hxxps://github[.]com/Endermanch/MalwareDatabase

Analysis

max time kernel
208s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 19:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
36	camo.githubusercontent.com
83	raw.githubusercontent.com
84	raw.githubusercontent.com
30	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
5076	msedge.exe
5076	msedge.exe
4248	identity_helper.exe
4248	identity_helper.exe
832	msedge.exe
832	msedge.exe
312	msedge.exe
312	msedge.exe
1028	msedge.exe
1028	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 3700	5076	msedge.exe	90
PID 5076 wrote to memory of 3700	5076	msedge.exe	90
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 5040	5076	msedge.exe	92
PID 5076 wrote to memory of 4856	5076	msedge.exe	91
PID 5076 wrote to memory of 4856	5076	msedge.exe	91
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93
PID 5076 wrote to memory of 3364	5076	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffa607d46f8,0x7ffa607d4708,0x7ffa607d4718
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2029525203387868658,14869196358758043319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1668

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
98b670522224c9f8f673b865dde5e64c

SHA1
5087a341430ffcd3f5775d23480fc723851938ab

SHA256
c5f31d7af38f32bcf3662878ecd70a8aba155e2de9f96ddd6835500ab5bcc63b

SHA512
a47968ce5fd50afb75e40f642c51222685d8ae907bdc8b14da7b3e34d989c8c3b786912f309fe57a90871a90a3e8895c6ee7fc61412e6f34f0e1ed2926d65b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
20b611e708e5b74cb549858d634f38d2

SHA1
aa7cbbf9f289d14f2fd123da5677a925b3634a83

SHA256
c184e5784748110c85502acd7d511282c7e696f1888f9a80edcc2b4a92c1f67e

SHA512
3dc46b1016d35c35628b45f770866e1e30a40189c9097a019261641d648a3baf7cebd0ccd43607ead787abcb513e365f34d51567311dd3756f3b6f0f6da6ed87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
663B

MD5
a651e9854f1df19b3a36fa2485012af8

SHA1
493c250c2b071e95f1baed8cb6e4ead42c2cf9d3

SHA256
a4c977b42524304879425e33e4af9e8a2e83012455624b46fc77401f595c65c0

SHA512
44a43a48348f21cc7bc0a5df8c44969b4d2f922757eaa38727ff85dba2e29a6ab1bb8616beff12f5a0454142303ff76e44c8d1d1b57731a79f8bc39d7cc1d5d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
732c012f1c1f4079db50c10b5323e06f

SHA1
4a2cf50f9c943f9054e46b1c48079cdf5ac6ff34

SHA256
bb163cd2eeabdde3b609af735de50adc218b300a63b5823d40f95e885d09b54a

SHA512
86ef9a5adc6e51eee9aca6abffebd2890e4c16bf8f16e3b1711a8dab1e47b15631e7ed34875e44eeb44797186e037bbf7940bb174396515f4507bca103d3ead6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4d017ff0e32e3783ed7c873c27a5a2e

SHA1
8c05c8d2000aa855cef6d69e9bf67e96538d2564

SHA256
745612bad4f18224d88df39a928fd640598833c7f6ff236ee4e4f751ed4a9571

SHA512
3e7565506a130d3c074d8d84282fd0d08a021494e64b9ad107caa3a3b1e8496d4cc03ea05f2691260ac7a62ad482848ff1b10b6e9c184f04c705fdbe9dcb7b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cd7540ccd65642276960c32abe4e59d

SHA1
fa2adf241bae06ff01c2f5d6cab9ee0e220f5be8

SHA256
18714cc3f45a340556da931283b85b1fdc92861c4e6f351f503bb4994552863f

SHA512
56cda3bd144adaa6280fdde625f6cf9db9a344c7d607b22ccab688ab049dd88d18ff0a58732d656eec16b2939f06288d404cd2ca77f1777c8ff2c03e30d3dea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
87df0bca0554e012298cc564e69121ec

SHA1
dd150715a5e2e9f134df96bafcf2283487bba730

SHA256
157719f8569989affc4a525d5a4ac6ddb173938de2450c2af47dcda5b6dbd5c7

SHA512
9614b740c25927063a30256e1da4c83e9b3ef80b42115c58df9f3c710778b80f15dc7d18a60f08268e39fc0c5a072c8c1c32eda0ddcc7da7f0f016b2cb01582f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
03b54b2d918a78462990814ce7c9a78b

SHA1
fec2a02bcd274dfc3f32cc48f746b388dde3c0aa

SHA256
4c478772c215c5c52943ea72ccea28deb3e1e0f7a02471ad4eebea34ebed7c70

SHA512
b6b6c0f1e26b548d813e6b8479e09f71354071d9d6ecb3bd4829eea64f2792698c4022d9b1959521bdd09592cef8e0311f61d17fecef5ca130f4f8187d2d00e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
223ac8724e4ef16b3fa8d09ff794dceb

SHA1
e29db49650dce036e5dbe269f3502c466cea2d6d

SHA256
ffcde597bbb1eb35c63e175c0097027dd3d3f02174f68a13b1b6dd9f550705d7

SHA512
340314f7852cfeec468e7d5fbc11f8c137ae280f2c1add6dff125db0d936436a02477c9a5886993e1bb8c6932cab645ce10077d0539e9abe1e8d705fb1663a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84e5fbfba301a832b0267148d5626801

SHA1
83ba1f82662f12d10baf2d56f6b892dfaf4a06f7

SHA256
dd9035993200d7be2e0ce7a67c7938e7acbd73cd11b4d94c56e14ec38c660e1e

SHA512
02a1f9f6b1cc4d7522b94dadf6defccaff76d4866804afac36cf25f86194477ba24a5cc9403c2e79db5334cf7674b03ed62a164a97d8c640fde8b3fca934eccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad0f5e9b966cb45f56f9b8ef55709001

SHA1
87314507ce68a272e42b0bc0bdbc5833200eec9e

SHA256
6217c2aecd92060bb08b405316d351b0d21e28bad84be3959ff9ccc498f1cbc2

SHA512
154bec55a5088dbce313c7e350767593ddf5623b05a72f3c4c97ae08c19bd82bcc45c780aebd3e7b9e23530c98ba0267ce1dcba576c316ba7842d158af8fb2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
399ad4effec17380893a565f3409623a

SHA1
c03c19648f0932c5d0130429ece033e409307581

SHA256
c529f1d35e87f05c9c33618c6a70c7cb170137216a7744cf46cca41470c9438d

SHA512
41e8afad762c95e77ca45620d2b2accd4e0a62262d3d2e0b0df3241ceafa72593a16b1f441165aa0fcb1493846a2b7a16c2109ea935c1a678801e3aa913693d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
814f1cf6c877a3dba3ceedb709080346

SHA1
46f0aa32346d88b171445fbbba93ea1fb0110614

SHA256
8d78bd643b4301e9d16d11611688e47dbc0e6c9ac4a0f380e727e1cc62388988

SHA512
9bdfccdc405b401a46b2bb973e8595bca008173d1a6f159f4cadfbbab29571487e783fd0687c885454ed85864b34e8db99629f3514c264aa63f3280ce64b8147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1667ed899dba0846d4e916d1697db15d

SHA1
08fb711253ef29e710534dbb59ecb022ccad3178

SHA256
0a1c054dbde278f99d7d804ce5c91d70b1dc163f87c4e1e225881076273e9923

SHA512
715d78ad58bca753ac629e99836cae8bf406e384a29aa7a3184726f40ecf88a4cf99073d6c572188cde097fb5cfbaed8d1eafafe9a8486bb07f39e64f9c4f5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef2dba7cd9b32e33ab8bad08973dc1d4

SHA1
75dc67242e6f63f7c7322d71bdc1cd99d502129c

SHA256
b1b1bca36a90452b9a2942e1cbf3f5bb4b9f46618b6c45aee8d3995f312e7be7

SHA512
2843ce0239846d2a6d890e4990a0a7932d3a383b3226ece8fc8d2b0cff36ca45c313c092464f94971e074858d4938af394487200ac6dfad7fc1217ffe4543b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a7d9.TMP

Filesize
1KB

MD5
4be3c46ac8828cdd44e4e69866a44b44

SHA1
ae397baf999dbf4be5e13221baca0c2e44d4babf

SHA256
0f18239d77ce3b0a421e2468078fc61dca6dc2080fd90aec8a97d621f53354dd

SHA512
a862ce1757ab8dc42fd68d524242c11cdb3beb7258912ca575dbc4e2b6689ab5faae3047f4439df8f6690d627e6ccc192199c000812476f3cb25633ef3efcf42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d40ae5df65189364074b26dc3a167910

SHA1
3bf82e81c98e0f4cb533c8986fa34e1fcbc3ceac

SHA256
41135104e3fdc76ead7a0e3769f97f0d6e9805d092f20300a19a7d6667571aca

SHA512
b84c99c5ab82d02fb783ec3d8b150117ff5cefb42cd7fcc517e7d0f5a338f5de79887a4573415ed13bc26a5ac7672ea01f5502a39c84d49f72489dff92d6ecae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b3fee86e27e3012b8d3cd505c99ac633

SHA1
3b224c05bd178e04b88863e10c37d5fc161196bb

SHA256
1efa7761731d1fa24114a91b0e6f79e0e2b8d56dc4b9de00bc8899fdf2e88623

SHA512
a75322c8881fbb17391d803af5fdc778d5ddd29ec16e180e85baea7e53ff7461195afb1dde50557135b669bd108074330da659d18607f20ab8845880d0978df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c456f2ba534e3cf4f4c08a8c2070abd2

SHA1
5429c2a943c169354c054226355cd67ddee8bbdb

SHA256
849378962ebbbb10b698e5fd74535353a0ec11d765c5f43af812246b624a9156

SHA512
f81983f07cd9a833a8edb4ad8b7af8fca97345f6ab962f8b258d597dc4262f4150e2a7932ae7c8caf65c50110218d08053ec34916fcd17c416a6d604796dbe5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5b768b1c13bf6f6abfc44f2ef815a2d4

SHA1
31950d2fb75bbd388b0193d895d4cb0e8528e51a

SHA256
fefc54c627de4181aeff25dda35f77422e34c8c9cdf5218d27de44f21596c2ea

SHA512
6ee3a576282441ef9b51c6fbdbd40cb593fb2943d8b27c71218559e289d24f8715ec626fa3319b76aed791220a34f7a28420baa4b5bf65afd7b1a088fe1bbb9e

Download Submit
C:\Users\Admin\Downloads\ColorBug.zip

Filesize
28KB

MD5
34071c621da9508f92696709d71bb30a

SHA1
5817a14b8da5da5aecd59f5016c2b02fbbe2f631

SHA256
ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd

SHA512
eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45

Download Submit
C:\Users\Admin\Downloads\Fake BSOD.zip

Filesize
1KB

MD5
c6b06c0500818f136df2055b41dde49c

SHA1
e9f7e34dcc7f4f45d587ec597137662f382eac04

SHA256
d43d2e231c7f416890e625953db3fb24be2036fca879338dd0add0f456a90688

SHA512
fcde5e7db92d901f5da71a71c953ef62c6474ee8ea7ee83f8bbd9b53765c872cb1b5635d30a7090e18d0169129cf44613df5014999356681e517bddaf417120e

Download Submit
C:\Users\Admin\Downloads\PowerPoint.zip

Filesize
66KB

MD5
196611c89b3b180d8a638d11d50926ed

SHA1
aa98b312dc0e9d7e59bef85b704ad87dc6c582d5

SHA256
4c10d3ddeba414775ebb5af4da5b7bb17ae52a92831fe09244f63c36b2c77f34

SHA512
19d60abf83b4a4fe5701e38e0c84f9492232ceb95b267ae5859c049cea12fee2328a5d26ffd850e38307fb10cb3955b7e5e49d916856c929442d45b87071d724

Download Submit