hxxps://crackmes[.]one/crackme/66a877d290c4c2830c8213f0

Resubmissions

06/08/2024, 18:37

240806-w9j5eszglb 7

06/08/2024, 18:34

240806-w71dmawgkr 3

06/08/2024, 18:31

240806-w6aftawfnq 3

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06/08/2024, 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://crackmes.one/crackme/66a877d290c4c2830c8213f0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{D7A672D0-B703-4A99-95DE-03016A7C5CEF}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\66a877d290c4c2830c8213f0 (1).zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
3880	msedge.exe
3880	msedge.exe
2748	msedge.exe
2748	msedge.exe
3740	identity_helper.exe
3740	identity_helper.exe
3036	msedge.exe
3036	msedge.exe
4984	msedge.exe
4984	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2120	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 3696	3880	msedge.exe	81
PID 3880 wrote to memory of 3696	3880	msedge.exe	81
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4832	3880	msedge.exe	83
PID 3880 wrote to memory of 4212	3880	msedge.exe	84
PID 3880 wrote to memory of 4212	3880	msedge.exe	84
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85
PID 3880 wrote to memory of 416	3880	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crackmes.one/crackme/66a877d290c4c2830c8213f0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffbc03cb8,0x7ffffbc03cc8,0x7ffffbc03cd8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6816 /prefetch:8
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1276 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,1047714157989829201,12685606234035297499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:2856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1520

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5256

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
65KB

MD5
ae11761ff7154168867891ed59770c55

SHA1
251bda1416a047dbede9716c8778bd9b5f911b12

SHA256
87b490046b1fffa890d12319af1c7869fd0b181d162f1a9f5dcd9070aff15355

SHA512
b346f9ef85b31bb0d4aea2948c64247d81abc066c123717bbe45361762797b10f5eb87f56831a4cc1d04a2f28aaa237d241abed1f9459ce8242268f2524c90ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
93KB

MD5
51ae200253c6a2a0d0a3e1e02c980cb4

SHA1
a0bf83264e2a11a1df2e250087169c03cc936995

SHA256
12ee3e4578063d1bfa45f2f3bce69f8f793ae7f2be65d83ac0d23d701568c4b9

SHA512
b0c7267fe6e27f334972ab76be869ec6104a7871919ed0006843cc610a5a801c1596ff7593841755480027713391c0913d12b282bd20c811a82c6b5ce5a665d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
17KB

MD5
9dbab426d9618bef9a13d62bb81fe75b

SHA1
0a3cfa237069972b2184541a51ed91ea74852c70

SHA256
5f387fe6b1b792fa5c19ff36262f5667e2cffe7969afa24ed4e0c2b8703f1988

SHA512
2fc9acffa10ffb1c7283f12243c7773344be80d88446f86da6c7cee7b156a01af013c313e68d8fb3a68eba041df3b218fff95b660f6e0447f1311b7f86966967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
18KB

MD5
160cfd8149309447183b4180640988c7

SHA1
81831df106198fca11a37c6aeb141cc974e73ae8

SHA256
a99736d9d272489e2f41a915e01a896bcae5ca29f176f6bfa4a69504541c7444

SHA512
e72f00df98a8b26084d0e9e0272a6cc030fa58203fc78406c86bfcf3f519b224ce91817dfce212dd53189fa06c5c2a848f79717659283d14ab46d7459d8b6a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
30KB

MD5
b1b2da84d75bed855e37f209c3d44634

SHA1
8285daa969f47169757138e517620e5239499c19

SHA256
96799832d7d62fa0dd4a23a4a67da6168b30bf0c5684253f9b2320c1fa4d8f76

SHA512
2ed771d620f7471e30e25e0537441368b7dbc9b01d34b1b0691b4a12e91e82b8eb26318669e74ab7324a1f5324ed4e47a5a6dd7be42a11589cba9bd7f8eb282b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
148KB

MD5
cb445ec39756de23452967c5813a76bd

SHA1
d685d3a541a5bcb2b107745e601d48ca7548bfa0

SHA256
e70b31c0e5458f8ad4effa7f2e0d4b30f467af3cfa28da1f63dfe46e7f6afebd

SHA512
27a797c327af6e25e81963a8c4f7e0ea02871ffe62ed9469987f96e0483a546d9ca5c227f45a94f95e0b6b29f0bd6676e2f4aa62d787584257564de2d92fd5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
18KB

MD5
7c7a3f407747d3d5d40b6e0460a4e3b6

SHA1
7bec927cdeb78e001daac960a403e996602f414f

SHA256
9650ab891443506622d4d5548806aabf0a9afaaaa0c6a9285bf6611d2130e1b9

SHA512
1ac046370424da04f219503c23e5d22d4b5b130e2f1502b82a06df6b8e07974e292cfec53cc4c697107b0ea6b968ecd82fa8d43984aa8f7c01800a66fc94b89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
63KB

MD5
34d5015941e4901485c7974667b85162

SHA1
cf032e42cf197dcc3022001a0bde9d74eb11ac15

SHA256
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

SHA512
42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
62KB

MD5
0800f316866f3b20e5443bf0b6c133a2

SHA1
0c26d720ec1078b683068d5586b3a204ec118bba

SHA256
8bf6fdda34cb70a0e5abb753af6440a64d37ed2fee81ab1d9c478f7d77aff84e

SHA512
84d9961ef0b3890094c0809750708d57ab23a9e21f76fbddae37fe04443b44c693dd087e51ed06e5ea2900f1fa7f2bda76f8991d3f8396dacfaf923438e48d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
b10b95f304b7b2614f373c13db21b2a9

SHA1
e4e53882fb5cd9bb99aed74afcde8f9d0acced52

SHA256
3ed9fe869ffe7aca88a8fe897afe6129c1852cead6be1815759571833c0e04aa

SHA512
e447798d316487a3cb1b76de823afb1adb01e32d8247919afe91c9a447f2b272bbc6fe48fc226a5c8412b6f6e52088da661290ba5fa55eeff01fb423bf8d9a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c557949fa18b10d_0

Filesize
377KB

MD5
a29127dd7176e727a0d3828a9278d19a

SHA1
ee950d24483a538b9933ecc48c1db7a7465ee694

SHA256
bb5180863468febd72d408df58251333d876db8cb0be435d4172df608e0bfc10

SHA512
7cd59f5c09436062f3dbde5e1c0fb6497c38739a7400ce214f05ed7f9cbd10a9f5947b96110e8d9b2eddf47362b7d8df55f4c6d3004b751ffed8b417d472f886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5caca2d4f4087fa_0

Filesize
3KB

MD5
92afd7bd920376bf8903affa2a4ca47a

SHA1
171d3ca0ea2959b81926f3807cb9ba5a57de8a69

SHA256
66479280410af94121aabee0db236b03a8db9f320bc6c244a5384ca57ef54ab8

SHA512
61bf433a6a2f08fdc5f85d4d1207ae4658f64d03fcf1ee5901bb84aa4a9b361bff70e20850cca92f7b03e5f06671b43239cccc7eda472d116e21efd8abce9229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d348fff2b74f6610e358c15008af5297

SHA1
ad927ca1147d815e3c06f4ecb2022722e7df3b13

SHA256
916ea326de0a4681aeb239f73949240856e3bedc235ec399cef796b61e529c7e

SHA512
0a69e1779ecf0578105b728ad5778f7463f1d5b07264abb5ec12f156238e07bb49d790293e5c1e546f64b666a271c10e1887500e48dfb2c56bcfa37ebfb0c1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ea6a3d7e4d7a85839d2001425353e2dc

SHA1
0be2407411b837f75afca788aa9e9f22a43b59f6

SHA256
54b45780b644b90931cd7f55011f625ef879b55af300d4a80d2fc1268ea94219

SHA512
4369f03c2bb14799eb0164199a7f4b4daa104bd6abc599365697ba12fdc677e98461ae6963131247203713bbad8750f5837767617cf17a11e90736f236f9582b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e7a54e6bf347f7f9670e365c11186e74

SHA1
d3c150c848b89da49f8a09f194d3904e14e4aceb

SHA256
5a27cba8f7e6eff43869c4653ebbd1d54f27f9b15579950346c2a132124c0bdb

SHA512
cc1919aa2b3f3dc5b7799417ef0ea8e9453bb42ffae729821effae34e5afec612567b11da9781575420706c9f2bb81f6734d9cc4858ebc544a88eecabdba78ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
727dbb96e7a214ad18b53944c1064e48

SHA1
2106ebb9a44e6190a0287558caa3db3cb9faaa99

SHA256
841ff7b3243244f5450ba3b97b469e6242f98c2b0b270d06e104f46bbe78d179

SHA512
121cad962dd4004ebb3ef54ee7fde77b56fe78e29af874abe891aca031453ee5630b3308fd9043b8a1fd13bdb9a6d715f8379809ea15f16db5b955f3d2bbdeb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
abef9a2e26c5b554fab8223668de7c34

SHA1
71a1b412942246bd12c41ac981f84d0474d9f8d7

SHA256
57e81aab20a74137cc04986b457a7282b1464fda164d7b7d1e84462f59d1c719

SHA512
ce215ba89380ff8f20122168be17d9db5f89f5048a7e3c626556d877139cb1f257a7269da99a45d137d4ec49d3bf16142a64e5940cd256a2b5fa3f2fede50276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9adaa9e62ba0422e6d9552a4b4bda988

SHA1
d97eb486f246e62485c913144643152b3281b7a4

SHA256
b8b20488b860c3a7e29ce4a876afa03193b74841ada0300d2e9175339a32c845

SHA512
bd23b7c80089beff2712fe70e6b9b3f7c55acc020696c04eb5c823cfbe480a2aa468e2a83e8ef621257feee6ebb39342fdc3a09c7ffbd5363f2e0f014f30409c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b3508f313e550bd94ce14816139e599

SHA1
a59095822d18ed50d5d5a06e415a6a27fef150f3

SHA256
2a3506abe4472357fb923e92a18c2e7d2cdc8d0e2f65284ac5192550f3d4a59f

SHA512
05ed8dd55ad06932b8c2eb377b8732f3d2bc71d4840b1714e33d338371857e6c768672ab984e31a84b655accd20e335cc3c61445e0ba9d5b15d5d9a320f845a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aa0e77e4b0bc87742df96ae7a02ca386

SHA1
14743523518de7a583f9ae9817dc7290e7462c42

SHA256
f92f098dfbd137761bb97b054120c51da19183f5350b45bc9375e8f49199932f

SHA512
747b63d1c6a5dd5d983b9eb5602ca618a4edc66788bbbeb24def7e8199cb0a68faa78d3a0b5482e8781b998a6413652c2cc3cff59dc6f22d310f0c94c18196b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7b0e8bb053bec6f47ebdc195cd5cc922

SHA1
17eea11c9ab4a5e970a453f951be3d19e019ed91

SHA256
17d8c4044d0ba6a6b5124146a8041938f509e1a06a08ef650e38e53a48ab831e

SHA512
3cc89386b6a8ee3a9e319190ce5b95df2e630b5e438dd46cb943413a37ca1a6b3d364b58043e45c7c3a1a4dd7f19a68181cab27420778b21cae7973a97ee9168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1285ee42de85be5be0c94a9e097cf63f

SHA1
41f3516535996932f3115b8a59dad9e60c351f72

SHA256
59155195861718150f87de008fb0a5b968671b7436a7c55e269efb4c5d50f416

SHA512
85a9d261dba0ff020bbfaa6ba2b62b8005ff5bba401521e98bcddc810bfa4ca4a6ffd368fb4248685626af663483e540d3d4e2348c1383383466409e1aedb012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
db0897eee8132268d2f0719a20312c2f

SHA1
1b1c4fcaaa87fed40920b5cc86f7b43e2bb40599

SHA256
eb8fa2a0c0f37afe8181cdbbb30b3f1ed6ddc05446df26da832729406f445a0c

SHA512
944c6f1270dd270e762f3cfe3ef0c6daa33ea72c85104e30ba3320fe09ad5c61b0832f3b2cfe7fed107232de91a71f13b4fcdd44e842cd604bf0578cf620cda6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
27ad74a5d415590c1d71b0a214a8d453

SHA1
0c1a09959c99f9d99af98ca0be74d8ac5d3f71e5

SHA256
3fc7958e9c59c3e62b6e02a6d1743a1395aef8a9efa33831cc55379024d5a62f

SHA512
889b6f6431b1ce32eb1cf30c776b048cb506f583dcdabed0d8663c78e79bb39417d91d0cdf085cead6e39945772187806982d37df61704bce0e3d37aa26dd1c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4185f9894c9eae880b036be959b534a

SHA1
8dca0783440cc8935c1feeb1128197109b4572a9

SHA256
a87e150f13f8e74ab04efa38c5af48d4f0c998a08c05bb6317c5657d938b70dc

SHA512
a383d417b65db177d7e453e963e1a3e3a548a5bda2a970b1ce2ba8c627b3c74768853c4a99526714f3e525744d9e085dd39c83d0d88b67175ef22b7f193b957d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3065ed52b2340f765f56c0022e6d33bd

SHA1
99a81cd466346e1051a81dd31976d07492f101c4

SHA256
24f8bb553f6d27eda03573f432db4d86630575578e35032c969ca0924e4cf89d

SHA512
d67e2649fa48a9373795cfe4224028d22f741e6a7aab5904a8f67f326b46865ffb11f48bf6a2f24760f0b1fe46a7a4d6245d15634f0f499fbc05b840758d3ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6bbf79b240e58071f0e1ced1b3c2ed00

SHA1
5a429b069f06c7247086c01fde2dfa851169a1d8

SHA256
486f660465a26d1f340451d7924051f379ba394616d70e774be731dd79f25faf

SHA512
18ab246f873c85a27eeac24c6b5be521638235da534c13927a1662d9a9ee37b5239e243a72514833911c7c83816b36ac900ac744b2539f57ccb101658b2387b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7cd27351ef57fff1ce791ebf524f64fb

SHA1
c4cc33815d054debb67825fac3e1c559b2569cca

SHA256
e9696d4ce65c08642f12e85f44cb9caa656c1c0c42aa170c1025aa579abbef5f

SHA512
b0e4f66ccc96f6b874352d244c6db30b3acd041457357977da2216f893ab6211ea0cbb2cc0160ef96ffb4d470a90cc60e4798ad670926602bef4797596f592f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
429bc5d1d17c7da01b7b73e4d76e6555

SHA1
13e61bac16984354b4496657977fadbd50a404b8

SHA256
3d1c18a8a0f4de35b627937e4731a98d89fdabd933cc536507fb99b6d15e5934

SHA512
ef02e4d385ae2bd8de826db44992598007d2a1ca787d4e5b8cb59b2476c4ea9e05332e7813fddc0e2f8f176a2bee1a65240160f294e665a6a096d959edb49dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5857ef.TMP

Filesize
1KB

MD5
e0fa80c102d8de748f031d330531acf5

SHA1
8d7d179967587d66ae0568908153857667471603

SHA256
6300c1b7bde58fdba37645aa18ad56d9f2a686411137aa217913d81d042de1ae

SHA512
b17b3813923c9a3922063f6cd13c4f5e9ed6c0ea031a08bfd57f73ac185f773e5cb68bcbe9e46eb9cac4cd48095158e4a5b9981c705facffef2fd54ed8232f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1fc4d50cef64ef89dfa683d2930c1cf

SHA1
fe0044c90801c2aa0e3dcdc408de08f76a53a3e4

SHA256
0117ddcc7fb4ca000f4e65e4a631e36baa9c0b1ef2bee97c778f09c9b8ebd5e6

SHA512
0ec327b609759d9605683ff77bfcf30fda5a9114cf35a28bf399c9cbd3c02052a88c441e1caeb59189c4434fe298c028913215c383fd4c4d2a643b33684aa638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b343a22f0377005d59b4d70cb0822761

SHA1
23c824a04d1b79afb5d6da6c73256ad364a6a422

SHA256
e4712529a0f683780448c2960289290a115d310a8fb6872c0cf1bc5eaaf5fa41

SHA512
fb21ecb6c2e05b16a83fc8227ade83ac085494815660be8c2f55d54fc9623162efb84c35a448749a42f7926a0bb83c0c7ac37bda1c0bb7b0d6068e87d2840767

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a7f391566ceb7d310b04c1376aa66a07

SHA1
eda88e9134d3de209152481c9e8aa02054d4c2eb

SHA256
8ecb81fa22792fa6bb09abc86b9b5afb50773e2c5537def45dd8ba297f6c714e

SHA512
163bad20eaa9108286367367e6a54a9ac612026954ee2466b8f88f732a992695fe160d3fb5f092976ef15c1c1b71400e577a9a4833dfa616d7c9ee6a8237033c

Download Submit
C:\Users\Admin\Downloads\66a877d290c4c2830c8213f0 (1).zip:Zone.Identifier

Filesize
167B

MD5
81be02cf7524303c7e10b0f327869b27

SHA1
218aec0ea4654b7e6dce48f266995ae5e32406a4

SHA256
f9edc4828f7a803870e56be9dabb862a521c7a48e308ea8381ba1bd983491fba

SHA512
3384c44edddf4787f51517b9e2f89453b641ba4d372d224f9364e1cbf6732234ef78d320c1629b5feb6b5e324f280d86536ad76d0c652a2b20c9dcd851edd159

Download Submit
C:\Users\Admin\Downloads\66a877d290c4c2830c8213f0.zip

Filesize
135KB

MD5
c831e39feab8553e80db2a2a60fcfdee

SHA1
cc69463a1f4df73ea89e01e3c63e615c40ef911a

SHA256
92f73e1711988f9b901bc4357c51eb915a35cdbb7922205009fc89e23a26c58a

SHA512
5b384d5686b39345ca9d67956ecc60664f2a63ca20bfc07600caed8414ca37949e22078d5d2924d4c38717b41ee8f448e028909ce61e0c49fee3c6224eec27f3

Download Submit