6eaa5b

SHA256
38e3d1ead1992c6cf537c86553543bcf1ded8527c25332ef4f789cf1fe4ca521

SHA512
dca6edc2024193e0c2ae5abd0db1e780f5fc63993446bad274e6188a7aa7612777addaf1c286d8529d116cc9ed5e0d90acd56fac2dc0a0e2eb5dedfb619820c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
6b89bea4b567170be5b904e2907afce9

SHA1
b457203b1f1ed0264bb67549f15a1ff1fde08006

SHA256
1e63d2d4feb92ec85e10b11178a1e28b697ca3bff392f0051499f259c3a16a4b

SHA512
c6244eb100e2755a8e5c8393e89ef4f5042f437a8f59b41e2dc86162942849fc59995191b402cbf3a15ef0135f13fe4943b215e4576ec0fd78f749928ffd0aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
744a1d566e088be608841622ea9c4068

SHA1
3adf7a7869aed0812567fd2bcee962727a32177a

SHA256
78b731d99cef371267490e349ab0ab6112f14f3561f8488268cbe7099c621b83

SHA512
e049181233ff1a6a0a4520369409dc730fa03f428ea60fa52dfb3abefc0852c67ff7db3b13fab36b21da6d168ab8d71a39e62d2af20da66ab38da62659fc6bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
47e9cefe4a8b5913bfcdcd09934de3fb

SHA1
514925d0faa52c2741650ce6ab3e73738021d4bc

SHA256
bcbbd17ce21a44cb88ea59b6df4cf1864ad324b788902b58d1b60db894a1e8f3

SHA512
b5811f40e5649176945a34bfdce395acf3c14fcf79c51815bee98b246a48ae9d74b163aba3f2f153056924055e5acd2c2ee2f781ef60f2b7c1ee3f92522e971e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
109d3bdeb5349be908337e478fc003f8

SHA1
b4e8a0b9fe66142cb011d79138d56dd08ebac83c

SHA256
b44bc8c8de02091c7705747d380a5b5efafdb4860d471e5b381e125a39912415

SHA512
4809a20f40138693ae52b2b183f17e65eb6faa1caf7909c1992bf05f6b9a56b5a09579e6fd66ef39f8199d50de75b0be18bc58a22216f825c18a704204e6a697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d801ee74194536f7ee66c4c0dca3786c

SHA1
8c4a32d86b5622db05b48df2b2171c05748bbc9e

SHA256
52481f608086c4cf6b40cb27131196c9fb6087f8d71e2f9c71a636ea9d2ff75f

SHA512
dac9dc05a6413c4200fb7c0372d312bc40ff711f2b38d95466b2521dbeb5744c2ca306ab181dbd476db0ab8ae98e17aac7e05d3b69e0d5be6efd88b045cd5776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1405b96e292051582ecfb0310a275df

SHA1
05cbb2d3025508bc1f223ee8104dbd33e1e242e7

SHA256
0c969bec4e1eb4aa9a67121a3e02e7f5391cd2d06a9786fdbae509e613f2cae7

SHA512
cb15ef3b23f3870251d46acd1d1cd04f4b8024c6b336ceb45634182d43e1b32a45b22d497c639782260daa3671657cd2a9565ec3121c5fa80663337193d11a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5efaf95ca93a2357621643ee63f3e84a

SHA1
76ef110bad0f427f36f3a116266c10e0d0d001de

SHA256
a5e55efcd74a67ac9bb00ad44732970e8963c1b6ef8211bf46a6bf2d489ac664

SHA512
737e38d1505a77546a8e5b5db6e7c5698b6af29d37e3e8a6085fb15420f68695b3b9e5266aaf0cab2ce018c47d9e2c11baf8fda2eda9db8942e96a3a74ed21ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
834609fee2ca44a46d5b4a6b6d769a3f

SHA1
e9e2485485d9c18c8c4cc24cd51272cf2ecc9fcd

SHA256
7f3e7d279cb454fb24b8541b9d7758d68d4507deb6dc8a3597ca60e87f8e6848

SHA512
c08f4fba08938bf8e1f12343a74b971307772178f2e28a5cf943095acf2c05971bb98e3dd5e844e33f67be8ab8bf1118aab8766a76f4dd83b4b9a5a12191ff43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a8786098a771ac8bf353f6e2f45fb18

SHA1
306783e37882d6ec03b7a9de9497ecab3ed283f2

SHA256
e17496e89c8db07a618010b43e5bac59bb26af898572a2854bee7c12baad0eb5

SHA512
4a1cc7ad3de191bbd42ca400aa2bd9f97469918deca23c88ccb2732b38e7bf41a0b53c3127c031b05698739691ef67c114c36630d033b295755d7b5bf4d7ac29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5432b6758143a9c51d31a98c5232795c

SHA1
46c2fd267849c67e16f51a2333680ca383357b6d

SHA256
7ed4cef6672c48fff2402129a60e9dc19f63671f7b800e974b333fb378c22e13

SHA512
7b9ea38b2eb1220b0b48fbe861848a00bd66760bd4961d52abe022021f5bce47583c5ae704075c04b387320e99d4c7ef94d99d9d8c7105a30f1733f55328b8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
66cad86f1c88e0c35eb103451bd00d5a

SHA1
65965154ab8d7d4280333287b5c0b23e5b58cef2

SHA256
40de8f4bab1835b49dd16c876bb9d785ded0c8d06dda061c6c3ec4359878fd50

SHA512
031c075b062001ffd1fc0b5447dc9a48537c88b09c5ff79dfb4fa6eaaa240f5b84452815e5b626c2d3291d1d3294402b182ea7b7ca241fff646fe76b82ab3805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70a32535193ea4c78b03861253feb7f2

SHA1
da7e8fc9c05cbcc251cf26f58edd57207b371edf

SHA256
4ca03c99a802b4e0d0a6d35ef1a4b89bd31462b6dfebd7f6b80305f36a2796b5

SHA512
130ef6461696d643cde14c4ca19dbcc85d74228f915b64202159b53e54b340e33d1206ce0c4580d474898a747ff0272bd048fc0a176002ba465c276e060d0fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cfcc4c056810e1752063842c491c2f8e

SHA1
29a289c2cc86517b10523c3e0de50ba3375a5182

SHA256
4e367e1e070de136b412959ea60389bdc173bdd58843e988f47174dfec2eff44

SHA512
e03556377ba3bdb3a83c0a24b64c6d9f2a4aa72e5d5e58ab52b52877964b8b9449287f0124bc3fe1f2e552306bcd2fcc1a456842b2a041329364ea08e39722fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f43fde0c6bfcae4b3fbdc8bba3bc1603

SHA1
411363473b316da804ef32a0b149b12811ac445b

SHA256
7606829a9cf55535721a1cd11f1c027ac701603021bbc49520f3c7cc40b980de

SHA512
31b59be78c7d32f6cbdeb8b69b32f36fdad3aba31be6f04f98027d5c25ef3788d939fcaf9a519aeb9a4081f3120e372ca411eb72f699fcb7b2f4548fed83716c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5604128f4b2f5c827a9bd98692747f3

SHA1
5e7efb2cc6fd651daac89827aee23d2a944181be

SHA256
29a475f4821e72ef285a9e069bed61c4747e727885bb0a5dd14472d245bfca7f

SHA512
31c9994189c8f06f769f9d7a538b5436333973841667c65f5e266287b8c4d50020f2f507d35897731d641cda1211c88453edd0ca1e91dc19dcb8562e2c87729b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
52d7133485d815da5632323d9fa44a9d

SHA1
0f6bc61f0cc50b278b5516aa8ec902286859eda4

SHA256
34b69eeab249b99e8209a097ec99b9fa1f3512f2a17e132b378641ef1b522710

SHA512
e36910eab38232c3f0881efdcb9aa17176af5de87ae292e5fcfd709fe97b36600ea5ed23169c2d836100741783aec4f9e0f46883b342693041f639444c2f5fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7ff4e0a7ed15086ef4e07a62f2eac4d

SHA1
0299f8f6c622ed67f0ba5ba7cf2d19d0cd01c54e

SHA256
317ddf40197883d6f4192d42f2b2691ceefb17f6e524003f2084796ec8e81243

SHA512
ed0a831cd547b54451f93fc9391a0092facfe6d75473cd04026050db481a5af7b54882f1cbb5f72370dd82a1fb893d55cfbc24b480d140e65dea51e767b90c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b371.TMP

Filesize
533B

MD5
36f30648ddec06714ec95f3460b74f16

SHA1
ce8c48f8bd4a255557ea37dfb1d2c17f340b0c09

SHA256
756b1d33da2bff1aee504ceef99a86c11113dddbefef4cac006caac066b93a50

SHA512
4b6e10813204cbedb994d74dbf3de23c47fb34538ce38daaefd4d48bb686ecdf1c920400492799b0053b7da9f0f243665509b2643b0110db808bcb1839ddcb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1a91f5d7fcd5d8cdd06f4001c2145e94

SHA1
78017e7b32862297bb167c38b34e26d73943e543

SHA256
341605e7506bf7c4b7ec64d58c545016330e8eddc75a8c26f0294cec9533e278

SHA512
21b914751a1fa52fac23ee46f89abd290b813d5c2a405eaf64dfefd7c803f1eb792b0545fda73873b353286ba0bc0b07da7a7bb1994275b9395b9c5ab297070b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
67ca00a0a32fd36d3c7b1b5a880ca2de

SHA1
39453f97462a7c10eb8ca73cf6f86aea45af0a2c

SHA256
80793f7f9103bf22cd9f1bf0a207c91caff31fe445e6b3572f4b8ed4f0d56c07

SHA512
c2288c4f1b2b0d394bac5d6245e665d83382abf933d32e64efdb5e041a6725df28ea01ed70945f17820c9b420c0e011a2afba3286ab438e79edcab6aba16d0ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d3c1574e06e9c0ed4ddfecf7eda00476

SHA1
e90dcb7eeb77fdeee2883c9c99fea03c50f80eca

SHA256
0b643c95e32e8cb6c8ad9a28231243f3d028db10560130aabe10cd65c62dace7

SHA512
06a7e8fa4859fd6902e842760ab1be755247ced2cb5d5b92fda7e25483749d2a65acc7ada0dd351c943711eef033f152137aafc18b5283bf3c310737b8b7077b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
06961ed91ffcb8da9c322e9bfbac6906

SHA1
1271656d6468bb414cd3fb14cbdacc8f8d0ec727

SHA256
f82c0eac338661e1b13466fcfa983dd8d3dda823fdf0257c03b8a98ff9f37144

SHA512
2f87d23ec7ff023159495dbbe2df368f0e5ffc2726f6cd835e0dcb8951a09364fa542496057d7ae6f8696d96de3b0d379887ef808d41c6a228e390de17c1e0e5

Download Submit