hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

19/02/2024, 16:03

240219-thbb4aga25 10

19/02/2024, 15:59

240219-tfg2vsfh53 6

19/02/2024, 15:56

240219-tdfe9afg83 6

Analysis

max time kernel
170s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
102	raw.githubusercontent.com
103	raw.githubusercontent.com
35	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
2420	msedge.exe
2420	msedge.exe
3920	identity_helper.exe
3920	identity_helper.exe
1516	msedge.exe
1516	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1584	2420	msedge.exe	86
PID 2420 wrote to memory of 1584	2420	msedge.exe	86
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4400	2420	msedge.exe	89
PID 2420 wrote to memory of 4336	2420	msedge.exe	87
PID 2420 wrote to memory of 4336	2420	msedge.exe	87
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88
PID 2420 wrote to memory of 212	2420	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c68e46f8,0x7ff8c68e4708,0x7ff8c68e4718
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,3218269150703387947,18402342164768922830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2548

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e56d0a9761972bdcf6584967a17f09e1

SHA1
db8d396df3573c6a9c726e34451376a0f078f713

SHA256
7fbab86fc2076a618a2a9ca614cd889037652c1c0611994b063743567e52d82a

SHA512
510aa34c340bd5b04530fe3dcca52082ace0cdf11e41c1bb5b28136c9072186a2b9f0d86040f0a64d67b4865765a2d7424121804119c50596357d736fdecc091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
55a6be125a3c33ced51b52863503e248

SHA1
f9eacae84fb419dcca160234b2fa7111fbe65492

SHA256
03c54c13527007b89f9545e6b8965141995684f3428d96a173119e677ac34613

SHA512
879b0702366b86665786fc71c7e4bf4a06a332264469db8712bd2c3341518655066014c9dac137d7a280416bc4eaa7562b612e878f6396ca30068b80acbf3acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
f83773a679edc3c4703652b91dd47495

SHA1
1bc6265839181383818c7e3862fd165fb6d0918a

SHA256
dee5ecb4508cda27c1f9cc2a4c4b98b99698c322fbce2d59c7ea758ac90222f4

SHA512
4b7318590553c7de646b838216fa68ce8671aa0deb9cf59c9bceed2e4553560b65b8f053e91708e70e7756411cbf7c1a37370a8def4bccdbb9b23427e1b1210e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c79d8343d85ef142c070b86b9d0e90bf

SHA1
921ae0d889cae2c08d0da3e542383fed4a16b110

SHA256
cfd95f8425418a15420f9193052c19088eb0355dc007e5519f68777066dab1ad

SHA512
877144adfa4c013113aa89dcd45770388ad134c7cc9f30fb47229bc21f36c780a39a6613ed375258b4f4553cfc97274346298c719f7d8181c6b5c42618668628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31cebf479023285ab178615e4d55d6e6

SHA1
6ea6e2161392cc1c0e3b1863e66ca82966afe64c

SHA256
f640becfcb0c6b1fb8cd86f97c97a166747604ec90c32ae0dfca47480bdd0f52

SHA512
e3b04271f6352dce51fff41971e122684903df583528da4f6515cfdb44ca2648a82227505c03647f1d914e714060e050aa177553e8f0b80c28194c2ded09016a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5444589ad7c267b135ebd0a1eb89a977

SHA1
3d8de7eb5ebda21d8553aff171f9ddfd05fb9dc8

SHA256
dc7584b3b7f1503ee0f078070a2443bca297aa0b237737afb6deb948632bdc0e

SHA512
f45b9c24085d8e30a0088feb3a91567c4316d0639c4f9adccd91c412e22a431a30988a045c0a2a2c9c8084a708e5be68a5d85907a97644606f16e268715ba714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
08e2764e30a1c92f6a4afe8fd70db220

SHA1
467fa041a2df64f70eb0673b7d6a71f045fd1d07

SHA256
074c5a71d0457dcca0a1b15b7358cac624eab2d0febb995cc6e58eb5eb4f4e24

SHA512
be06e5f8a21b734ebb929bbbfc07c4b3a8d9ddf66dbe9fbed9df54642f4860d8991edae1c4b1676fa85248ee0fa3547a1cd7e938a5f7f574a2d50a82a68e2f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42ea43c944908ff61aa8576e38bef482

SHA1
18f4ab49a4c43dcff64a7aed17fb71b302c4b11c

SHA256
fdecca2143a4e4c60260087f75ac5397aee7469a4ecc6de3856b1eb9b2f79a76

SHA512
35e20053de2aba9925f96ae3549bf42cd042f24f9b4c4fc4f3ee2a6c56265eb31805712c4db8d46d4f63203d27b45d66a7137f8d21e138156d282dade134b30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6acaef5566a5911aef0c4205cc38dd99

SHA1
cafde41ab43f3964d2c63282eacbb37fe0cefc84

SHA256
d2e4b8ad2b8e7f60f00baee6a77f5a93c7d0fb674f8d71ba6e99969a197c25b4

SHA512
75da557ad4cf0b5bb5e170e414219ea51ec36d2909c9c4b7968dafa5b3b7c4904d224a5f5b26798d4b2b81f34bba7794b0706a530937e0d0216198e62c353714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1764e523db9814426083f1904c6a2981

SHA1
6b839442ccf7521bffd84b49aa023c17c8764466

SHA256
6664d303f6d36ce4eacb8970c3522ab878dc66b54bb46dee8339bf4a598a4ac1

SHA512
74f354b97263c4e2fef176ec1060ac964fc986c0846781e80253a08d88203351ba96502b845d240243ce5ae0963c343bdb602bf957163d9759bc6b650f189147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d8a745377510485c02404c63656471c4

SHA1
4ad28b4e77295b578c76039237b1653013756620

SHA256
96290c58943fc35182c07a74a3480006f1ff162853acb47b36feda80208273b2

SHA512
418243c5104094a78478a22e36bedd61d787f2bec2ef81ed10eecb76ac8278eaaedf969c53d14f2b8d9be03549725fcc0097271ea1283ed5c1504005c3b5e296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08dd0b81f16641b53e688ca06cf893cf

SHA1
897770fb96d285d0a0eefe507559ed8d94899c4f

SHA256
c2ec643c17b943d3b4c73a4a40b137cb8e0c2fd54e4f84e7e1645616ecb2343d

SHA512
6f89f0c47635537935d74cf15791db7ea6fa0d299400e74ec6d30d93a58e40ad4a17a2cbb139d38f7b01d23875d9f14b17079e1f7e1f48c6a189242d8fc73d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5eea38354aa7e6d975df54b3b915c343

SHA1
9fc4e09462cd67d15a71a17ce6ae19282a0b0905

SHA256
f62075042921155d6a9c9f58ea07392cdeed14e6c87c0c679b5f4065c912726c

SHA512
7103e38bcd2f57073746fcfe77b71607b8793181195852ae48f5c078c74ff46e0de8ee0289c5942ab3406e35845a0d2b4076286f9e5266e3f68daea3aa1fb623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
189c3b6cf81230d685af96338a6ba00b

SHA1
922aa7252dbea6a2f4bbd1388ad2103a76862a66

SHA256
78e31c7597725887b153bd6e6912c22573f48d20269a4afe5b627bb5497a9dbd

SHA512
551940ca08882f4a604d9b4eef68c7ef9d19b6dc012a91149e90ecddbe1da22ea5ed41cf4e18e20db93f1bb61a021ca0130f77f47535c37530583da79c1f6e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a0d4.TMP

Filesize
1KB

MD5
5f747e266d4afe35fbde1d5f046a0852

SHA1
a38e014d644770ee27c3a46035cf9e28b1438d13

SHA256
aa30d759deaea93353ec918ec5c69e88e0cc2b7f233e2349e0c13a070288258b

SHA512
1958ed86a569c63c40bbb8af1bd435cf017d442043e3d02e088aaf595ce1ad57d07de36354d6dbe0941e660a24e825e2df46b89a510c18a423f3205734df9f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d01d4c19-fbc3-42b9-ad6b-7fad3d751f18.tmp

Filesize
10KB

MD5
c2c5e506a7fa3e35aa624b09f6052761

SHA1
41d02dea5b70c800ac197f3a6f02202ebbf3222f

SHA256
5b447f0393b52cbbd71b84fec5b4f48901065d99634c575300041c328c24891e

SHA512
55d2fa67968936817a40d8b0f5956aecd10ab90ab8d88683e6d85f23c7dd3e13f3fb3ddd1b6a193c7555f7e4815c827cf12e90d96853815f48cda80794fcebb5

Download Submit
C:\Users\Admin\Downloads\NoEscape.zip

Filesize
616KB

MD5
ef4fdf65fc90bfda8d1d2ae6d20aff60

SHA1
9431227836440c78f12bfb2cb3247d59f4d4640b

SHA256
47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

SHA512
6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

Download Submit