49f706b6d36e0e9f7349a72a43795ad6a1222e06589bc88b6219a4398abebc9b

Resubmissions

01-09-2024 17:53

240901-wgbmksyakg 8

01-09-2024 17:52

240901-wf235syaka 3

Analysis

max time kernel
121s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-09-2024 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

httpdebugger-crack.exe
Size

81KB
MD5

f177d9fd359dc75989f2b4c2d2d988cd
SHA1

44dc346f48294d00e6bc92fb399091349f745a6d
SHA256

49f706b6d36e0e9f7349a72a43795ad6a1222e06589bc88b6219a4398abebc9b
SHA512

7cf9bf25682e1a8d1b63eb0d8fe2bdba879ce25b9a372c9ced80e086035647992f9f14a89db8d7c1c5650963c791eaf26028a3744e32dd7c07ed95607b1a1610
SSDEEP

1536:Npc/vcDvyBkMEozlwPLRlXMkEX7yKV0X2FbvsRd:Npc8ajqLRNMkELyKV0X2VsR

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
5392	httpdebugger-crack.exe
5572	httpdebugger-crack.exe
3760	httpdebugger-crack.exe
6020	httpdebugger-crack.exe
1884	httpdebugger-crack.exe
5472	httpdebugger-crack.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
106	raw.githubusercontent.com
108	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133696868285908813"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{65F07045-6C88-49B7-8CA7-C9E3F5BB0A97}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 203843.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
2224	msedge.exe
2224	msedge.exe
4072	msedge.exe
4072	msedge.exe
1260	identity_helper.exe
1260	identity_helper.exe
548	msedge.exe
548	msedge.exe
5948	msedge.exe
5948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2060	1980	chrome.exe	101
PID 1980 wrote to memory of 2060	1980	chrome.exe	101
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 2040	1980	chrome.exe	102
PID 1980 wrote to memory of 4636	1980	chrome.exe	103
PID 1980 wrote to memory of 4636	1980	chrome.exe	103
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104
PID 1980 wrote to memory of 2200	1980	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\httpdebugger-crack.exe
"C:\Users\Admin\AppData\Local\Temp\httpdebugger-crack.exe"
1⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff83cd1cc40,0x7ff83cd1cc4c,0x7ff83cd1cc58
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,13512355323405193843,2176873062356217865,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2216,i,13512355323405193843,2176873062356217865,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,13512355323405193843,2176873062356217865,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,13512355323405193843,2176873062356217865,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3440,i,13512355323405193843,2176873062356217865,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,13512355323405193843,2176873062356217865,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,13512355323405193843,2176873062356217865,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,13512355323405193843,2176873062356217865,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3708,i,13512355323405193843,2176873062356217865,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2952 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5016,i,13512355323405193843,2176873062356217865,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1208

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83dec46f8,0x7ff83dec4708,0x7ff83dec4718
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5638721056906840964,5733040122998990556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:6032
- C:\Users\Admin\Downloads\httpdebugger-crack.exe
  "C:\Users\Admin\Downloads\httpdebugger-crack.exe"
  2⤵
  - Executes dropped EXE
  PID:5392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:376

C:\Users\Admin\Downloads\httpdebugger-crack.exe
"C:\Users\Admin\Downloads\httpdebugger-crack.exe"
1⤵
- Executes dropped EXE
PID:5572

C:\Users\Admin\Downloads\httpdebugger-crack.exe
"C:\Users\Admin\Downloads\httpdebugger-crack.exe"
1⤵
- Executes dropped EXE
PID:3760

C:\Users\Admin\Downloads\httpdebugger-crack.exe
"C:\Users\Admin\Downloads\httpdebugger-crack.exe"
1⤵
- Executes dropped EXE
PID:6020

C:\Users\Admin\Downloads\httpdebugger-crack.exe
"C:\Users\Admin\Downloads\httpdebugger-crack.exe"
1⤵
- Executes dropped EXE
PID:1884

C:\Users\Admin\Downloads\httpdebugger-crack.exe
"C:\Users\Admin\Downloads\httpdebugger-crack.exe"
1⤵
- Executes dropped EXE
PID:5472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0f2c770f9bd9dfb95c48ad4a38d9b436

SHA1
ebb4de53d1c46dd63c54b738d02dc35c63f88a62

SHA256
f05402374f201652dc769625cb267fda299d95f547ba044f7f275b9fa84af2bd

SHA512
8e59bcbee1fd7ff29ae1af1c53550ed65cdaf8133adcdb885d43ad678682a7b2773be9fe3e3afa102b32bdfd4376368db22d04659cb0e3e700afd50b76190a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6973dc4091f65170f31b787cb64cea31

SHA1
8603c4712bea8b749a19ee38ff4588238d796e24

SHA256
0a1129ae24f094109133315d788ec1b9c9e4b00c0f337f79c71fdd23dfe15b7d

SHA512
763bc0f06d49937003a4629b0846ef7d8d72e82b2d170da45d21d0c835828c8d4103e7adb67f16caedca9f3f0a4940c74ba67a5139b3d762951acdc2ff148c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
dc4e8a4d43b025c971ed964a1ddd4330

SHA1
099ae956c23968058ec90f11ca8515072fbeaf9e

SHA256
82c46775246f181654ef04ab129a96010c3f0c6eac4451b28990ebe3b6e4c20e

SHA512
9e107a5ac588af052981c92766415f176c657c3dcd073e15354dc2d051064fdfda39ebd088012ba4c02c326283215d8315a89f1a52f4b7748e782dde45132dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a2466e10a53ff40230173ab9cb9fd0a8

SHA1
18a92fcec7f04320431f6c8672253d99a6eb4c4c

SHA256
10ca6010fef312ac4410cb9f130fceadfc3d2cccf5024175104a490dd8613981

SHA512
b740664a6237fa5b82e62883c7df5acf6ce66d54d752b8622a3000361295949ad7a3a2ab3b47f95b3bf7d3524752574d1d49737bfb02a9a9d40bb2a0bfa41725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c623f80c4efe7a8766ed9e74c9f51fd6

SHA1
008af8b16b42d751ca94f857665af4a316763759

SHA256
5c2167ca8ca7e922a7ba2eff3468bd73775805d7404a38765538e21584eb1bec

SHA512
adbb4682e88f1ffbf8bc0bf197c95bd846dc3c150995b16e66d43a89ee8fb2da16f9e6a0646c6ebc904e5084a75f1c2e88708c7d505d88d16179e2437c24c702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8b5da11d6f639556a901faeaec2369f7

SHA1
1696e54fc41122064ea4a13897fc099bb5f9cd75

SHA256
a3ff2bf5787c552f174018b6c32feff1f61928a978b582b734ab5803990e0552

SHA512
0812336f7692de398aaa2c6ef883b09348e98cb29b33e933b04361321e98c4540057dec2c5c03758b01f6583415526a84fd9886946d5abe1a33e138bc5c01e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15172b45ac98e63f43449e30391e01ab

SHA1
42e8801b04397a3508d086c938316c4a57188b6b

SHA256
9c2ceb073e4c98e1b593313181194cac6dab866977b65552fe1dee67ba77c872

SHA512
faee889d6e6c2d93346540b848f4ea99b5b5447d295beda01cd43e706503622b8a5ce4b3055328e1752334b0dbda95468cf235aadd506d5930f1f208a01d09e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d4e483eb81618d7b9d5b82d49aa7542

SHA1
a7579ded0518e1b9b14eb34344d4ac798460fbd1

SHA256
aa19beeb9c40a1cf2831e0a006b67a86912d47d94b961c12818eff27cd03af0a

SHA512
3943ced3037f3bd588030040d48c7634cf2316b17169fe5e2de9a6047e9f026ee97cf8c969a8c414cc9febdf1fa1be43c52272c6f47ea66467feed31fd4bef33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
442caab742c1291dffabdd43a621812a

SHA1
8db23f0d23a1bdebcb4a7de18f4acc9c0fb5a050

SHA256
ea1cb8d8e40b5ee43bce6dc089e4e7d67ddb33ac82ae14a340d9df687e596f50

SHA512
54fe4a704888088435cc936d5f0d97679df18fa01854ee6cd02609a1e5c0101966469c0dd250e590b21d788fe4640af812585a0f5c29d0e95432132f06b2f787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7d3f99733f3e498aa1a361baced870d

SHA1
fe4b10ffab1ade1d5847c2762bfb9c39c316e710

SHA256
98ae558ac3fc68d0a010893e09a11ca3f094389e18c0cdef5a2f87d9afff7393

SHA512
6c0abc67d0291baf02e6f64780e4617dc955dc8d5432a1354179e06625ef1ec999ddcfacd77bfd703c08d26160eb900333fa74150b7f72903f2e291e27f8526d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af3b7edd3d74e264bb303517ab39c0e0

SHA1
5c019aa875a662bfa1d903fa5ce3fbdcbad554e8

SHA256
acfc8fdbf34ffddd450a6b2a2a6c12ff1fb432e8bca2ee68dc45d5ccd144cdb3

SHA512
ccd76072814e4f6f620af34de2b4fb00c5459f7338fd1550e139f74fac618ebbb315dbb106f5f3267aa06bb9ee57740ab1945978157b6a067fb3fb6419b8421e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf65af84b9bf79acae90940c04bcb6a4

SHA1
3bd20901ee2d387ac4e7c29d1d5c9b41f5f77d1a

SHA256
4a5973b78969f34274574ffe5c2af2171544440e099bd5f6aa76e3a0c7d1be58

SHA512
1e9012fca1bf269eb02b12e7e2dae26ebae472f440a76e8bf46ee5819877b6f270efdeb4deeffb0c79376be7fc00d52f426839c47d5fd2b3b1aea6dd7ed1f3da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ef93f66dc93f5d33c0e960a64c23d1f3

SHA1
db79ce50b3b2c2047ce160b4e341a114acea5340

SHA256
3f4ae7c30f043e84a64e2b9fcfc0f11c11c7d963638171aef8e1f07cc1da4b52

SHA512
b15d008eecaff30d094bf99ddef103be8d403486c8c9efc5bdc783b21411d938dcbb84cce63f76551d475209f6f13847ddf5d704cc491ef30346d1fa1191d83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
c82280c89c0615c359f156e8cb31cac3

SHA1
afa3d80d2aa6f93717e92977b6886280f1183112

SHA256
bd9247f0dae9517e9d987256ec1e900615023127ae26eee9a20f163e49827622

SHA512
2d60d8a11284c87aecb84e03cbf5647e0426205ab673cc3774cea93b358de5ac49fba763956b5968c285e8560bacb2588a109d1196dce8d51565ab11ec91b5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
fb9da23d5973c85c1ad88c0a8073bfca

SHA1
160fa02dfaa9d165f22231135041767a3d83bf4d

SHA256
7757de1c44e68c79acd5d0c82d296db74edf9f101d2d30bde358f939f91772c0

SHA512
d867068b457c4320c4d621ca4b97ab33ac8340dccd9f5a8829ed87df3da715ae26e335a983875c184134d36cdc67d0ebc35e8dacc1f8ad719f0d897ed4c6d1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e12cd233fe1ca997532893229cba533e

SHA1
2b310288158c995c5e5ea3610d56c9fa6ed3d012

SHA256
d1b6737425fa4bdf65d8ada81a19d75367bc1fadfc5ca55c47617f294f509129

SHA512
ca80de815e7f81c5d64cb28822a4876aa937a36e280826b7426381542169a234f67e24c3d629cc6258bd107bab0b82775ee9c56a65f3f4b85c92fc258c8702b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5eb8540bb3ccea649ea9e8dc7e828df

SHA1
f4c6801bd41321f12f09f02fbc3f35002b8f56d2

SHA256
b431839acc555a142c5f91d4b5aa4ae97911c5577d76b123af4ef1524227af62

SHA512
b133fd29a36daff3901c2bd1fba8ed374b9ea7c232ede45457b0ee16dc33a4fa846b9011c0c4bc41e2aa68938849639365bc8900ef87db79962656580f5785ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e825a28c6f2005c8ae726abe8f449f82

SHA1
62367050129321225d0563e2f289988f6a710e72

SHA256
b7fb0c32b4bfaf7421cdc142dd97817055de6607d0ae8bd236f2c8d9e24c1e70

SHA512
b22a186db0c83b4f92345450551df216daff8c9e659def8f9717ab5ee32d6ce518af751de4ddc446a1666e2c12035ffa922133a2e04496f41bacb00db12df8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1bb1d87b64d9d9ba92bfde8eb3cc2234

SHA1
8b0cc95fa3341a4ec27d0d252081cd665d53c2aa

SHA256
3803ed9a4c47460d3727f2b708b0108f82aa4b989333b335c2f388ba91b75a63

SHA512
3d9cdf8d3789d52082c39ba506b09a60581701dc905637a39f58a447b72bf925ec4dc4ad39c7d77351288c456ba35b88ad3b2be87fca5388e511def3d6c9fb63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
757a597670d1476b333a6e87ff10009a

SHA1
707ddc7f459261e37345a92d290569f577a3b4f6

SHA256
d2a6f2f8ae535afa8de44db1565fd474a5d19440b9781125463365cd47c69d38

SHA512
ad126185a72d26da2a2dd33a1fc0562392bdba29c5d8213d7d2ecefbe8b029c549e871b25747c19105520783cacc3c41ec7b4af728928379114819832ab0e1de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594caf.TMP

Filesize
1KB

MD5
52eba43da2e1784c605fdb8abea35ac7

SHA1
8b07528b2ec0335ba4f55e638919b637221337f9

SHA256
628a44bc2bb2cd7b47727ca4a4c0a62983a27d50a69221447c10c1b88766f028

SHA512
7ea593e324e4e25ea39f919d95a824a8725f17a1cd946c0f08d6133c70e60e50f56b8d74d1d34a6953c9a565a79559a9200b250b047da173db5c8cc6dd82b809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e1b10096cc90386fdbac85966da59702

SHA1
eb37f5a3d91d3c0afb28a500b34cc0810d1eb8db

SHA256
a2dfd6c304a5bdd6ad54c78033ce8f74341ce193b2b88a7b3c913f368a2aebb2

SHA512
d3fbf29f6ff6633a3e3f200f686d31bf1a7fb4da0755563b942dbeba6b79e138118a01061f4114388082077e64775443d8a72527a98f1ea17138ead3b7d0b5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f8069e17a9196514238964fe2140f68d

SHA1
d4046f36724c502c08eec7972044f429c438607a

SHA256
c33120142a4fe2128afef14ce74a37dc31e9dea77822247209011d6eb1cec370

SHA512
d33015413142af8a4a1a70c927ee53d267e924f632d3da5bcd1457e750a2da6b2d102769e187e11fffb4eda005be814f5cf1ec9346c1f3f082f7239e14f82fd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 203843.crdownload

Filesize
81KB

MD5
f177d9fd359dc75989f2b4c2d2d988cd

SHA1
44dc346f48294d00e6bc92fb399091349f745a6d

SHA256
49f706b6d36e0e9f7349a72a43795ad6a1222e06589bc88b6219a4398abebc9b

SHA512
7cf9bf25682e1a8d1b63eb0d8fe2bdba879ce25b9a372c9ced80e086035647992f9f14a89db8d7c1c5650963c791eaf26028a3744e32dd7c07ed95607b1a1610

Download Submit