hxxps://dl[.]dropboxusercontent[.]com/scl/fi/aihkutsoiyhu3to98rfeu/[.]rar?rlkey=a555bfxjfjyg6hq2i5bzmcndj&st=i170g4xw&dl=0

Resubmissions

06-08-2024 17:54

240806-wg178swajr 10

06-08-2024 17:17

06-08-2024 17:01

06-08-2024 08:46

06-08-2024 08:34

06-08-2024 07:19

Analysis

max time kernel
195s
max time network
484s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dl.dropboxusercontent.com/scl/fi/aihkutsoiyhu3to98rfeu/.rar?rlkey=a555bfxjfjyg6hq2i5bzmcndj&st=i170g4xw&dl=0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674069800414427"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000624c7b65d7e4da0126c177c2dfe4da01a11740bcdbe7da0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Documents"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{6297388B-E340-4885-8897-991FCCDC8A30}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3340	msedge.exe
3340	msedge.exe
972	msedge.exe
972	msedge.exe
4512	identity_helper.exe
4512	identity_helper.exe
2340	msedge.exe
2340	msedge.exe
4128	chrome.exe
4128	chrome.exe
2444	msedge.exe
2444	msedge.exe
5700	msedge.exe
5700	msedge.exe
6012	msedge.exe
6012	msedge.exe
6012	msedge.exe
6012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4396	7zG.exe
Token: 35	4396	7zG.exe
Token: SeSecurityPrivilege	4396	7zG.exe
Token: SeSecurityPrivilege	4396	7zG.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
4396	7zG.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
5700	msedge.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 4448	972	msedge.exe	84
PID 972 wrote to memory of 4448	972	msedge.exe	84
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 4400	972	msedge.exe	85
PID 972 wrote to memory of 3340	972	msedge.exe	86
PID 972 wrote to memory of 3340	972	msedge.exe	86
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87
PID 972 wrote to memory of 1464	972	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dl.dropboxusercontent.com/scl/fi/aihkutsoiyhu3to98rfeu/.rar?rlkey=a555bfxjfjyg6hq2i5bzmcndj&st=i170g4xw&dl=0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84c9246f8,0x7ff84c924708,0x7ff84c924718
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5815628814252575252,17698498412767742228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3928

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\תמונות של הפרת זכויות יוצרים\" -spe -an -ai#7zMap6838:118:7zEvent7977
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff83c03cc40,0x7ff83c03cc4c,0x7ff83c03cc58
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,3108189983823545442,14237724203968162464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1976,i,3108189983823545442,14237724203968162464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,3108189983823545442,14237724203968162464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,3108189983823545442,14237724203968162464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,3108189983823545442,14237724203968162464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,3108189983823545442,14237724203968162464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,3108189983823545442,14237724203968162464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3468,i,3108189983823545442,14237724203968162464,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:2396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3192

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3860
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\תמונות של הפרת זכויות יוצרים\Support2
  2⤵
  PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a0f260ab9cab15c795311c630b0cb6f2

SHA1
39be01dcda40d30617fdaa27982307ab548d829f

SHA256
9dc8af8d48fa7b5e1ef2d87feaf1e104386880240d111a2415a527ef0d278d83

SHA512
9c29c51ea17e48747ef268685da5d69ae798af88499bd013d04883442e5350b7c42badc8e443f963801f902e6a79bcba06cbb3e76764b602a452030e6ad25ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a5ec798e0ea7faee6a51355f0472b7c0

SHA1
49064cd1c427f984e32589afe723b1ea73eea371

SHA256
eb77ad4d6eacbe090ddac9a4f64765d0f61fc8463d820ea5a80548c63f1cbfac

SHA512
a8ad4cca7c951659179ad6fd05d616b6c2f42b50adbdb68b7b062ac491fe6357d76ab2f4c3b28c051af15085eab159725af4395eeee5a4c4e38ce98598acadb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
68f18a52dc35912ad26f7e5938f7c563

SHA1
400605367684508c56b2fefba1293ec1c84e599a

SHA256
aab6b507fcc4793f73f70cf264a4001296298143fd818ca52b6c563af9165d1c

SHA512
88f29660b3059864806eb63cc3e26248932edd1a68e45d719436383716a2192eb31b56588a9fdfedf513ddba3a01d9eb508f68fd5bdbf25c37c8fa6aa041592a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
594d30ec09e474f0a2f8eccaaad3518a

SHA1
ca99e1d1b88a6f7a9eb279e6212192b75cee9ef7

SHA256
74a94fa6e0e315f2bf3c10cf72c52f19702d47925315920e0b2b6937bc8cf77a

SHA512
d76ab07529278b840dafcfd3188433348810d04e50fa45879a41ea28f7d94b6a60b26f199fb0a44692a5b8b0fa211809d53dfc7c2e873387938c0eac3bf524fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5f443488b0663e20151587f81e78b78e

SHA1
c35c45372f1af4fca7e0991513c16daa14b13efa

SHA256
3c01e18102b8b9e0d249583f42f4821e236b4366e7e594dd9a4b3f8ef43bbe2a

SHA512
59004d1feebc393ea55b7da1c70a6fad00f70646591d7cf00d85568d9c1c4562f19e67cf7be6b027c238ac8dfe9790e0e510a58aa76a6b92894f42c896b9e13f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
737f55f6f9c170b70545142e404a960b

SHA1
086472f7fe684c999e7c54cf9c0160ef2341844c

SHA256
f400690f9a71a35db0842fd129d2e0f4cdb06e380f3d3711893f866dcdc57d27

SHA512
1c60c7de8d097a749f6ee47dbe2570a6d3b1178274e673cd419970f254bf1c9e547b0675f667b06da58afcb8ed31f8e0a784702310086a199a53eaf0526500db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8728cd31d68fea2ae33da8acc13fa34f

SHA1
25e9f5e5fc6f47bffba76c6a7b79164ce303c791

SHA256
d6c3efab4274f6646135b001ff7fcdc3b94951ae281392573da66a0c32b83ba4

SHA512
ecded2a71171f79098ef580f2d71d861aded73f3495d55073a5749d57b69eefe9b99da283459b89be26d447fb70287887a48e7670bcc31451485d36227b42898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bd540dc83f742c6d3ec6c86caf8228d8

SHA1
9e14a15fd539737835508ecd682e92b5eaa6eb31

SHA256
2736e02036856a0bee0ad25a0af8313a5671f135ae6d06339007f965e4d70607

SHA512
f0ce5a2cd1aa9b17f34e11e07bb73fdee887e243ba5087a2e29fe4117c94562de6641cb6610ca08928af4fa95323b07695bbb1dbac9282c3f4d75bcbdcaf3b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f93a9a0dd6b73fdfc8a9cd4be920be83

SHA1
e01b117a7372721a406835c59f75dd6ac02a74d5

SHA256
ec45d8d6fe5e36e8c22c6f2ffe81b91d4a7d6afdba5f2e2c8dbfc9b9642e4a1d

SHA512
c14dc7d75c4e86a57cd7931640fe3cbcda8bd9c2bd44e13635077373108cb014f32ae7a3d13469f456d58159cc358ef46dcf868465623673e8b8a74c90b7a031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
d9705c56bcc7236e6d36e1595e97f684

SHA1
f93c08934f7aa4a07b688bbb8320861ba63a57dd

SHA256
3214f90aea976de2ee95274082b68062aba72e50b7d982baf6982ea1e0f53058

SHA512
9ffd55acf73b3e2eba0e9c0f0441e73827849d66596bc65bb8ac6d833ef4cb787cd1472be4e552bf57092021530cf98538d06b848a2da7ca559816555e6766f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
a81d3743b34cf34b406aa0a1162b5ad8

SHA1
d8203a82546ce56f0a4f13a10c0169de91c831ee

SHA256
d3c98fc8c94e4827115956d604683d25560c8bc0495e7b1cd9206ea7380a19a6

SHA512
cfdb0c9e3e17a77fc82648a54335773114c15376f07eb223db283794dcf1b174a0beadaf9f8d98340e214e30f739eda7589a0d57999b80fb78fee783e3f1f8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cf3221c2c8a2026d1daec6d0a8df4ad3

SHA1
229dc95e3c2ed6f2130cc292b990c2af1db25b17

SHA256
0c117da62d5d03a6a015fca5e534dc35abb2f65b0dcd5ecfd9d0acffa681652b

SHA512
16d5ebed32b9e06cd9447f8230a061bb5f7156a3defeaea2883c2d721f89a82e7307f2322011cb9866007c30203fb2ec3c389e6142257a9d48f7fff04981cdeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
193B

MD5
1dfaf06162f2bb11e554f9968225e5ec

SHA1
ea3554f790f5f573b8e62ac2045a94247273b5c5

SHA256
a666b69ce1af44db8cf8fc16aae37807cd5d33592a5a8dd80a92231a28e457c3

SHA512
a43bb1e6f9f7669cd583fceec8e948daa25769ed57546ff932201ac26307dd26a4a584201f31118d38bf99d57344a3fccc0b8dc20bd6106a7b3724b2f064d464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6ae14758048acb25a377c395f3571dcf

SHA1
98595984d5d1b3c2f6f8c76a67792473df0246af

SHA256
efd997e7b23b0620241e7dbc45761d21d41ad059995c50346bc3def2e9b3001c

SHA512
a8a53ed56f2cfb917ee60dae2a638e2b8a0e3fcd5e8d2783ad52349e44db037fbdda5e33d7a1b01a102bcd03abcceb078337eca6a15f0804b839551230a117e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4e8322124d33299929bfe557ec979d9

SHA1
6d0a3e1f238d5f29bfeb2bf13f79584fc182144b

SHA256
7f7911665726b4f12ea05aef192a51b88a78f9311968837e8135b0bc505875a3

SHA512
41d1f21be7439d2cbd986a0a064c722409dd4ab94b10f517927bf1d20f994edb7f4df4e967f44bc5fc97b60682edf2db73c1f475d5501d71accb90b2cb9cefe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61d9a62768cfe6445a7d13238a58aafc

SHA1
17da7bbdcdc5e46b4ecf4e000bb69fa0a285b722

SHA256
89984cb4e3deeabdefcb235a634186f6cd90104b8e5f0d3400d7ec6dc1006fda

SHA512
c11a55c44be46e8a205be2a59d80d886c8cb20da67c1b028972f3f2bd4d48772178a2c46fa6f97fa29211240cf21283857837f16acd738174a82a7458fc7fb56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f5f3fca28677eae770fd1b87174e7cf1

SHA1
2f5a5df88611a09db3c6e405e5b58a1f34be95d0

SHA256
c6bfbe57f1afacbb8140565ccc9c86219c7da774d89dc7a3aa6297fd95306030

SHA512
45fb806e32a170f7a1975233ae1a7460c9b5abe6812da8f816a37006d7c8fa6954df8ef191489585111d713533f72e7a44b3ea44732e7bd184d710dc631c0d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4f8aab1574cb5e8f5613bb31641e2726

SHA1
2ea50cd4a7ef7e7959064ebbffeb446e1bbea3f7

SHA256
2b66b44b6a11b18ccf40cc6a89490864738ef35817661a9cfc5d2ff29b363adc

SHA512
e7045527ae64d3add0309acf2ca9eb8e7be1839b34bc1274a1574bd8b70e1852c598d32a2529a5b9420b0cf8e23111b648198f15bf60d925550638f914f6cbbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c980d4704e5b784bb277f95fce8856b6

SHA1
26a029d7f56c2304674a74b64a8a90d926b2673e

SHA256
c74e95cc1e5b210ff0a6414efcaa209da3e0cbf62dd063b2d2da2f57a71f4eca

SHA512
6600d6044324a3377e459e5a4de4aa52373584e118507dc69a9927c1cf4319b5c34f1169d7a2e001f75320c5d37d4a352f61dd04ce6c94a1e394fe7e86c8bd9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f4e355ac2f9aa37376e9dd2e52abc927

SHA1
7d03e43eb976bad4bffb75e4a3c7126a6bbf1821

SHA256
e52687ca689bc660dc6e4d49cc2b2c1a9c24535b1798565460a3829bf7d0c393

SHA512
3daed11ba4ba5b814ddb15de925bededacb79246ab1bc923e3b212821b466b5c788a45cdda21379c9489a1a703e38725fdbc08bf0a159687a797a8f8bed9c1a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59aabd.TMP

Filesize
48B

MD5
169e94f78b04bd174d1edbd9df2f0510

SHA1
c9ec6143da1e1b06c507072c226aa8d02e7f1e23

SHA256
cc0ee761e4f63683e5fb1a7abbb2930c52b08ba474337c5c5838541a915097d6

SHA512
e34a285349e7c27022e46db8cfe50e76efaffbf5ccf1610364827aba57c2bf73425cf1ff19c2f9f0490441637d25a36ca1f25faad8f74fd096ddead23aa968e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2105d1ca518f62f7453240b240bbbc83

SHA1
6adebe1689109c75e1ba8125daaf94e23ff256f3

SHA256
f2145d2721a330ec2ebe557881e0b2bc568a12e2261d7e91b564c0d8266c95a3

SHA512
de2ac39415206a1ab7b0f6bd006aeb79d82466d5f2716d52d69edc374a4e45dd480ff35a77e12cfc69d602a97c8ec799d735a023f5b4ab939fb01479977979b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5965a6.TMP

Filesize
203B

MD5
fb241a3a333bdbe47079ca6cb0e11b90

SHA1
d7983e2ad62485680799e1b54e34191e503c3fe1

SHA256
5fcd69e562dd35d3d3f3e2b7df1d1755a3f9e30b00e1af4cb77be57d6c1a614f

SHA512
d92395aa3512fa982b3d24d2377dc55a9d55681637645f41065e75babd5c81f4999d0b343ff11aba5a505a6e99b246b8b54d9685f9c65b27b15789c8e51e9139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
24be7e2c7040a3ccf4893c4d953a0e0d

SHA1
9bc4aa7a8e52971867aae00221e3edf14338cd63

SHA256
34e615176f893ee311057d82b03e110aec030f0e007f10f343121db308afddd8

SHA512
177dcf23420bc79013a5efeb9bc73d3e43366b171859d0a9a3f02418b7df19bba3076ef7028432b88c731c1fbded9d2b386cad3ff395f7739ba6f4605c174323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
30c285f02027d9529e465db5b52817c1

SHA1
b43698819be79276907b41778f3f503ae16e7ca0

SHA256
becf3e8d871debbc1f30381b14007055ba8327c7360c82a9bd68de0f4ab028b8

SHA512
897ddf979d976fd4ffee944fc7876e209d1ce92d41f6e7de611128b3123190d4ad1eaccb301524c2fa10a7da9895ec1d8ad9b12b6360c1f5779508160e71e4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7a8436b8a279444378e341b088cab544

SHA1
79c27dd78b39d7e4bd55ddbba8fbfc1155d566a1

SHA256
e5646cd66fb96c74296df259abba42ad65f28b107a9470d980eb028ac360b51b

SHA512
58b8a87a6d2f4b65964eb0b4ee566833c6fef4d89557782f76cd55ea0284291e5830010af1b6eab85cbcb3b5b073db8a47e2681d79394606e37c8fd8f07b0632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
b3514ebd151806933ecc5a517745e885

SHA1
a4f56ea8ce3b88216bf9126b83b86c1248d8c33c

SHA256
a1f1dd69251d4dd272e6bded0dda59af5b7897b83e96d40ab499a736e3311d38

SHA512
c040716572a05ee426bb43dc7e4e3812c1cfcdbb8a2bda20f5b6d55573ad8552651f759976c5d4b0b3691e188cf66b4a0cc9af611611bc72b662a5e660726ac7

Download Submit
C:\Users\Admin\Downloads\תמונות של הפרת זכויות יוצרים\תמונות של הפרת זכויות יוצרים.exe

Filesize
1.7MB

MD5
30307b319b2451b6bf61d3e6b232f1da

SHA1
6a512848872be1325761e7ca110e0a1ee91cb0ef

SHA256
a7dbbad8a1cd038e5ab5b3c6b1b312774d808e4b0a2254e8039036972ac8881a

SHA512
7833ecb30a75324af6852e3583a609a653652f3cda9037ace7a1098ce7e52ed4b994c5ff1a0a0b4db748a01b06e8d4b8a10a50ebb9c0d4fbc8aa12dd1168f0b7

Download Submit