Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows11-21h2-x64

Analysis

  • max time kernel
    210s
  • max time network
    211s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07-03-2024 13:06

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Signatures

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Renames multiple (536) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Downloads MZ/PE file
  • Drops startup file 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops desktop.ini file(s) 64 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Interacts with shadow copies 2 TTPs 2 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 7 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 44 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:232
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe91363cb8,0x7ffe91363cc8,0x7ffe91363cd8
      2⤵
        PID:4776
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
        2⤵
          PID:3144
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:764
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
          2⤵
            PID:4548
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
            2⤵
              PID:4200
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:3028
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1760
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:3612
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
                2⤵
                  PID:3712
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
                  2⤵
                    PID:1596
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2076 /prefetch:1
                    2⤵
                      PID:1944
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                      2⤵
                        PID:960
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
                        2⤵
                          PID:4004
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6324 /prefetch:8
                          2⤵
                            PID:4664
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1
                            2⤵
                              PID:2144
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,12864623586224787833,4845825146352992121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
                              2⤵
                              • NTFS ADS
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1484
                            • C:\Users\Admin\Downloads\CoronaVirus.exe
                              "C:\Users\Admin\Downloads\CoronaVirus.exe"
                              2⤵
                              • Drops startup file
                              • Executes dropped EXE
                              • Adds Run key to start application
                              • Drops desktop.ini file(s)
                              • Drops file in System32 directory
                              • Drops file in Program Files directory
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2528
                              • C:\Windows\system32\cmd.exe
                                "C:\Windows\system32\cmd.exe"
                                3⤵
                                  PID:3528
                                  • C:\Windows\system32\mode.com
                                    mode con cp select=1251
                                    4⤵
                                      PID:31404
                                    • C:\Windows\system32\vssadmin.exe
                                      vssadmin delete shadows /all /quiet
                                      4⤵
                                      • Interacts with shadow copies
                                      PID:31248
                                  • C:\Windows\system32\cmd.exe
                                    "C:\Windows\system32\cmd.exe"
                                    3⤵
                                      PID:31024
                                      • C:\Windows\system32\mode.com
                                        mode con cp select=1251
                                        4⤵
                                          PID:8228
                                        • C:\Windows\system32\vssadmin.exe
                                          vssadmin delete shadows /all /quiet
                                          4⤵
                                          • Interacts with shadow copies
                                          PID:17972
                                      • C:\Windows\System32\mshta.exe
                                        "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                        3⤵
                                          PID:31200
                                        • C:\Windows\System32\mshta.exe
                                          "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                          3⤵
                                            PID:31204
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:4396
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:4976
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                            1⤵
                                              PID:21384
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffe91363cb8,0x7ffe91363cc8,0x7ffe91363cd8
                                                2⤵
                                                  PID:39416
                                              • C:\Windows\system32\vssvc.exe
                                                C:\Windows\system32\vssvc.exe
                                                1⤵
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:31472
                                              • C:\Windows\system32\BackgroundTransferHost.exe
                                                "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                                1⤵
                                                • Modifies registry class
                                                PID:17640
                                              • C:\Windows\system32\werfault.exe
                                                werfault.exe /h /shared Global\3139b229038747a8a224b786cdfd46ad /t 31240 /p 31204
                                                1⤵
                                                  PID:31300
                                                • C:\Windows\system32\werfault.exe
                                                  werfault.exe /h /shared Global\2c0fe4e662a34904a6e95d3118c6762a /t 31212 /p 31200
                                                  1⤵
                                                    PID:30848
                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
                                                    1⤵
                                                      PID:30564
                                                    • C:\Windows\system32\BackgroundTransferHost.exe
                                                      "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                                      1⤵
                                                      • Modifies registry class
                                                      PID:30096
                                                    • C:\Windows\SysWOW64\DllHost.exe
                                                      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                      1⤵
                                                        PID:19340
                                                      • C:\Windows\system32\rundll32.exe
                                                        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
                                                        1⤵
                                                          PID:19464
                                                        • C:\Windows\system32\LogonUI.exe
                                                          "LogonUI.exe" /flags:0x4 /state0:0xa3a3f855 /state1:0x41c64e6d
                                                          1⤵
                                                          • Modifies data under HKEY_USERS
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:10904

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id-5A376A68.[[email protected]].ncov
                                                          Filesize

                                                          256KB

                                                          MD5

                                                          ec87a838931d4d5d2e94a04644788a55

                                                          SHA1

                                                          2e000fa7e85759c7f4c254d4d9c33ef481e459a7

                                                          SHA256

                                                          8a39d2abd3999ab73c34db2476849cddf303ce389b35826850f9a700589b4a90

                                                          SHA512

                                                          9dd0c30167fbeaf68dfbbad8e1af552a7a1fcae120b6e04f1b41fa76c76d5a78922ff828f5cffd8c02965cde57d63dcbfb4c479b3cb49c9d8107a7d5244e9d03

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          d459a8c16562fb3f4b1d7cadaca620aa

                                                          SHA1

                                                          7810bf83e8c362e0c69298e8c16964ed48a90d3a

                                                          SHA256

                                                          fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

                                                          SHA512

                                                          35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          656bb397c72d15efa159441f116440a6

                                                          SHA1

                                                          5b57747d6fdd99160af6d3e580114dbbd351921f

                                                          SHA256

                                                          770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

                                                          SHA512

                                                          5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          927fb4584238f46845ad3ae491bcb66e

                                                          SHA1

                                                          333ef9a2fa598ea7db1160c5bed772c9721fe075

                                                          SHA256

                                                          02b7f0428f80939a9bf1b66957ac6bba76f61ce85e8e6957ce9f1139c790d318

                                                          SHA512

                                                          16b89da5ab5cc680a3d2f434c4f9234fd4836318b603498b15961fd59c7b4df88061787eb12eab085377f76b9a2c27ee98c4a2de1d654584d419f21f6cd64d89

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat
                                                          Filesize

                                                          20B

                                                          MD5

                                                          9e4e94633b73f4a7680240a0ffd6cd2c

                                                          SHA1

                                                          e68e02453ce22736169a56fdb59043d33668368f

                                                          SHA256

                                                          41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                                          SHA512

                                                          193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
                                                          Filesize

                                                          4.8MB

                                                          MD5

                                                          0e028373253991690b510d946d27e4df

                                                          SHA1

                                                          83beee8fdb2b7409d344df3de08d87dd861a8c3a

                                                          SHA256

                                                          1ad67131e712fc1227d9386bcfc2b0298129508596b223c5e091eaf0553ba81d

                                                          SHA512

                                                          ba003a937a0601d80c31e8f9b9a798669385f19363d2f83d67db9d0b9ba87e4e5db8f8f596b80b24885dcc8dfa054e5840d1fe2d61beab9a4b86e92265851408

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
                                                          Filesize

                                                          1.0MB

                                                          MD5

                                                          055d1462f66a350d9886542d4d79bc2b

                                                          SHA1

                                                          f1086d2f667d807dbb1aa362a7a809ea119f2565

                                                          SHA256

                                                          dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

                                                          SHA512

                                                          2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          d49b70242b38debf869727fa5cc5ce32

                                                          SHA1

                                                          10b7b019eab07d0b69456293c357f0e052f88145

                                                          SHA256

                                                          ecf9206fa458d3b6a050ba28c53756a0b56e1d3d3e2b2b7bab5262a703431c2d

                                                          SHA512

                                                          d84ef3187886416d84185d00a67edd9b69050f33ad0044343cf9ab7e28d46a79b0a6a85d49ac9c101e2ab76c14b627e3e12036e9b10e4ba82d93e0ebad977ff6

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          ad9bce077eeec17ee726bafd783c0875

                                                          SHA1

                                                          9cd048efbec97136dd731114fd538007cbf387b6

                                                          SHA256

                                                          731358b9928ea53310f019ac4cca8da3c24629c1f0c77981414ffcf5f9a454f5

                                                          SHA512

                                                          82f803cfe234063b66ae856b28ec5da15b127a3f94644e2c1a5a70dac6c4066e8481628f982d16d50b8922d22db9358a1e92bbe47c902e34b044efb8549da788

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          111B

                                                          MD5

                                                          285252a2f6327d41eab203dc2f402c67

                                                          SHA1

                                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                          SHA256

                                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                          SHA512

                                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          496B

                                                          MD5

                                                          b4890e2bf1a6243de5f1b691bb5026c9

                                                          SHA1

                                                          51a01aaa8eedb53c5ff539a69ed4fd0642c9421e

                                                          SHA256

                                                          55ded3dc66445931d2f2b337bb034a81f7946ac589500db64bd2deff49e68d6a

                                                          SHA512

                                                          962cf7a8fb4396af71f63a7d82d6561a5cbb04aa39e56eb55784283841680f6434eb33756ef9723d29c48a1dbd55ac6d3f0cefd8d453c418a76135c7eae43ecd

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          579B

                                                          MD5

                                                          e759df8f84c0cd3ff96061ba6bee78a7

                                                          SHA1

                                                          f49d2cbdbb93ce945da16e76fd52c79fa62440fd

                                                          SHA256

                                                          4e29e9d883a87d353ed5b81b18b11a772c8771bf5e6e728a0f2af6cb041e9c76

                                                          SHA512

                                                          6715796834e1968e81d5e4e25f67649a8166d0391223bfb6d2f710c66f1e2c1d8d9e7f0789c8420b2ee0c9822629057181fe84f8d51ca17ee1527e40f0f9a66d

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          39df5f98ed577d26e371c811abf4a58c

                                                          SHA1

                                                          753728d0ea2b41c10df1db4cbb8d6de3129ea177

                                                          SHA256

                                                          cdc5dc5771299e1720382ecf2a82ac9c21bc31dcaf314e0c9c2f0bed03949096

                                                          SHA512

                                                          fcc8ad43d871ebb11be39d3c669d5f48ed4e846e8bd47d3f8be09eec14fda5ffac1d8c2ccb1d4cc80ed9bf32aeffe7b7f8e3258663e0516b1312876f5a993116

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          679b639bab1e098db1290a0872de300e

                                                          SHA1

                                                          cbc236cea1fe3bb9a217e19101b970ff8c85570b

                                                          SHA256

                                                          5a22c271dddca015e0c78366186670cc951afd2f9bb8ff19d320ce2a51d928b2

                                                          SHA512

                                                          c92ccf02f75e33f5aa5d696fa992655549f5391b49fcf9cba339864153abc9598d93cc864a2391976aa6f6e85266e5162a50b6119a83f8ce21d87de00dbcc14c

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          6efaefc25be507a0c4b5f9f02b108c20

                                                          SHA1

                                                          81e708feab67f94ae7b6a2e37ae454e016528e4b

                                                          SHA256

                                                          76b86ad9994951d32a3d1fd9b268252666afbc25aacb4bc4c56eab16f961a2a5

                                                          SHA512

                                                          82610fe29e85e886680108ad82a9c928cc164e4feed83dc602ec0091d269b2373a398dd814829e6a3540af3ab895babc9ae0265941b8a1667f5e17f19af83d67

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          f11e1d5ba0cc78219611dd3830e5d908

                                                          SHA1

                                                          ceedfc17fa303bbd8c5ddddcd5632c0bccac834d

                                                          SHA256

                                                          1dcc7d47dc8cfa5533be4b441dae94d0564b6939d5287426d9e5584f9f1cf9c3

                                                          SHA512

                                                          e44228a1ca0cbdcebbe8b34768a36cba5c18ea30f1af8d23554ac8ccf28dffad77f4e002f7cd6513a2635691abc274d8c62065a155c87d7624100049d3405b9e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          874B

                                                          MD5

                                                          e0aab47927182e0cea4383a28c085d57

                                                          SHA1

                                                          6d02f66498750fdc09b25fe64599dd867a37c426

                                                          SHA256

                                                          c54023101305d0b351c0c02a94c2771d5323e54bff48ed52a06f27929cb953ae

                                                          SHA512

                                                          c18c845084955a5f0705ff60242446f41b2c5cbd97813ab20e4ebf14e542f5c6005f4aff68bf92df4b067bcb8105053c06d979d0a1cfa8dd2cccb4af989d9b81

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          874B

                                                          MD5

                                                          411d1e178ef575ab856d15b966519b3f

                                                          SHA1

                                                          cb280a8e51babc1d0e4ddc9b00dc0b7f5e63156f

                                                          SHA256

                                                          057c0a2ace6a1e5733d6f0e1722d512ed12d961c0c386b56055ad532ba2d807d

                                                          SHA512

                                                          67d1d3e9cecd6b50ec8e052e47b54c0a581ddd89bc8bad36af95f843265e8fab7d76baf31eb7b9764679bcf69def83c2031bd97de88e647f171b0e2c27dc1169

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5816bf.TMP
                                                          Filesize

                                                          874B

                                                          MD5

                                                          490b5a8cef66d55dd1c7694f901636db

                                                          SHA1

                                                          1b6792533682eb830c1648e583c77904bbccfd7e

                                                          SHA256

                                                          2d51f8949f08f182c2e0dcc9d181b8f729aac2608e9fa58cc227723ded210d17

                                                          SHA512

                                                          96736bd93d8b3e10ed3fb5025a2ea40f1f6729c8050266c7ae353f1460db54594d6b2c4e203400a0208c83616dfff0ab601c7b04f7888e456b68117c0bb6782f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          206702161f94c5cd39fadd03f4014d98

                                                          SHA1

                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                          SHA256

                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                          SHA512

                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          46295cac801e5d4857d09837238a6394

                                                          SHA1

                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                          SHA256

                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                          SHA512

                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          9168e174e8e6f971c03981e8fde4cdd5

                                                          SHA1

                                                          b9a312979cd3217bf1be7b6dcca80775b146f0bb

                                                          SHA256

                                                          859fd85270512884e2fdbe10c59eb9d16dac2629a50be0578aec1582a9de40cc

                                                          SHA512

                                                          3b1cdf3b95e88cba8c0f038cd9bd73e2a8111dbb8258333fbc2c870ec6f9d83b6bfabd39ef934187ea9cb961385167b7cd3e4166fb0c59bcca4d2eb94068c3ad

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          12KB

                                                          MD5

                                                          d4f02e11419353d3ab6141101963f5e7

                                                          SHA1

                                                          678af536193abb777188e32e214c0ca3c8446f8a

                                                          SHA256

                                                          77711ee1bb03ac055ff56ae4f108f6404838b3f687882778852551c66df7c6d8

                                                          SHA512

                                                          b1b19e31cae50324d1a3e28dee2c1f9b835afaff6982c1bee7e5a976a4c85c8228f4e9d0732143ca5af48b83ccb2ab70a760435c243e5ee326afea9986192b23

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          12KB

                                                          MD5

                                                          2dca9dd0319eded96ebd902c956e9e02

                                                          SHA1

                                                          b3a7e86f977e6874d3ef2d8b7664ca0b5dd7f6a8

                                                          SHA256

                                                          1b1ec6a84cbd0395cf7d44f9db3952d65cb0212e61a471ae17ce2da195a26bd7

                                                          SHA512

                                                          3084be3195e694dc37a050d55af24b4e99c9144e53ddc476a77742a94800b5981d5d5dd3730867fd49e65ec78f54648a37d1ca1dcf953e516e3abd35d42ee4b5

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\a8b6a4e0-ba80-43e1-85b9-ae22a0ae1901.down_data
                                                          Filesize

                                                          555KB

                                                          MD5

                                                          5683c0028832cae4ef93ca39c8ac5029

                                                          SHA1

                                                          248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                          SHA256

                                                          855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                          SHA512

                                                          aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier
                                                          Filesize

                                                          226B

                                                          MD5

                                                          f666bcd0f18fe20b4e1d2cc6ff4d457d

                                                          SHA1

                                                          c0e1a9558aef254f4d239e3119b22595abc9fefe

                                                          SHA256

                                                          a8ebf443d49c424ab052274355c5a91541e6bb504aa86dbca620d04bdd2631ff

                                                          SHA512

                                                          736a813a0d3d368d93e1fcfcff626232a19967ebdbf1243e0ec1731c890cd17165d0c3a3467447d7e8d66f861618d41941584014c709309a0dd89f8f890d8f45

                                                          Download Submit

                                                        • memory/2528-479-0x000000000A6A0000-0x000000000A6D4000-memory.dmp

                                                          Filesize

                                                          208KB

                                                          Download

                                                        • memory/2528-480-0x0000000000400000-0x000000000056F000-memory.dmp

                                                          Filesize

                                                          1.4MB

                                                          Download

                                                        • memory/2528-7629-0x0000000000400000-0x000000000056F000-memory.dmp

                                                          Filesize

                                                          1.4MB

                                                          Download

                                                        • memory/2528-351-0x0000000000400000-0x000000000056F000-memory.dmp

                                                          Filesize

                                                          1.4MB

                                                          Download

                                                        • memory/2528-24263-0x000000000A6A0000-0x000000000A6D4000-memory.dmp

                                                          Filesize

                                                          208KB

                                                          Download