53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1

Analysis

max time kernel
750s
max time network
750s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
15/07/2024, 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Borat.rar
Size

9.6MB
MD5

e3b10d235c365ac49d6855df0432bb76
SHA1

4ce182c19796cf8d4c017fdd8fd4b390de1eac7e
SHA256

53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1
SHA512

bb91a4bf979516c2a19733772b4c34b09b45efbcec491f2fb62adde9222e6306ce32a17de3e6f9b3d7338a93f3d72e4747a23157675663f00e9f153bc4ec4704
SSDEEP

196608:XrmtNiLocMQin2MKY9U6Qw9w/ZpX4ff5c4lgg0:7mt5tn2y9Woff5c4G

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2496	winrar-x64-701.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655604247558748"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3637748876-3197268895-3385380113-1000\{42E5B3F7-DD93-4B07-8996-981C0EAE4AC6}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings	cmd.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Borat.rar:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 942480.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
4624	msedge.exe
4624	msedge.exe
2732	msedge.exe
2732	msedge.exe
5116	identity_helper.exe
5116	identity_helper.exe
1212	msedge.exe
1212	msedge.exe
2968	msedge.exe
2968	msedge.exe
1440	msedge.exe
1440	msedge.exe
1080	msedge.exe
1080	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3544	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
4516	OpenWith.exe
3544	OpenWith.exe
3544	OpenWith.exe
3544	OpenWith.exe
3544	OpenWith.exe
3544	OpenWith.exe
3544	OpenWith.exe
3544	OpenWith.exe
2496	winrar-x64-701.exe
2496	winrar-x64-701.exe
2496	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 3652	1180	chrome.exe	89
PID 1180 wrote to memory of 3652	1180	chrome.exe	89
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 388	1180	chrome.exe	90
PID 1180 wrote to memory of 4720	1180	chrome.exe	91
PID 1180 wrote to memory of 4720	1180	chrome.exe	91
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92
PID 1180 wrote to memory of 3264	1180	chrome.exe	92

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Borat.rar
1⤵
- Modifies registry class
PID:2508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5f9ecc40,0x7ffe5f9ecc4c,0x7ffe5f9ecc58
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1740,i,7630654235763090005,11085923609231846018,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,7630654235763090005,11085923609231846018,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,7630654235763090005,11085923609231846018,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,7630654235763090005,11085923609231846018,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,7630654235763090005,11085923609231846018,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3548,i,7630654235763090005,11085923609231846018,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,7630654235763090005,11085923609231846018,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,7630654235763090005,11085923609231846018,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4960,i,7630654235763090005,11085923609231846018,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2080

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71013cb8,0x7ffe71013cc8,0x7ffe71013cd8
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,14561587738682552187,4860222786164389338,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
988829f30acf05e163056f475692e59e

SHA1
41a3462689ce796970402fa3422cb4fa4e6c3e4b

SHA256
71f549fa05ac3776b33e4903deb3a08da81235b1a9a53b0ba07154bd3cc55c2a

SHA512
d5214edc61162093928d5af92b11775223d6ed2ec2125250f119b1827cc0496a1862bdb77eb84033ba1a912e1e2e126a31149007dd70d87cc69d07fd014d4f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5e28c84ca5b563314822dce13c5ba1ef

SHA1
ba015efa1c73fdc876ded0fcb7700830f1b6106f

SHA256
ede9b97935960f2818e4bfcb8f6f11d198752ce4fa4fd0a62cba653608537a8b

SHA512
3519c2fead07a25d2c9ff93cbfdb1160a12187f932c17ff73bf18ca0b26dce3f11df344ff967bd7548f54d0ed04e7df4e8e89c0e26115a6a0e66396a3df98fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d43c58e699db1fa18ad16f02be9edb63

SHA1
430e5080f85ddf8404975bd8cf9ad5b3820421c7

SHA256
f1306e49b55f44dc01d1cc036a72370f26ede06f1f8b62f50e9fb1754bb9382c

SHA512
7682423403833c1d7e01e08f0de0410a56ab95089e54eafc7ff3a88f68324736742e55d4811ca95ae4fca3553a319302c44dd7d22083b9a7476124f026dd9fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
abb53136e728ecfd3d477be3a2dfa6e6

SHA1
042bd631e71959aef7236c1020d86c5cef27da86

SHA256
d8ce8cdc0af74fcb197a7625b6b8e62eb80aafdc7fa6ffdf4e811fe222c9b3ab

SHA512
3265e9721d17069c56823f4ac3d5c7a70869ffb5deed7082da482005409c798fe063f8b7b96839c195b778757d555ecb6321c729e37d510ead1cc4e2ede3de9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2b98142dc32162a6a88dadd5d509f8fb

SHA1
1976d90f03c24350dce9fe1cc2882fc4fb1ec459

SHA256
84edee72ac18db435fb9e27a62e9f301b1782f992c710dc53d458943232b7f5e

SHA512
a7dd33f7a856bb30f590f6837b7097d792761aa54c7aba461eb72f8ba2dc123f4e7a18ade84ff5a7d4ea43e8ac9c9ee81609eefba96b3c23dd28931a76a2aac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00203f174bbadbedf39bce59dc838e8b

SHA1
6d3cf7946169389b6a2953ee09d559a17063fb0c

SHA256
e902718128c6cf0c008632666b81a76c70f093d985a9d7582d03bdf52258a36c

SHA512
16cbf5e87c6939ae02568a0016c5738f029d46a6c75f0db86cff98717c19cbefde783bfbe6cb1411081481fc7c64e50e202349afdfbc4ca8aa10ea60d24ad524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2fb4f17d28eb4b4542847ed7ee3e14a0

SHA1
6751a18afff0744aa63ef67fa3c0e5e5640686e1

SHA256
e70e3fdcebd0cf611b8f719fe6202ec93f543f952ef758dffa0bcf109eaa29a3

SHA512
0081445497cb8af4c71a1f18e1b4c3226662aa7029acefe2255d656a827763dfc6ea86c3993989f8dfd389b760b6a6c39b9ab57ed20eb520c801167871182fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
265afeb54eb539b92a8640b2d2481ddc

SHA1
cfeb333cd89249b787dd2001e1c847791b956e94

SHA256
c179505c4768d0ba0ad9d8127062564407297cdc26b910b3f2c5b04a0142cbfb

SHA512
26bad52bea324220fb3489ccc84f8f13de408fac9b2a291c549cddf1c7bceaf008090417759ba85856016570452366a6bd3ebcf84cd30ddddf7bd5967c323b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8d93ec511fe1e60356375f6e9098cfe2

SHA1
731005a200f26768d5052ea9c077b603bfc4600c

SHA256
cada9ee24823556e7d48afc5ee35f89db2304f889a39908a456648141da32f1f

SHA512
c931ecb59b123b3aeff6cae6b00126b0ec794caf1949c6aa4f48447cc4067a0a84c4d0728a63d1c18db1d19afe2b68e8e3bb92137a9a8160a99037b9ab9ecb9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4cd17749c37b4fe53949d47f568c91da

SHA1
531b7b5d98c701f73c1893013b34b1704beef5f7

SHA256
1b6f6ed7eda4b9e51a94f8c9a5b7db4c9ad0e831fd1119c03782c13015ffb00b

SHA512
5417e4ec8337f7dceeb7cd0c85a2358956a2e22d76f5d44cecdfaa30fa3564a9ab06590636efcf7e0a35d9064ea094a1676714150484866ffd93d69c6636156f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
898fc7c793391fec3e01dd18071d56a5

SHA1
862154960717cf9b37e4c2c7c56630ace067dd3a

SHA256
0381dadcec8c9ac20ad7ec3bc4dd2e17e396748f65412a7ba35c40c238430cf2

SHA512
e71ecc854c3d4ba1516e4bbb7a95d07f5361956779f336dff4ab36cb2fee66a0e40e1ecf3229cc12d7371b3aa06629fb0ec452c611c7171349bc4ab24c5beaf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
501f0cbad9a106b550250661dafa6359

SHA1
ae6f1104a94a27258818b5596c447aae283870ee

SHA256
7a340906475c302321041ebb3854e88bc94dc47585d30c178b65f1622fdff0c5

SHA512
77d8c3a03087c5ad1d3e102cc385b9f2ad183e02a2048d52d4058b154b45f785b439342584f8204c202611a54c953bb000d98b27d668c4173b24d86f5c445b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
8a45b318fc524a9f35faec207ee1f19e

SHA1
9959ab5d835a3beeeaa786a1b90478e2df2e852b

SHA256
9e4450988535e3cfd17baab5c1c3136bc40e1edc8b7c9e14e069e5f13c592836

SHA512
db418ee8f1a62c7405db846a3989834925ca1f048530b369ac618cb977b430b213ff0bc71e15450d6df935e9023d4e54322bc410a6641ed675921fb7c25658bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
d3be663b5e810f5e197fc606866d1d3f

SHA1
4c259377c890b68c3137a4164bb4af803f06edfb

SHA256
21cce465bbd853351a347b27a17dc052e0bde9723a8bade384bca1ecb533e99c

SHA512
68c1f68835e0addb004cf7eb570615b45aeec558e58ad1d7f2127576289850775507c020741692881c4e1e1e58ce68244927dc2cbb8a3e1c6dff57d13aa4ce46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
8a56c4b0178114733db2c59992adebb8

SHA1
b50296f7e99402348f25f2e3b8ca79bf589f6938

SHA256
2a7c6434ccc3a2e042a851cc6c2cdba8c97d1f5df8a538e1b94f9f39d653c79f

SHA512
8119b4e2e44af3bd74373581efa904dbe6e94f87b00d74df31dcadbc94a0f0415492ddaf3fba971f7fa02d45a954845f719de090005629f2cede9fa7489d187c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
21cf39beee4d807318a05a10dc3f1bf3

SHA1
01ef7fc09919eb33292a76934d3f2b5ba248f79c

SHA256
b766823dabbf6f78e2ee7c36d231d6708800126dc347ce3e83f4bf27bc6e2939

SHA512
0baf8b0964d390b9eb7fafd217037709ac4ab31abcdf63598244026c31284cd838f12d628dcffe35d5661ba15a5e4f3b82c7c2d9226ac88856a07b5b7b415291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1998107017edc46fed4599ad24cfe53

SHA1
47e92f0646f0de9241c59f88e0c10561a2236b5e

SHA256
cc6838475e4b8d425548ceb54a16d41fb91d528273396a8f0b216889d79e0caa

SHA512
ef7228c3da52bf2a88332b9d902832ed18176dfff7c295abfbaab4e82399dc21600b125c8dad615eb1580fab2f4192251a7f7c557842c9cac0209033a3113816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
de01a584e546502ef1f07ff3855a365f

SHA1
60007565a3e6c1161668779af9a93d84eac7bca8

SHA256
9ed00a33812a1705d33ccf2c3717120f536e3f4e07e405539e1b01c5a38a14ea

SHA512
1582b69b40e05bad47f789e1b021cdd5e3f75548a39a99e0db1b15138425e530e25ce6e56185b1dfa5f51758d2709e52d53f309da2e662ebc34c8d4974ab6469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
9e3f75f0eac6a6d237054f7b98301754

SHA1
80a6cb454163c3c11449e3988ad04d6ad6d2b432

SHA256
33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

SHA512
5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
c71e53854f68266b9b7f2151cfcc5c32

SHA1
356fa2aa7d9a8c7585d846fadde297d33166ecd6

SHA256
ba4913f000f60e3762611198396ef0bf07204cb4381a74d83328e6369eaf39b5

SHA512
d261f7efb5490d0e9e11517d1e96d8d090bb0a64584565afe335ab9becb54f399e5eea088156c999004b771f4cabaa107256822bc1c4085194a35744d7915270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
20c1020d1b07dafef334519c7a82ad18

SHA1
46eb78dccf3b2695ec463db1ea7b74b0674aa5a1

SHA256
01dcdd5ba82be0b8438723b8ac695f7b1a151ee822bb0c3c7945e9500b386772

SHA512
80498634aeac6ce78dfcaca6f03bb298f9271b57e01ddd8c7d2c1030bce8ab68ba22b6a354f769ffb128bbed152b866db543cbac5f142e2cdccb17629bdafb77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
208c8f6c05a1b55eaefe2f025a4ac9e0

SHA1
c6ce96a35312e1406f27d34aaa16e4b0ae0111c1

SHA256
fbfe2e2062cfe62043dd92c47bc1280fa7ffab0ae36b1d04059088c416cd4ddd

SHA512
9aef4256dcbc2386f2b3acb36d94277796e3a81a684a3354ae76381cf036dca5c9e9490d33e13eea7c6fa6f0fa80f6b99570906527b33910e88f5720bf889484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
785B

MD5
016f2401b87e26b69be4ee081c8abcfa

SHA1
438ad1e300dd7344fa787462fa4a136125dc9ad2

SHA256
161d52003deb07f3f09dbf3cf6c075affb32ea988fb01adab76d4384778c0832

SHA512
795f190868b9874d12ddf2f42077944789de2feeb5f32bf716323a837ded770aa8312a5f7f88a48b71d5cfce47c5ea77ec6cadae0c1bac9b9a988477ae6f4d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ac10dc235207c233a2696c86c599469

SHA1
6503781d59e42b75ff3cb7457508c3d43633112e

SHA256
1ac517127106fe57bdfadf9a7aab80ac515eaae194833d77d11fc888efca4478

SHA512
e8223ad9f9c38fc80baf69dea02e5fd8e55896f0757106d289f220d20e8b667a4220abca8ceaba365682c60e168509a209e5fe03e9a6b64c47c6f6ab6b4a0265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b236c8fd4ed7f6a33e3b0ff38537f1a

SHA1
2155026858f54274b1b2e5c6e85550ca2f378ec0

SHA256
ff83a4d03cc01ea7211352f251986440e444a7cdf12cc75272045a9320c402e2

SHA512
1ed7fc6caf7637f5adada8f7412876903b428f8b018a61cd1ab1c50947f92b336c9d099026ae2fd6ba47022988bd992e6a03961366a1b5568b461d62d5778b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9e21494b033d37b975784f4bbc14b43

SHA1
548951cceed50d3ffc5530cf81312eb0e018d365

SHA256
d9c550356097f7c3f820ff77c281d23179bcf287f241d69d6d0687eff30a7aec

SHA512
8d0806196d42f1df3d3b22493a5610d85aef64e037649cc7b71d8a5772d88aa8be8bc3d6fdb6378e9e532b72ca658b967eb1c38c2dafd6a8f0a5a735a3b3fd7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d1f002f6024966418a79c879b3e011fb

SHA1
ad987f7c9db1a954e34a2dbe6dc924a3d1bf4c54

SHA256
34cea44a1bf5db00a8bf15026f30f2d974b2ac09c77956383c15736057fd85fa

SHA512
bbef21e00a8c31fe225b23c65be0dd55f64b8f9db7bf86a3961952dfeb5243c08e81a63b1d6c3a20cc1dfc78b848a137e2a722a83e93c5a7066870bd0d2ce95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f08ab1af97f2db87cfc2f57d17b48992

SHA1
7bb053239f2ec2f2497e5b9efdc9fc7a7e6633fc

SHA256
d2019bb81fa2d7a86fc16c227fc6a0700781b52662da18f4a10ee0bba6572d35

SHA512
ba1c6a013d723d32e2a04b3c2329b1506903ac6313625bec30b06f50b7250347888757d8c1f9aabe3d73aae6a1e383df60216c95b27f96dabf6c63fd9c9952da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97385542482d0cc1acdf0f604a6f4315

SHA1
fe51eac1cc036c027014c10f48ebf518753409e9

SHA256
a1346c17d4ca1c062eefa17f20317e6994922b437d2dfeff3b64843ff0e64bea

SHA512
db77339d8a9863b154f2fd76bae52a3a80fd8c1507dadf4852a706e9b60e183285d300b15733c4ffbb0c533204f7bc7ea3875e7262ae01eb0d67fbd4ff8059ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0640bac732e3a3ad5846cb874493b4d3

SHA1
fe4f1b8c742ca004302128c3d0e5406e8774ac61

SHA256
dac4a2c019699fe57c0a8a527c6d517209c1ddbe576d26dfcf0a85a8a6c00734

SHA512
ff5adb971bab7dd949393490ed274b5ab41d95fb70888b8465e7953c3758139f42e6a1ba46689a94d0bb658bbd87cc6eed20fee7a88b9fcc4266c400dc126890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596102.TMP

Filesize
1KB

MD5
7448a1ca1e33b9c44900a29afd674dee

SHA1
f343cdfb1fe6c3278b28310651a283bee576106f

SHA256
a5678c9da9587c5f1c4d1500a08fcdb6c34f8988fee5447964247e170d147f41

SHA512
ef6557497be44095d30639d8902e52fdbe1161a0fcf20e6d51e3bec6d5b4ffe03990237b1466dda8aa83fef578b1b76370a59d78e524e7410696396c1ed830a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb5befb1ca7adb91432b4d361d0ef1a3

SHA1
b226ee1c2abe3fd135c639218bffb4c8249b6c31

SHA256
c1364c50ecb3bac0ab82aadfbd03a06d639bc0641dc316f51fc9149af8448f4e

SHA512
0ea20051c16566fa12cc64f31fb19728d3b8d01833260aa5033f2e6584780e5935e109491203d7ebf891ee51b218a37f9977165f37cde919da7fb0e5eccd792e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6a768f47130d68a9a17291ce5bd7633d

SHA1
7283fe323782324e159cf6a38a1a2f4773aa03d1

SHA256
4fda7c38f407e89b54c473de71fa472cdd97298d6972b8ea8caed78d158f6b5c

SHA512
e50823fe341d5c93a5c4b598dc0100e609c25ada3428a71d7afc5dee4f36e176021e9f74d941246e2ef86b19901f957dbc09599a3cc36f1555f708c9089cadf3

Download Submit
C:\Users\Admin\Downloads\Borat.rar

Filesize
9.6MB

MD5
e3b10d235c365ac49d6855df0432bb76

SHA1
4ce182c19796cf8d4c017fdd8fd4b390de1eac7e

SHA256
53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1

SHA512
bb91a4bf979516c2a19733772b4c34b09b45efbcec491f2fb62adde9222e6306ce32a17de3e6f9b3d7338a93f3d72e4747a23157675663f00e9f153bc4ec4704

Download Submit
C:\Users\Admin\Downloads\Borat.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit