hxxps://drive[.]google[.]com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Analysis

max time kernel
1150s
max time network
1151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
5240	winrar-x64-701.exe
1316	winrar-x64-701.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{FC844246-3C0E-467B-9830-820976CC5EE3}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 826856.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3840	msedge.exe
3840	msedge.exe
4108	msedge.exe
4108	msedge.exe
3644	identity_helper.exe
3644	identity_helper.exe
892	msedge.exe
892	msedge.exe
5256	msedge.exe
5256	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5240	winrar-x64-701.exe
1316	winrar-x64-701.exe
5240	winrar-x64-701.exe
5240	winrar-x64-701.exe
1316	winrar-x64-701.exe
1316	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 2424	4108	msedge.exe	84
PID 4108 wrote to memory of 2424	4108	msedge.exe	84
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 4872	4108	msedge.exe	85
PID 4108 wrote to memory of 3840	4108	msedge.exe	86
PID 4108 wrote to memory of 3840	4108	msedge.exe	86
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87
PID 4108 wrote to memory of 2948	4108	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85f8b46f8,0x7ff85f8b4708,0x7ff85f8b4718
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6676 /prefetch:8
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5256
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5240
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9134353647911708717,8635572639798722399,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8f229818-d956-4874-9590-254822d3f51e.tmp

Filesize
11KB

MD5
9c2d73253cf4903c3bfbe4b358b34924

SHA1
47e96d33f3351501bb24f19764299fc11eb07b5c

SHA256
c82e5c0b14515825be25a6c3549523fd006370979ea2d0ecc94e4f03d376750d

SHA512
4bfd28921b41cafa6d15c91adb2a4c71d5e667315ccd9ebb4b59c04782b1860354d6715d15e4cafa7dacaeff292cde153430660e03e9e55a95d4fa4109b0cbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7a774a1e-4028-4cab-b22a-5a6e9c0cbbe3.tmp

Filesize
5KB

MD5
e54ded323dd410ea456f2d484706c0f3

SHA1
11f9cec2b8b5b0d3006fb7f8616231c6c19e790b

SHA256
6339a158dc2928add486f0f2b369f090fbc37d351b9e4a03a08324e2d8423eff

SHA512
cf24de9b35b0b1a0ff9d99f90b78627562b5cb0ecb060d8db4b796c69781925f62a7e85bc5c0bedcad896dd1370884a59cc8ab09a7a922840c9b63828dfe3356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7eb3f8c5-c444-40d2-a71f-8fdf068af880.tmp

Filesize
3KB

MD5
b2f4d7f7c1469a24c1812d4f80062db4

SHA1
b9e826165ed08c5c5633188374ca998d6aeba0de

SHA256
e630cf60e5e2bbdb005a0340c216414ed3eec3e024b4c02166b9ff314bb82f27

SHA512
231de2db49ad746638fdcfca4427c94b81417276a4ebbe3529aaa464cc85d1591da8b665973007b201554132099c173f81570ab1692c61ae09dcb8d2eca4f2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
1.2MB

MD5
ae79a3e945e45f571fdf9ab94bcab4ee

SHA1
eac343e9f3660f78ea5e2f1bd634c8123f207642

SHA256
039c61c90725ad5a7422c5f00cc6d85ff2c57e3f7697b75ec57668e62fc209f7

SHA512
0bfd27261eae0cc6462b71fce73461639fd1b6071797b29e047b16940ce25e79bb50032c289401fef4a10d22f0b1afd801dc9d29e0dbc085486d5fdeb88cb814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1fc967afa3b5eb27a08d3bcd3d6d583b

SHA1
3a685ffe87e4b6c75be197e3b0dfd11478af0fb3

SHA256
3b80c3ae6fe843df222af201152fa264fc4ba1078bb8d580050b4d647c2c1069

SHA512
25b1a11fc82afbbe1fa2c25ac65ac13b51a3df5d5ae55d7c87dc3a863d1810a27aa36bf23ff0c6f2ff2cdfe4f8bf9b57a7c9fcda603806bc296193a750268e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7f50b21b112d46b7a46d3b1e5420addb

SHA1
75c4e95b68073a60fc59024a3feb60f440ed9433

SHA256
045a4a198239c5b4a21fce0ed0f0f75b3188829849688cca8684f3647fb36f70

SHA512
aa67943b76aa200e2111838603891c7bda8827345741c6166e7700257a886c99583bc9aab63d6aed9646d54c94858325ac9bc0efe0641357f207a462cbaecb44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
195e18556cb62b7d94ac36d648371d8d

SHA1
4826aa92d0def7e6d1c8d1a8454e83b600856de6

SHA256
37b2712b52ba1aa184b9e978c4c5b078e8e6aadcb5f3465937bf812f8cdeac80

SHA512
792c9a2c7834c3c667175403dfd68960da25c7e82c843f8bfb08e83ba2d8f5158c0f0b100be22c90f2272a19154507dc97b79d8f50e6138c22b4cb307a58eefa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d642bc37f25fc608ccaa7411a31449a

SHA1
d2cc6b7c3106528323c2d7fe3011484f2daa8282

SHA256
6b9860013305331c73f964223684bd5532ba1aa312c14895d922528e56220524

SHA512
c6b94d2e44d6f62065ecfd917757dd064ab32ebff4aaf383827dfa0806def861eee8313bf52da8cc00bbdd824fa54c02530e9543dddfba26466451b61765b682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
29067ab67422472e7ab1af5b8b683c81

SHA1
2d78170fe08f0e84a258f93299beea730526681a

SHA256
856399cc0ca358172e2563a54fac573ac5b6b98e37158f3f3118967b40f8ef9b

SHA512
ca994617be7b7ed6d7e928dcbcd3cdb6898d4589535aec8e340db3c70d0fbe12f880218e7d5a4774b78b293294916699ddeb982b4e4aa02781030b165597df83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dbbd615c850b3b7299807db37ad003f9

SHA1
26c31c2fdb21186025d84b5dd2fc22423fe24cdb

SHA256
7a667d5b6eae95ee347b126ab50074852ba5f862b99bc1d67c293304799580b6

SHA512
ecf2eec961accd1829913eb4b2d5575fafae3b366649ab1de3357216cef24201a3b6fcf3516a3041165d626fb0b49e74d9741209e2966664d57c31a8d7d818d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6cb9a7ad1bb68d82608f43259a37262c

SHA1
89e4318e3a0fdb57195335099db5c96694dc8914

SHA256
3912f101e3a872199e7f28067d1dd7127470fc378a224e8f13257d22f69118c0

SHA512
f65869f3a35c1c47b25d2c2f137f718e6bbd9765b55e302f638be6cc0f738a8a767855e6663748ea1f11be7d3161143eec7af5a34d6986d72ab03a61fe85fd93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1298a46ebb6fe469d26129d0a6906423

SHA1
1f0ec1efa651a34eeea32d6e4344f8c1fd7a2220

SHA256
345d166b76024fa2ae5e763e9005b1d512d27a527f944ff3d00ebde551368be7

SHA512
b0d86738d84c08a79f910be2de735a9d2ccdc63a0e441a74203b35b1224f56c1f52155f99e364c542f1e28f30ac2e46392c06d70412b44c7ef3836ff48f63e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a8ec078847a27069033f0ef9ee8d6c42

SHA1
fdd14dfc3ec16116da71e74747fad9df23541a4c

SHA256
31d85c6748659140529690b463c7974f07625ea7e27aabf69c97a5f7c2dbf225

SHA512
e3ff793df074362913a58e4c02401f914a5b669a8bbbed2e35e2fb7accbb652e6f47e59c9e33cc244cbe52c2f3624dbc99eed17603268fdd63992bad1fca22a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1a7f1aac781d1f7748f6d70a3e22167d

SHA1
dc15d6d151f58dd01bd9ec6e32723702277d5a29

SHA256
3462e001770fe6d027809f631345706ee5b5db26bcd0af03daf4eeee80cd3d51

SHA512
43d4d4bfdab115a3382618cf7129796d716a3d707a4b03defb7cee50f0192e37acb09ee1e011f8c537938597f6077ab3e07a6d81f6cbf8196bea96ea1a036f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b1773077617f6b4ccd18f11a69edce71

SHA1
750631c3ead19f149df82d7234230087bde20c34

SHA256
ff54467ade7ead0400e53271bad3927c1e4aa1b5fe48dc039022cf95e6fde5d7

SHA512
b125074f72ad33d5e9292225f6356f4049150ad5203886deb03e00130ef40ca2c626862307961c708c7649c219ab7bcd9560555a3122e7ae1c4eec810e264282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1bbfbe6d9113206e9fb9c97869c4ce5d

SHA1
dba7022476c63e81f999d6d73d008386a7c89e6d

SHA256
0c2ec4ca410425171d180783a25d50f3026a0b07ece830cb6772e251d7935a57

SHA512
f7bf91326d21e8ef135da85da328bb7b34e41181f0dc687a9502269f4fe055392eb8b8ac6f098bbc2271034f05c95b262ac74d9eb4f4ce8f12e5868b0b259135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ec6d1264083af62300ec9013a9a183b4

SHA1
920df69e6d5243f936d9487677fb47b6c330d4f2

SHA256
fe391a6dbd0558b5a3ee6eb39344685efea92142806851cc15ff910d4e47175e

SHA512
cda775cb051201e5b6bf7c6ffe762f8c29bb48de815a9f1f80fe5c757ee1e81cdc38aca3dd80e3c3a14fdeae5e830d8cedd571bcb09bd57a31f9acef7f0d5073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f613f3ee19ac51c283f77596d5f19d97

SHA1
623ce20792e62a86d0d7b40cb19be99cef3bb77c

SHA256
728cd1aa72758a006b35b85cf9f3f732fc3da519b50465b11c5146d1bc1ad5a6

SHA512
0e8a134df3c5adcff030ec988b8b849b7d04d37a697d54769e8d2313378d3e3f632abd6a125be3389b578f4e975b9b687bb85e1baf84cf1970ff1104f7a174bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
be52b1d6f3258590b86afd2b61960776

SHA1
5d1322879cb9c78271b9b955db117732163dadc5

SHA256
9a9ece06df6730b7b761cbd3dfe4ed8d2553b40a8ade5055c5a7e96d58cbd906

SHA512
c726069208464f954c65b00e6f9dbbbe8bf8d0f87b5c13d66493d43ae49feb43873e7dd9952312ea1c37d4a75780a9d2a5eeec0c876b2c738d0bd7873592d3eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2150af58e7fb18db2b537094140a747d

SHA1
e4da3ac40ec5953272a751543d779fdcddd3a5dd

SHA256
6bc19d5ae3fd653fb9c9b716768171e670f4e28258a27d5ed9b5a426a16db92c

SHA512
59896a82ca9f3e3da9c789fd517ae3bb5eb70efbe35ff49dbd22568acdef3bdffa55720f104501d7382ccfd04eea51514ee264026322d91b68af400a449918a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec124474b8c618b387b0c6fd903db2a6

SHA1
26fb1872fbca8366b9e740393de88b667608b06a

SHA256
5bde2894267429573026d6c696aaf8ff1a5dba5d0f25dad8ef9e3fa00a8c6b27

SHA512
5bf449d331f11cd71482057c1b859ba6fc73397f0a13dc13aba76dd7079acf579143861b092a4b94c071493440718d8f507cd3dcadbb5f5381eef3f8a7a67f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
067fc8bb4c5412505500f6961ffe5846

SHA1
6b1ff2a7e48fbbb0423ce7a319948efe8706063e

SHA256
9701ecb100c719b29c63c5a3849627fc91ec1cfa5488295ae517b7d953b9495e

SHA512
39b08411ef6b07c0772ff1b7875ff5bf13d225b915d9914cf3c3727abe840dd8260b02d343436c2feecefb97dc8a067e4136496f33057085e8cbae6a91f7d86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
23c9c3a91a8d70d824200aebeecfca2d

SHA1
e8d3973f46150cee4d44243ba93c2a2575405a86

SHA256
d5ee6ada8254d438e5b61a211e712f0dd864852ae8f3ac649c673214e32b6833

SHA512
969b1e148fed444a25d3af024baa5bd2dd10961ea25e154705ab81982657028217aa90f2781ce0d772610b484020465bdbfde6b7ee4f05c38216ed08ac00f999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd4f4c87bc03b37a81ed2956421dba9c

SHA1
ba5576c99d13bb7a42a5bc8605f79608f6e70b84

SHA256
c844ad28522bc68c5a29f5e8652d964e0b5b347af10936c8033c8602045222b9

SHA512
960052acc1f643c3e79bbf03dcb5e8602b72c5744743a4de32edb16e9cbb39f4d590201220c2714005687e13671c2d44501fae6f2059b9ec4514d2b4212a6a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ec0f96794fe1a0e0a5329f40e4adfa53

SHA1
0b3039ba283480bce6ab93158bb39ee051a339fd

SHA256
5e1897e8855f9eb7fa37b98c281aa1f63aefde2333286fbd6db3b39209a784f9

SHA512
ac0f742b6e641a146a823a62b0893329cf7a7bd1a86c8ac66aabcbff43433f05485287b3759f3ed6ad8665219e1f879ad4f7bf31a874be074c3bad3cb4ae8f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a047ff0e5901576d8f46efcf8231dac5

SHA1
76b8012b8e9627481375dea42396bbaf9c287016

SHA256
48da118494a32cd48a3178f7df1c4c0577949bda4e49bdd923007c28fc3941ad

SHA512
6ed785f5aef02219bb5efe28b8da367f5def4b8bf0627d5844fe66c5a8ec487b07e21b19025fb4d5909480c77cc9c449d3d445c8443c811fd53850ccd1045987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e985.TMP

Filesize
1KB

MD5
534c0ae0e2d827f87ca557dbe33e31b6

SHA1
322610e996504bc558b1c1747367c99d86cedf40

SHA256
39c12679a8146adc48aa4525f508b5b110dccbc069c105e8778da743cf103577

SHA512
c469e5e1e30059d563b9d9b160b442c54ca0fb957652dbaa0525db506356f9152e1c10db77b36ded9cb796e49660a92ae18cc1d3623262afe416d99294347ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
90c99996ed0edd36875c4d3c95edce28

SHA1
a59b131213d4c4167c9430460074185ac321c97e

SHA256
69ecf7128b9a97640bf3b40331f11cf9e90b381c4af526881f8712075d677fb3

SHA512
f0b530d8814176b72db2bcfbc595f4238f927d91916876b01c204e6368307d9e9be60019fccec7a39b6d26aae2a2a0ee903c0ccea2bc5296bf16d000d783bd42

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit