57cc7cae6afa102276b50bd702b867e08b26813d2205b0fc4b482f7bf891ac1f

Resubmissions

23/02/2024, 18:34

240223-w72lpaeh43 7

23/02/2024, 18:28

23/02/2024, 18:24

23/02/2024, 18:21

23/02/2024, 18:14

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

311KB
MD5

cea20f062ebb4e5df6785854fceeeedc
SHA1

7b224ce16763c893f95c408d42b6024aa809a5c5
SHA256

57cc7cae6afa102276b50bd702b867e08b26813d2205b0fc4b482f7bf891ac1f
SHA512

791a3f41c6e8fecce047fea8151ea218bba54634f770fdcebf52248c5ab9599e920cd3f581f0cf9c91dca1952767a4579ccad073544888ed3cc846b8c819bb73
SSDEEP

3072:0idgAkHnjP/Q6KSEy/0HgPaW+LN7DxRLlzglK8hTr:xgAkHnjP/QBSEjAPCN7jB8hTr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000_Classes\Local Settings	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
6004	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
2332	msedge.exe
2332	msedge.exe
2396	identity_helper.exe
2396	identity_helper.exe
5408	msedge.exe
5408	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	6300	7zFM.exe
Token: 35	6300	7zFM.exe
Token: SeRestorePrivilege	6932	7zFM.exe
Token: 35	6932	7zFM.exe
Token: SeRestorePrivilege	1868	7zFM.exe
Token: 35	1868	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1432	2332	msedge.exe	72
PID 2332 wrote to memory of 1432	2332	msedge.exe	72
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 4612	2332	msedge.exe	87
PID 2332 wrote to memory of 5084	2332	msedge.exe	89
PID 2332 wrote to memory of 5084	2332	msedge.exe	89
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88
PID 2332 wrote to memory of 1468	2332	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8e9f46f8,0x7ffd8e9f4708,0x7ffd8e9f4718
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:1
  2⤵
  PID:6280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9648 /prefetch:1
  2⤵
  PID:6272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9604 /prefetch:1
  2⤵
  PID:6264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9952 /prefetch:1
  2⤵
  PID:6448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,17449210156704810150,15370937674455680610,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6920

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_ch3t_Hub_latest.zip\psw-2023.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:6004

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_ch3t_Hub_latest.zip\ch3t_Hub_latest.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6300

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_ch3t_Hub_latest.zip\ch3t_Hub_latest.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6932

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_ch3t_Hub_latest.zip\ch3t_Hub_latest.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91746379e314b064719e43e3422d0388

SHA1
65f1a2b5a93922d589142a6edf99b5b35d986dba

SHA256
0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

SHA512
a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf8b7b618672b2da2775b890d06c7af

SHA1
83717bc0ff28b8775a1360ef02882be22e4a5263

SHA256
ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

SHA512
eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
83KB

MD5
738046917e62ea18b150279bc097978a

SHA1
9b940d5c332af0fd46fea784b9ff78e3820519f2

SHA256
370cee690fea51ca7a78308a3caeca539fae705635807012b7141919e3445ca8

SHA512
7f95d80c6a13a9bfb0e2cc74c1a5e03f89b790bacf786b5421f5b36889bf7e7853019d8216494a4bf175049f647866b56cb75c4bdb5c5eea67ae03a83b715d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e1768896d9c885b488ee4eefb0e1d0d1

SHA1
4d74c9d928d6dc40041b3debf7ecdae97208c019

SHA256
534837486119b6cb3fc311ac43388d3d8fd7fb798c4de55a92229cfc5612e667

SHA512
7f6474cb5e4f569709c13211b5205d18baba19105ec799a8608931886842d607d631fc5429a1b4673040f91e595313ab37e9afecf0746a4fd3d7ca1b27a24aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
a4c6e45d11aced94103d36b81773cdff

SHA1
7f435aaf0f9a2dd9f428de374fc34563992ebd83

SHA256
ad98e4ad1aec2491e84c92a26392be362d091d3bc71a00d6d2ca707c3579e925

SHA512
a1572bb51d712c78b7c165c865004b8b010974073150a0e4a18dcc10811e03b69c055960be79fe4bf65c733bbea56721fbe95fa20585f832f9ee6e853c0b042c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
67fae1f519d57d6af38173d8d6123c01

SHA1
e1fe567798d91a432a1d26612f24d64fec756c7c

SHA256
18613e6c6fd0fd13e12cb515ce1908927b9d807ee4a42681b142e6e68cdd6a8c

SHA512
c5746c3fa714b90e44c66fc3ab1cdf4f93a84daf61b8d0e3db753cfaf49f58ae8d3bb80bf3fd23698584cadfc5c5c24c80224a06fe1e40fcdffca67da052af3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
56f219df8d02adc0baaf13768bb3f809

SHA1
1ba46dc339b12df76b164925378a73fe5a9c4bb6

SHA256
36a34cc9443dd1d6e573f66b6c3e1d6b549d9b681ad2c4a6a93e36dde28eb501

SHA512
b214c96461e86d0eb94a6768c956bc20416c958bccdd1ec6225d32869a9f2f5f11237fdbc777366c9bb68e12e90d9aaf8d97a839694b002ac9591ea8c6376f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b7befba1ac2232b813b4f39084492eee

SHA1
8e3ffcfb94964ade9ed705bc6ec2dd8f4389e561

SHA256
cc064dfbcf75a7dfe7229bb21682057aa7817912068f9ed27a527835a3318827

SHA512
caa0e53f8fe819401ab262204a9847c99d4b6553f7ffe24088f06d1e6faafa6b620a94a65d83c8a29ebf4da4bd6341931819965abef276fdb47f3f7caf78dc38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2e876c9067b039dbeebb382d2a18816

SHA1
3ab0b974e293de60f0283b2d4f83c5af8c0daa3c

SHA256
5e60961b57410ee32b164b35c0caef6630a894f55a5dc3c7710d7d5d4c3700f1

SHA512
fb21c7c7030cf53f99055560819a062e48892d3236910d375614038cf99a8ae8b711d00cef3621a323a10b6d62f41766d52b5d6a2506aa7334fb443ac26a6aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
261cf7b251a09f01ea3d63addc6786e6

SHA1
fd3d463e0848caba73f5ca6a301e8815952df0cf

SHA256
d34c80b554461570484f03e2dac39b8c251ca852f198cb0c202bc57a41f5daf8

SHA512
c1524db1a576464066868bf72542f24411cd1656f01b3dc520d166f972e084fc2dc6f12f6794589223e14fc1a7994aafce7c9e5fdb9306fe4853732144e5aa83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2fa99d0e063e8a2b79b7a8ccd88992fd

SHA1
7793789f3804a091049e5fc25da4c270a8b10f67

SHA256
b975165f7e518c94f0453bddb60305399584002ab248c75085ba317192087c7a

SHA512
cbfd3088fd40179b335965d6580384e837e139b4628bcad5370cbd1a4cf499e12be40d88e3a435e3d8c697411a4bc2ea5f5a758609fe50980991be6c06bc6a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cb26963d6bf67e424f5cbb96024ecc3e

SHA1
0d70032ec28e5275cdf8f8619f1b7aea69b9bd62

SHA256
e12e1ba159e456a37d24f8a6fc2595e5f72f4820323e5be6e6b8c0954e84f79b

SHA512
f21454e6dbb2664bc6a2c6c8d3fa9d8b16d15bb838e80918edab3d887fc40bcea0661a7317a72cd4e7450de6d5332996fd0c3852dc7b8df46f55af9e9076e109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
419dbbca28300cf3302ccbf10463fa4b

SHA1
04a1af618a1b5e6dac291792f799a62438182029

SHA256
7e8ffea6cdb6651bc1f47e217feedd5d0bf15b8eb18c6edde05bde8441024605

SHA512
90665bdcf089a15322e5144dea64a3e0ff48779bafcd294ec96d8efcd2be16df09964d0cc03ee3c94538b2c960e9e25c72573a5567122a3d232b6f7a14947b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e687.TMP

Filesize
534B

MD5
e48609a495416c3884102611c63a467b

SHA1
de7c8e73ed8bee1baab46c4b7a80d53fc8a46787

SHA256
ad43254f8c7c13962016669710f959e61c3a6049e7e1227211c0a9fed9c3e11c

SHA512
399b1425656d982d79a1511f68268b7629bf472d76634485ade5221991256226f01980bac3f6daa7ca8ca00f389880b403cb2b2879c0b36b0db822435c503f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ebd669cf-5c32-4112-8e6f-aa5c3cef3bc7.tmp

Filesize
3KB

MD5
b3279e398284586cf9a6fa202c8ea1db

SHA1
f7bbbcc11dcee21146d161c213d8133023b6f6c1

SHA256
1971ede39ceddbb7d8add3672313c31bcfc31fd3a4e85aee55760aa9017b85e1

SHA512
9614d17f708d5b90cc1065f0ddaa9fd4166a9426c5ba5d67e24a3508a7fa2ee620d3a8fbfee1dd0b6a38276c2978d72f24cfa012fafc9f7c9f68bc6ae4a96b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ade48d816108dca88ea5d74719c899dc

SHA1
bbe9a7871e1c98530d2b08673dd5d84ac151f8c1

SHA256
89280af54cf6ed7d995bb4da7afc53e7f7dac3e37d8cf95632ace9d9422d1892

SHA512
385db258790d7966c0e55281c8f885f39a1d9584189a131ec53ae3cd4926182dccf2d383a19f3136affb0cd3f2fd0028330eb58cf4b1eaa42167304a5a28ac0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c4f4d296a3dcabce4a1136355168cceb

SHA1
bb81eb7e49f143ffb849f16dc5f9ffa2fdf136c3

SHA256
deaa8327dcf162afdb2e0bc1fb99b91906c2519d62c168efa37f26dabc07a3f3

SHA512
1ed8e74443c404611bc9aad5d6c5c6a0dff1f19570844c6ee12b676fee40057f823f1ebc755233c5b75625b77901b059b64f3899f52328419cce2f3421975ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37e57f86a1020aa7594a215be917cb35

SHA1
382282a74b3cf0090edea2ba564e2935939f3582

SHA256
aab5baca18dbc41ca5be584df52bd8180e7988d40d9e2f6bf3f944d283936ccd

SHA512
815b565da99573222d72ae99954a3631b6bf93fcd28c12ad756e207548eb714749e2cb5cb79d604a346da0bbe88514659bd7af40d7cc5a1d5f4fcaa20ea1c77d

Download Submit
C:\Users\Admin\Downloads\ch3t_Hub_latest.zip

Filesize
8.8MB

MD5
8a87057c1f816c8bab7cf90d1dab61e7

SHA1
75f4c20a53b19aa4c370f88424e63aed3c6d33c0

SHA256
f6bb302f1dd859f06f97969e376badbe314810e475d11329d14214824d694bcd

SHA512
cb25acd7551725e6d1014c8b781fe2b5da78160e0b3828611e969fdbc40e749883f4913563d3348e187d30a8511550236e59f4101988997a47419869bc2a5a6f

Download Submit