hxxps://crackmes[.]one/crackme/66a877d290c4c2830c8213f0

Resubmissions

06/08/2024, 18:37

240806-w9j5eszglb 7

06/08/2024, 18:34

240806-w71dmawgkr 3

06/08/2024, 18:31

240806-w6aftawfnq 3

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://crackmes.one/crackme/66a877d290c4c2830c8213f0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{5AAFE5A3-6BDA-4EB7-9527-DE15FABB4639}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
892	identity_helper.exe
892	identity_helper.exe
1160	msedge.exe
1160	msedge.exe
3888	msedge.exe
3888	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
5332	msedge.exe
5332	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

pid	Process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 8	1116	msedge.exe	83
PID 1116 wrote to memory of 8	1116	msedge.exe	83
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 4448	1116	msedge.exe	84
PID 1116 wrote to memory of 5016	1116	msedge.exe	85
PID 1116 wrote to memory of 5016	1116	msedge.exe	85
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86
PID 1116 wrote to memory of 1692	1116	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crackmes.one/crackme/66a877d290c4c2830c8213f0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3b746f8,0x7ffba3b74708,0x7ffba3b74718
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7024 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3396605233638143248,294177433260130093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5892

C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_snapshot_2024-07-28_17-00.zip\release\x64dbg.chm
1⤵
PID:5784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
42KB

MD5
41f09e2d89211fdcb7bebe50e7e39645

SHA1
4d472efe17ea2248ad567717b6dd3d67c573fcbe

SHA256
ddb3aa9142a5007f984815fe8383a9d6bca2e369f19496f68025b230b4953584

SHA512
e367ff5e469cae1ca4c72ef72e1e8e7b0899cd27bf4ad464de48f2fc7666d75e0c25b807168cd832bab24776f73bd79674aa12838387bac9ac416dd929677535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
17KB

MD5
4628d344b412812cba80129efd1cc9a8

SHA1
b8cc9f1f832cc9c3624b6a00b2ccd725d2851cad

SHA256
b66fea64ce1ae1040340f5762d97a31187aaf1ec2c8a28a532b0c82622c6df3a

SHA512
49d92b9752b96872fc5570ca0e0f11c8c72989883917b00d68793edf78cfe55d20c904851a204b53f7071a21b725fc7d232a106b96201c3583cfa498c0743e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
65KB

MD5
ae11761ff7154168867891ed59770c55

SHA1
251bda1416a047dbede9716c8778bd9b5f911b12

SHA256
87b490046b1fffa890d12319af1c7869fd0b181d162f1a9f5dcd9070aff15355

SHA512
b346f9ef85b31bb0d4aea2948c64247d81abc066c123717bbe45361762797b10f5eb87f56831a4cc1d04a2f28aaa237d241abed1f9459ce8242268f2524c90ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
93KB

MD5
51ae200253c6a2a0d0a3e1e02c980cb4

SHA1
a0bf83264e2a11a1df2e250087169c03cc936995

SHA256
12ee3e4578063d1bfa45f2f3bce69f8f793ae7f2be65d83ac0d23d701568c4b9

SHA512
b0c7267fe6e27f334972ab76be869ec6104a7871919ed0006843cc610a5a801c1596ff7593841755480027713391c0913d12b282bd20c811a82c6b5ce5a665d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
17KB

MD5
9dbab426d9618bef9a13d62bb81fe75b

SHA1
0a3cfa237069972b2184541a51ed91ea74852c70

SHA256
5f387fe6b1b792fa5c19ff36262f5667e2cffe7969afa24ed4e0c2b8703f1988

SHA512
2fc9acffa10ffb1c7283f12243c7773344be80d88446f86da6c7cee7b156a01af013c313e68d8fb3a68eba041df3b218fff95b660f6e0447f1311b7f86966967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
18KB

MD5
160cfd8149309447183b4180640988c7

SHA1
81831df106198fca11a37c6aeb141cc974e73ae8

SHA256
a99736d9d272489e2f41a915e01a896bcae5ca29f176f6bfa4a69504541c7444

SHA512
e72f00df98a8b26084d0e9e0272a6cc030fa58203fc78406c86bfcf3f519b224ce91817dfce212dd53189fa06c5c2a848f79717659283d14ab46d7459d8b6a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
38KB

MD5
632616ff15825f030aab3391a58ef042

SHA1
a9435e095b8a17b6058c9d1e0c8ea53805e20d39

SHA256
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50

SHA512
ffcb6cb7713af0499229f6316f762fe119c313e2a3810d8eccda8c005ad664adfc640915970e8d479558e627c875e4fe9e9ccef1a9e2ef3788947657916d1c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
31KB

MD5
1ad887c7ca65f259b616b8994a26d302

SHA1
517123f8099b3676ce0f61fe3f9d8c0ea51ff2f4

SHA256
4756c36644b388b36fc012652cea546e245baf4cba63b4df878f7eb31876bba0

SHA512
a260e28aeb0c72c05aadc43f082ac0dc65d0ab790bce615e3560f2b2fd69e2ad717abffa790be79bb995e6dc75acb1f2652edce236a2900b44f7e49636109dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
147KB

MD5
10a8a83c6230c12a4890329a352f3617

SHA1
6e3aa832e17bea6716802ee1ce873271349251a1

SHA256
3876ec1287afebfe3ade64a0fc5d75b99a2273b37c90309cb0b5ef4b056bc1b4

SHA512
49dd17a22eabc653394aa5a6c4eaf28d3d61cec7b7f835555d72a47b75d4983a98b0dcfd15abe426b83c29ccc6df062a46d972a66656872ae43b82286d3f859c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
18KB

MD5
7c7a3f407747d3d5d40b6e0460a4e3b6

SHA1
7bec927cdeb78e001daac960a403e996602f414f

SHA256
9650ab891443506622d4d5548806aabf0a9afaaaa0c6a9285bf6611d2130e1b9

SHA512
1ac046370424da04f219503c23e5d22d4b5b130e2f1502b82a06df6b8e07974e292cfec53cc4c697107b0ea6b968ecd82fa8d43984aa8f7c01800a66fc94b89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
63KB

MD5
34d5015941e4901485c7974667b85162

SHA1
cf032e42cf197dcc3022001a0bde9d74eb11ac15

SHA256
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

SHA512
42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
62KB

MD5
0800f316866f3b20e5443bf0b6c133a2

SHA1
0c26d720ec1078b683068d5586b3a204ec118bba

SHA256
8bf6fdda34cb70a0e5abb753af6440a64d37ed2fee81ab1d9c478f7d77aff84e

SHA512
84d9961ef0b3890094c0809750708d57ab23a9e21f76fbddae37fe04443b44c693dd087e51ed06e5ea2900f1fa7f2bda76f8991d3f8396dacfaf923438e48d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
20KB

MD5
6959c9f88b6fb8554e6f425dde0672b4

SHA1
b7b9f19568b87b28475a84e85e4b21ce970a8dda

SHA256
4a1f68864b12b9dbb0d41320fbb3f6b96cae14ba4621e6b50f1de88a4ab21d15

SHA512
f91a0d3ce5764a291a0a718c4d5b94abff4f272d23586d1d46fc93807608c48e173088936833779b862b7ed661bdf03eae2185fa134dd9d4d52c4f7d82645734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
30KB

MD5
7fc4052cd860d6392c6c219966ae3d6f

SHA1
e08dcd144138183c8dc96162169830b5a8eb56fb

SHA256
b633d52d577214ad2d7aab92b1bc94a3817f717ec0579557078c1daecf45e0d5

SHA512
a40b27724304021cd8bae97a478981f8fa4bd17e16bacd377a81aa034ed2c5f185b206c950c0ff96ee35af5cdbb3f5bae64ba61f99f3d988e52a5a193a7c92b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
17KB

MD5
ec9703f1e2e1a946586abfc60ca73d91

SHA1
28d1bfa1ada5efd3f81a7c7245fecaac83c7326f

SHA256
d5f34d78065914a3a0d772b0a5de083ea3b22760622c898684ac18ccca63bab1

SHA512
32cc10e35022516de3cf7740d0aa029e7563947e2afe5536fac2a6a797fce2fad9caf28385502c5ac0afc06cf6ef57eb188559db224fe5ad7f9f287753818f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0eda3986a4f062d0_0

Filesize
3KB

MD5
c9f65e33fc90f043e8e9c5f3f1205a4e

SHA1
b50fdf47a796b20f36c425015e3c371d3d2fbb15

SHA256
a02112e95ca9b34f2c9b35a52c30eaa3a0a31bf0bc4a4902565de5f7cce0c622

SHA512
5432aed8b4eb7d432fcdc9b45bd298bb0259a182b0e7e3f77476accac99158ecb5369c41ca89378063f5369f63fd469e799d022dda6570d4e904771396a8ff9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b508899820079f3_0

Filesize
54KB

MD5
7d99cf9dfc570c79bb9a61f168c0a54c

SHA1
d1a06068430ea906b0440f1245a304549862b381

SHA256
57d3af1392a42982d943c896b7b95ec4c416d33958274c5a560ebff42ff4d62c

SHA512
fb72e20ccd5fc20ed577b07f9dd764acfe03ac6cdbd117fe4a234ba680ee5a007f8fdc9ecfffe7ff7f1ae6ea3fd4f32fc2e9a967f78f700c5d2bbd9f2cc44f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b15be3bea276a0243784273f02d562fe

SHA1
6d15fa7747bd32a98a10f304d2f51765ad5f6ea1

SHA256
a72dd9494b85bcf9e5bcf9a98bbd321fc5d8924c2975680cb14b4879ccc626c0

SHA512
8bf201740965e0936517b36e516aac797afc995aa6280d5d8b876911607829e2a077e604694331766c1cbb53499b240c25cd4c75584cb8ee9543744d5fa69a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4c3d1f764b5e2a2c93b703320ea24d0a

SHA1
a4a6e942211bab0947c052e38c58e27cf9d11363

SHA256
771044dbf17024364f8c547bee7fc1bbf8a3274d8c31ba5970e5c7ac50e6e45b

SHA512
9ee7a3c8fdd38cfa65a62f59e7864bc7b663d87047b1448a433d628ff5cf47e9551c0ba7edfa5e15270b88b28d99919885e31aa862266bc8e4d62bc7fc064a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
58427067324994ac7d17ae2c98f16e5b

SHA1
c52c40a9c982e774c1fa36b1a18658842893cc46

SHA256
98da4bede85ed453ab159e3cdfef70442483ec8cec5d6a5d5f0b0092202e1d56

SHA512
20c5ace61df1c917d6d58af5bd30c7bf6200ac5d9d0b665477b0845f06d1a13392d0a8f8517e1d9573561c5376b2690f956dff221d0e02b0eea3c93731d1c8a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
31ae030f52b31718c70a8385a179e1cf

SHA1
3826ee92396ae205bd531beacf382dbcc9e0e67c

SHA256
76a99c691370ad2d2ea2b903f3bdc4f6d959a08b4c4659cfdcd2a1f44b9d6dfa

SHA512
d11906daf990a9514583e1d8b38c361e6d4cc2e0463151ce13f183267514b7054b3ada46aea5cccc982d3edebf8480642e79f7fe8de279d0fbab540c1d421334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3154c5d7ef1896f1a3a7dc5449fc02cc

SHA1
63072f1d01c949e0ef62c4fa1be9f8a1f0e12335

SHA256
29d00f96bfb3ef3baeec8432017e3d13f18f4d7cedd7a6935d16935db0e94085

SHA512
b3c1af5893c23f21243fd57e3f96da7fd67d29d5d77d97129f99754f49dd1ba09e68c83bb6be451a9d2bbb89002099ac33f8a4c17cf292b4b11e03f1bb218480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
020045fd6c947b99fc84761f93ab9abc

SHA1
d4018139a7038795b525aec337a8eb30f5209bca

SHA256
da15ca2871e10987cd7eb11b351766d24424b28909ab5ae2b1df8690eab20831

SHA512
32de5e89c388da1bc5d9072d6b56279c6d1708fdef0ce2ec20f1fb9836e7d60f61b6f2f79fa945eaedbf8a082d0547330ab4b71af38e50969b022e1be9d348a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c44bf8165c736c8a1f7740a2e8be2e9e

SHA1
3ac7d7f50956b600619afb0e5332eede89d108d5

SHA256
d08ececb402bf0bf9d93ce870306e3a07bee3bf2b108c1862f4f33c7ebac1eca

SHA512
6b217af85f1de22dbe7da00b35316ec4a54a1364deef3428e8bfa9312388d2fff1857f9fbeaa931c4859a60ecb95df2cb923ab5e0ac558d26e5e7ad73b709833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c034a8ecb3a5d5652569a129f890093e

SHA1
416fa5587119b42e1065ee0cb9bf882f0988f8ed

SHA256
8a97803a331883700be074a00d72cefb44be8d4600143e3c11a3a9b3450d6d77

SHA512
6e0ba81017773f3f0c356c3eb7d2ed122b50c03c7ac4f2518b1b1f56f45d9351a843ac3c462137452065cc2b7d539ce6092e3cda28832458e8614e7d7b4c666d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b614d7a3be2c0e1bebcd4e20821caa7f

SHA1
4b51a4f77f666196161f0bf00037baf6f11294e7

SHA256
0cef7e1becac828d39bbbc039833653c3bad63e8f3ec2a13d8cf563f328ca237

SHA512
4a3579e044a581baefcda0663ff8e8e78efc554ce472983c88a2851e9027bb48892a8d6a7c6edc1e8893e8393065d1054fcc2cf0824866e7b47cbbd9b704c2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b30e2d8eed182812faabb5bff8f55e98

SHA1
7f63b7562010873b6a7713cb18f480df8b1fd008

SHA256
971678b2f37ee6342ec01cb61d9688aaf55245c33e03ba6653e4caf6001db304

SHA512
deed57ff3199305c4032e8811a27e0594daf68bc021460054c9ffd90896b6661af6bf7a3e3e199f2b7d41167eb68eabe1b593d825c4cf5839295d6b44655f64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d64db2a9f96dc22a69ada9a23efd4384

SHA1
a2aa6b9eea322eb3166682599b1b9e982ca7c23c

SHA256
72c264259aa21141cc3158cc674f5be46d197d1f3baf1549f9f55d1539a46e9a

SHA512
053e827b423220598297534659cb283530a21c09107fbc505dc3d8186ce6ed01f57cf71a520ab891efdcfb3bb09796b9d59a31ac07b0997dba8b0b39a2e57842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35e47b7b26f876a8037d61da8654f4f9

SHA1
87b2ec0848b7e2d085679a6e195e274704482799

SHA256
85fc3386b90fc773ddcb50673a064bc58775b805b46a9cee307cc5effcc2a8bb

SHA512
08bf82f04c978b0758e2a15ae443f3e9edc7919bc20889aa6140fd512a8716b592d40c9bd48a1cd7b600bd574a39f18c98d29370f4454fcfe2670edb99f3653d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
06cf16aea5ef7f7e66a516589c1560f8

SHA1
fc9a899732ff294d0403edc0488308e981215dfc

SHA256
92b16559f6011d937ec64f462b6610cffbb493c783bb63ed3e186f834fa15e35

SHA512
66627b5ae41091eb450b6859a2d5c3782a8f03fdfde9d328b1fae6953caebe0c73f4b30d46e00864724841626f08b965a3e4875c54539a2a0d5c69c291c6dd93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bda8ed9e79f63e0ad9468f50559de42a

SHA1
d8e17e78d0ee272a6e8c2b12747cb9c374bfd9fc

SHA256
168d78dc34b239f8a4fc9fc20ecb5ee4d7f9456fa62f7790c002bdfb2e34dc86

SHA512
67507d093d89c1fe48ba7452bef595ef88089e335bcd68bacd5546b70f819a97f623b3364c727343605ea70bca904335523ce1df8b2a30df9ae165865df4faa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
035dcdb5a067e9c7990bac4241d43006

SHA1
5bd8bcd9f258388b40d91ee6230305b251816101

SHA256
26b1bec4e0f0b8df51921756f469c7827f41fc5665e239269a0b08d3a0d6ca41

SHA512
1b6998efda28c77f49e05672bd583b6504581435e7e0899f6a6e5c1236df16468da39fd8e8c96d5b5feece86fc078f0374f1b05a9d5e1355230191aafb4761fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fd4c.TMP

Filesize
1KB

MD5
5d39becda92caf385805de38296f78b4

SHA1
94650486d52cda3abc201f36e13a3e9783efcc4d

SHA256
dba30fee955ece6edb9a733204e634477f5a75e0cad4b5ce0f52553675a5178e

SHA512
6d597abafde39736151b0cddd500d19d7bdec56512bd8f2495ea7b7eec31a2cb7a6753878fadf2d3d673f364c849b4a4c68341a7f4ab5cc0688ef67a813fe951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c82cb5d9bce7f2ad352e7d3962bc9f4c

SHA1
84517bc0c585170a3e33954326f48f13132e44a7

SHA256
a08df618d28f4e3a1e936e794bccae635d52c9ee4726355353686157096f7e1e

SHA512
cf3787af6fafdf21df0a62d55baf4897ddc3f31184f178ff087b1b039afba1f3bc428ecfd509250a7dd93335f866c9a1a0ef9b83ee29c46a7f39f65efc2cde44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
acdf86e30ba896b4630c059cd1b51818

SHA1
0d233e97fe0c9f4ea45a13616ac0ff8907fc6d80

SHA256
7f856e82058cc224627242e832ad2ffa7c70555101b83298740a6c204bab9d2c

SHA512
c752a68d7ec568566f2f032f02da446879cd596bfdb6f25e359ccc96ef33789078bcbf51e4cce980e78613c2e791f71bb5e3279b1e779b3dfd8a34d210c88569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2b67d1779eddefbbad2fda701c1af82

SHA1
8c84a497333f4941c002061d4821bba884efcb5b

SHA256
01fb4dec376b2459e78c007806bd031d09fe3d5972956c65eeba6f7746a84b54

SHA512
e0a65ed83457f9cb3084f8b483ab427077689691851b80e07c615f63146da6a8831f167e4553618c358cbbccd44e0cca6c15c247cda12444b36a3a3976222727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1fd678f25b8c8fb6f293b2a64a8e46c

SHA1
7163c51491b62a8c0e3b0976879fd3637b76176b

SHA256
7a04dac375ca009cfa123d644e7564ce9cf33e7b9dded789090e1202782fa51b

SHA512
1498aff5f530dd5207bca707f27d6172832e235e1b6f3b549a9c29e29989cf489277dfcabf52d9715b135b374e02d4c37d4931016ed5af7ccf4dfbd91163c2c6

Download Submit
C:\Users\Admin\Downloads\66a288ed90c4c2830c820fa0.zip

Filesize
3KB

MD5
d259e314385a726e80ffacdd82be5b74

SHA1
6d2253b39e91396b0c5396b7862a9805791ab59b

SHA256
c2916bfe0f156a7fed8d63c992b40875ec9101b1f4f4d371ea38aaf1f6f73d89

SHA512
35caa893dc4d488c908445f40d4686f154acf7e3337992ccf8776e434d541337892dc104218c978975a209e374ae6238418e1a2803fb5d1d0dde8ab5429e0fd9

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00.zip

Filesize
33.3MB

MD5
77af1e5987d4311b3204044d4e875049

SHA1
4755289ab03bce510891c16fd488a71cfaf71061

SHA256
d3010e9efcb9e7128b2ef8b0d0a237a34de64e1e62a0f94fdac1e3b7288331fb

SHA512
672d0c5f7bc91f3b99e755455a146a4214625719e26876867b202bc93ca8502001f5f77c3514b84f3ef1402d8a4992f68d132caf9f3adb9f0c5f21c1a159bd7c

Download Submit