hxxps://www[.]mediafire[.]com/file/1tozoldls8f6c1v/test[.]zip/file

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
07/08/2024, 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/1tozoldls8f6c1v/test.zip/file

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675411368431507"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\test.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3736	msedge.exe
3736	msedge.exe
3352	msedge.exe
3352	msedge.exe
1860	identity_helper.exe
1860	identity_helper.exe
1464	msedge.exe
1464	msedge.exe
3140	chrome.exe
3140	chrome.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe
Token: SeShutdownPrivilege	3140	chrome.exe
Token: SeCreatePagefilePrivilege	3140	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 2616	3736	msedge.exe	81
PID 3736 wrote to memory of 2616	3736	msedge.exe	81
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3320	3736	msedge.exe	82
PID 3736 wrote to memory of 3688	3736	msedge.exe	83
PID 3736 wrote to memory of 3688	3736	msedge.exe	83
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84
PID 3736 wrote to memory of 3308	3736	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/1tozoldls8f6c1v/test.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80aeb3cb8,0x7ff80aeb3cc8,0x7ff80aeb3cd8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1732,6852454087891486787,14434664125777886831,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1944

C:\Users\Admin\Desktop\test.exe
"C:\Users\Admin\Desktop\test.exe"
1⤵
PID:412

C:\Users\Admin\Desktop\test.exe
"C:\Users\Admin\Desktop\test.exe"
1⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffa59cc40,0x7ffffa59cc4c,0x7ffffa59cc58
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,14081264996070685896,2458671450883170356,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,14081264996070685896,2458671450883170356,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,14081264996070685896,2458671450883170356,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3040,i,14081264996070685896,2458671450883170356,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,14081264996070685896,2458671450883170356,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4404,i,14081264996070685896,2458671450883170356,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4384 /prefetch:8
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4544,i,14081264996070685896,2458671450883170356,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4504,i,14081264996070685896,2458671450883170356,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5060,i,14081264996070685896,2458671450883170356,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:5700

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
59320720bc5fdaf516159cab88923f81

SHA1
e0c3b84f85ee8b5cff66edc3bb7daaeeb28d38dc

SHA256
b43782ec58683835ba69c98e184516e6648ce2bcd7a34b2592a942596ef4dc4f

SHA512
73792aa589f7175956d1b8bf43aee8ec532be427bbe32ef2c684e8a6b5d26ed905e223ca93554f03473e98cca09689cd185fd24753f51d3b02604e75fbf37b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e28d0e5fc0ba750b1d092e1342110c35

SHA1
0b51d4695a854c1e44c716a35a5fc9f589561eb0

SHA256
3d244238006f055fbcb9a330ed9264e82563cc1aa8be353c0bbdb88bbf3c4943

SHA512
7fc09c7c01d53a9ebd5187e0ab6442a1e0bcaf8cf5fe92356061fd3f8ef06c47d7cceaa466eb682e5c2fb7bd285ab8224d32df7d1cc1fd491da74ab729efc5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
268aeb3ba2786ae01dd28533cc281aed

SHA1
8a2734493685c755d9b0762f8db421c7bbce9935

SHA256
f05e2e30ecbf45ce024cc3e4aba794c924c4f3d6a091b83413c2cf31a1795224

SHA512
f0cbb935db71f10289527d1d42b7cdefb8e7861a5e24dcb35a2450a5412fe55b6af5920f8240f6034965a32afc63d83293182120831dd1ec014eb2bc7a9690a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d33aeb7fbeb4d12dff1e8055c401f27f

SHA1
18e147031f35edde1b1e8ecc505c96c4c93c7f2b

SHA256
0278dfc7e6a3171ae048b7845d9d4a55fd805aa32f146b6bd95fe28d996eade0

SHA512
329a0b181469c41f3dfad46404b71ab6365ea95959f1c2cad71c189ae7052976f5c5a36748166a7ab3e392e52e2d7c61b00f5f944d2be9f0db9afa7756ea5b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc48232313d9e3bad764a92b4bcbd790

SHA1
d74e6540c983562cc54c38891d2823fffefb1acf

SHA256
bdcc0b4fcce5b1f11242039bf944e7281da72f2e76d4f2b9f3a610212d0bb976

SHA512
102570c1c1f40bd1f20ae334d201c872fe6e0b663ce20afc8792be6fc1c95a89f9966feeddeaa82a0ecd2ab92e1b95b6240585e4451c1a1ef286d325a6fe5fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65adceeacb0ab27c05c41b136fe25597

SHA1
5409c1a2f077036ddafab701f26062bd2d365957

SHA256
551868f59882b3ab4d8fa0c9b611127b975a5a18463a84e65f7faabb2e57a926

SHA512
baccade9beac5a82651d8111b5993b52e932e2b85ebf9cf8671dccca91d4dd1668cb604d158393f500b9cbaaaf9e1343c837b97ff48c02f1a0e423dbbc0be1ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4647a00a3008fa991377984ea0b59ffe

SHA1
4ffbe7dac1c31d9c2b073e91596c1cba4bce3e96

SHA256
f5a9c28a2f6d346297e770d4102bff49a6662f1b58ace12b410ef4fc65305533

SHA512
326038d9564bacc6ae5f00ae32c436fb7b404caa8a04f4790540cfebbe3262f64f928f863e4fd60cd15ba4e70b28da9fd60fc7c89c9b2338f6cf0ac0f5b0daad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40897ecfa56063c7e3d308338672ff8d

SHA1
94601b6a839cb51b4c3b6a472c4f956e26faa71d

SHA256
a820be4c86f8d219670f0713459a0c2a7f23f3472cc35d77129a2c4c1bc3bd15

SHA512
69c0c55e15bf350cd791907fd198a01cf886ef18258dd22a246061e78260ab8e7993bc49d9ed4a34d09c829171f77b82c60540819e4d5d5cd93d2538faf5656d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3481e9309c0d41079544e218eb3a6c7

SHA1
47349673faef10a0f094d734e1c39dc4b8ccf32b

SHA256
a5bafd7244b230871acb4f726075304a5fe99387b752357a34e7b57c8ccbf732

SHA512
c256539924f464904d01033b77fe50e97d79a08122bd11b191e7831607ba17def232fa152843a134821ca27b5d03fd2d6107513bf46158978bc9063078712779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f727a0f00d25fecb66a977603bdf0ff2

SHA1
ad98d2aece16bd280b374b361e321a78f81c0bc8

SHA256
726ef6c472d2f1ce634deff0fc0d8c1471a6586869f636d911efbd665e804af8

SHA512
84598e5031339d5763bc3ae8a690cb98c2e9bc76826da81c8c383198d632a88a22cf256ddb14aa80f9d04afaca64507c3b94b12833f3ce6f60fa6112cdbb7fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
b6d69b94e1ec78d0efc99d9bb7decaa5

SHA1
e07ba055cce9c264ff2fe016dc047010c69d46f5

SHA256
57aeae0ddaec0982d57eb21115f9f94a330f59def5f66715254082c9e0a4857e

SHA512
64b078eff1afffc0d5906bafae2d9b7d8ede20ebc8d0a950c476c0f82ed81220f5cf9f04a7f67b0779748b0c6cf4000cdab04c36c5333a08af62c74ecdf22bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
7f50b7f16f452040e7b76e246918bbb9

SHA1
8b7e8cf7c4405dcd765533af889d5204b17a28c8

SHA256
1a6ab2b59ec6d42346af22c240687d60e7682c96f3b76ae6f04754e64dbf6a2e

SHA512
7d7e0811e6208837f5026a27383337b87a90e8de5b91e77e01790693bd4cca66ce64084781728509b7fc6d5001a16d94adcff4403c92bddb53821468a70147f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
6e0e636bae8546072ce58a245e1f8046

SHA1
4f2f8ac8b4cadf699f42d1402c7851f0b000d398

SHA256
0fcda972fa80250a5024da1a7f36117fc6eecd677104c269aef1f9ad00a826b9

SHA512
79d8839db1df462ae261b781e363aa0eccbb7114ba204b768352c50506db8c00fb26340eea58195b9d052bc655126437158791f014b4fcd4e8969c2e7ea44731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d19cfca1542ae9d4efabfccfba6ffe44

SHA1
86b9d5c2fc39e0508d142d0a8f7693325e1b6696

SHA256
7b9d699beebc828bad29892dcf57f87aed2865fd711843ea694317cb9df9da0b

SHA512
88fb4df06381f65eef744e90a5c7dcd7cfbaf892f7d9f6b1a310645ccc39526c6b985efc3f4ce3328299b736b0880e58731a5c55f83b88558cffe7f265ceb1a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
83f320e3ddcf494f16a0afa7719c0177

SHA1
6319b1cf066af259bb20f32351eccf55e7a3b0cc

SHA256
840940d905738be50ce06671e2db733cb3fe4d407c79c5bb90450a81846ae37c

SHA512
4f2512fa36d7a6c78e6de817daccecdfd5a35c06bb6db28f93bc879ae24bfb586f5e8cd3962b74582f67e4ea2a06c74e005f3d78d789aa0bd4ae84ceb57dc01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
18e21c1ee920d6341ea33c1563ab3019

SHA1
36e45ca5523e842076bf851f930e5fa7c5d3ca89

SHA256
50233612ab2c118f569e3dd56794c576f7881238521b102c997cbb78d3baa2a6

SHA512
311f33b107b97ae1bb0119f79ba29c264346bd9cc97bab51d6149d763d604fcda44c15a7a2971848f022341fc3b0660a935592e897375088213de5350e9b6f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a94974cb51e612416199d8d9c21dd463

SHA1
27e619eb4a10562bf72528ccf403f3dce6d47097

SHA256
c379df0d9363d45d9b1cfd511cfb4c7d5c4dd681717df31694c26e098ed644aa

SHA512
8034b24120c480962781f22eb9e92f302e208cb5dfd6416689d48919704d8ec1766fa979df3a3fc00276a7e13c62e3ff903bcd00fcf2730fca82f779ff416f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
676bdc4213ddcd7cb957a549d81079e9

SHA1
17fd1d5fcf86fc03544c48664b2cb365c8c044b5

SHA256
0ae4eaa45c6944db9a8e97932c6f31fe9ff505e9ed1c504c9b9c3955cfe39d3d

SHA512
7c87616f8e60589dea67c96506d3d25dca5a1448d519f64ab1fd187e1dc69ab9958db29796b80f5adc7eac27adfe3ceaf350e13acfd1d946f93306e6d1ee9f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1907d6b177ac085d8600bdecb47c47d8

SHA1
f3f1d27b503609a15a5b4841fda5d769de2aad71

SHA256
9ef628cf7c19945652f4fd46f7cda28841863adb5500bf52408857e983ae182d

SHA512
56301e33ebb26f2a415549112774ffd697a79275ed7a7ab1039e41ac62091b3610d6d8f1983995718df61c06ed8b2581ae666ce1cc96ca666c20fb6db20ea1f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
41d742ce74954a846b92b8c7743966ee

SHA1
180201a9dc468ecab0f74caf4157ba2ade63799e

SHA256
00b5b828e8f9057d48f6dfdf3ea7d52408e1a5f257e2f8590d242ce337767a79

SHA512
6e20fe432b43dd0f23e298b310c34b87f595879fbf8b1f781b23d1a41621741a63e0fe2a5bc333774a7870a8559adb7ac0461ad7a649d413145138ce4985dc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c85c.TMP

Filesize
2KB

MD5
53d7d6d2edd17b5b1a87fd4757c31f5f

SHA1
65a15398dd061c69ee4d17cb64087e2d6658c6ea

SHA256
167ca0ea69cdbb5ea8467f2bb16414503c59889e735dc926147c1a1d30a224ab

SHA512
e78021c95a5213db838645b7dbbb7529a262068b3ca891eaa2d08944ac66376f42f0d04cd2de2e4d25eeba36e37e3fa001e58a695a5d322b8a56e0e3118d8a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
86700a3951ceb0d1aceb7e6a026ab216

SHA1
c1ad646b1e0f0925e21c4d03ff673ca85260cd6e

SHA256
6e6686cb1049414ec88a73051a0912682872c6d8fc5266f23b76f00105f69c91

SHA512
8297d852fc9410d6647a468c89d86c2637655f93e4c4cb34cb3c00590c181c892356d5bb79ca099c1ea62014abcf82be51f2543f67f2b775ac7e141624bfe878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5eb8fc98882f586240f411b6557e0814

SHA1
a629628565ce7148029f691f004bfed2473fdcfa

SHA256
92ba4d12982917275d0ae6978b9b55ba2cd4803869f0a2c66f67b867a6183f72

SHA512
2a726bfaf1832326a5f85b7aacfce5ead6de4fcbd675109dd7ecc1dadcfd6120a162218cb7cef78dedb6188d954d892b6aaaa9415ff16e90bfaeffe10326b0ec

Download Submit
C:\Users\Admin\Downloads\test.zip

Filesize
3.7MB

MD5
4490aa817cf7feff8c89ceb90ea4d565

SHA1
45ae464ee838f26caf27663430ab8bbbe3cdb512

SHA256
b45a9d18aca8fb231e8fce06eb6a2e40869c8ebca473b0904904eab9952bbc0c

SHA512
eed1f43d531374f0c163565ed987046804b8adb0d5a8ed9869df5dff2345decb658598736741942b85f08e53948f4e604dff8ee0597fe202c6cc93f874aef7c5

Download Submit
C:\Users\Admin\Downloads\test.zip:Zone.Identifier

Filesize
66B

MD5
91a932dcd7bffe18428528359af8f18f

SHA1
bee30924f7cdee4b6332c7e53726c14e0e5acf36

SHA256
467b8610308d08ee1a4d30fd9ed93e238352b3020d19a8417c51df22eed98b3e

SHA512
0f2e141a64a55088b078d789159fde7bf407ebcd5583528a380cde89f573b104c29045dc1dd923fff562e4bbf1f710443a2ba5d617292cbd625030bcab074fc2

Download Submit