Overview

overview

6

Static

static

1

URLScan

urlscan

https://github.com/D...

windows11-21h2-x64

6

Resubmissions

12-03-2024 13:56

240312-q87ansac8v 6

12-03-2024 13:54

240312-q7hwpacd34 6

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-03-2024 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb484a3cb8,0x7ffb484a3cc8,0x7ffb484a3cd8
      2⤵
        PID:4212
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
        2⤵
          PID:3700
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1724
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
          2⤵
            PID:2184
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
            2⤵
              PID:1432
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:924
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                2⤵
                  PID:5040
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1900
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
                  2⤵
                    PID:4724
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
                    2⤵
                      PID:1556
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5000
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
                      2⤵
                        PID:3896
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
                        2⤵
                          PID:4244
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
                          2⤵
                            PID:5020
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5140 /prefetch:8
                            2⤵
                              PID:4928
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6052 /prefetch:8
                              2⤵
                              • Modifies registry class
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2416
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                              2⤵
                                PID:1224
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
                                2⤵
                                  PID:2688
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                                  2⤵
                                    PID:2196
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:8
                                    2⤵
                                    • NTFS ADS
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2544
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
                                    2⤵
                                      PID:3180
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                                      2⤵
                                        PID:5028
                                      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""
                                        2⤵
                                        • Checks processor information in registry
                                        • Enumerates system info in registry
                                        • Suspicious behavior: AddClipboardFormatListener
                                        • Suspicious use of SetWindowsHookEx
                                        PID:4716
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
                                        2⤵
                                          PID:784
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
                                          2⤵
                                            PID:2512
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
                                            2⤵
                                              PID:1504
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
                                              2⤵
                                                PID:2812
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                                                2⤵
                                                  PID:4688
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
                                                  2⤵
                                                    PID:3552
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
                                                    2⤵
                                                      PID:796
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6660 /prefetch:2
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:4920
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
                                                      2⤵
                                                        PID:4972
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
                                                        2⤵
                                                          PID:1028
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
                                                          2⤵
                                                            PID:4492
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
                                                            2⤵
                                                              PID:3852
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13617313364208941728,15642475368981487247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
                                                              2⤵
                                                                PID:764
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:1156
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:2360

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  d459a8c16562fb3f4b1d7cadaca620aa

                                                                  SHA1

                                                                  7810bf83e8c362e0c69298e8c16964ed48a90d3a

                                                                  SHA256

                                                                  fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

                                                                  SHA512

                                                                  35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  656bb397c72d15efa159441f116440a6

                                                                  SHA1

                                                                  5b57747d6fdd99160af6d3e580114dbbd351921f

                                                                  SHA256

                                                                  770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

                                                                  SHA512

                                                                  5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
                                                                  Filesize

                                                                  64KB

                                                                  MD5

                                                                  d6b36c7d4b06f140f860ddc91a4c659c

                                                                  SHA1

                                                                  ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                                  SHA256

                                                                  34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                                  SHA512

                                                                  2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
                                                                  Filesize

                                                                  69KB

                                                                  MD5

                                                                  a127a49f49671771565e01d883a5e4fa

                                                                  SHA1

                                                                  09ec098e238b34c09406628c6bee1b81472fc003

                                                                  SHA256

                                                                  3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

                                                                  SHA512

                                                                  61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  a6222b53397f819f5fb8c2bc64cd5283

                                                                  SHA1

                                                                  f0492d58e17e50a81db5c04c6e7c431bbb3cb6de

                                                                  SHA256

                                                                  2361e61876b9a3dc4d0c92852dee6053e4ee3975edf43ebac6bf9573e097de43

                                                                  SHA512

                                                                  b0f47ef5e969387ad449ff23d145eec517bf821558eee03757bf45efb6a5311b89cd4817a13e0802e5b01451142878d7a9944efc03fc83bdc1b959562fed2364

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                  Filesize

                                                                  1019B

                                                                  MD5

                                                                  0d093b181f24db87edaac468813669b6

                                                                  SHA1

                                                                  ec29b85699bdc07a8acc23fc01402dd5c9d3e516

                                                                  SHA256

                                                                  7faf2d7c4a3360a0285f030c2b3316b1bb51a2460aa34663eec31fae1ba9182e

                                                                  SHA512

                                                                  c6702dc4902f6acfe586ecae526e25bf0fc2c58761d08d41e50e1e88df29f6fd9fb106b3bcfddc1ed9b333a9ef908e28ffcb9d2e1c6a38a3ed80214ed078ea60

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  1f87556654776506c9505c046fc01cfe

                                                                  SHA1

                                                                  2c6de8f586c66f73f5c8137bb4f28e4df99a2c0d

                                                                  SHA256

                                                                  ab65d66b41928ea8c2fd55e79650056c42328921f82d836166990884a2915fad

                                                                  SHA512

                                                                  c554ffee13675ad524838c2256193aa306be0fb387ebf505fc847a3ab6fa04ac51708a222f9ba590b8c44f3d14b80812d2bf4514422f283436700ebdd4276697

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  5b318829e58ea9cf707fb286fde5d926

                                                                  SHA1

                                                                  2ca61603127815ebe10072473feb7375d9e3302e

                                                                  SHA256

                                                                  880d25c4e2ce1146c4427a6286f424c3fb109c119216f9d92bd26818dce904d0

                                                                  SHA512

                                                                  e155c3c7d092f353596145cfefc2e422d91601b4cc12aee722981afd91fd0cc4f08d1e63ccfda7a9e6816b25756f604e35b8dcdc9819fb3306f5c6f3a3c17262

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  b7f8ebf6c37ab8c2ffded3f6531e9f67

                                                                  SHA1

                                                                  8ad1c424cd5cfa66da5d6c1b8f5ae5caafd8fc60

                                                                  SHA256

                                                                  e25b378646686512d90df928e17180b069d86ac1365f21123f8970c28c9b81ed

                                                                  SHA512

                                                                  ab38478de74ca4204390bb6c7d492b531082dd664be69f7d2333b4f9b7f17823e8ec6a1137a1bbfb842baefc0f67d86214f6d89c7496565282ff6f31eb9005fe

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  4a1e79b1eb77e3613d73ab734594610d

                                                                  SHA1

                                                                  379d4b24f2d9e8c47e92922da50a758b8a8f402c

                                                                  SHA256

                                                                  214118c6ceaf977a45ad89412093aa25f95d9ccf50720cddf5527c34529adffe

                                                                  SHA512

                                                                  0a47eb7c1c5b46f70ffebd22b16352c0dfda65a5b97056666d3f31875c5729dece4ee268cb945b2762e45e3de7dd4cccda34fad483926d394e99ec9e0cf1c75d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  95332d751321c7539753b41a659f6954

                                                                  SHA1

                                                                  29f2d93e98909a5a9c1b6def73aa899e6a06ab5f

                                                                  SHA256

                                                                  6ce656326ff161b43dc8b4ad8df70a540f81a176b8b54c361a1a81fb1e20eb89

                                                                  SHA512

                                                                  6f519884a7b10ef52b042425a787e841d0c8ce0c8b31df6d861a1a049ee79db317e0b108ba2a7c73cc9358a4ee72dd1e734d2834146a747dbff6f73806ceb0a1

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  e5b54458005a2fa31d8b58b3bcc273f7

                                                                  SHA1

                                                                  33aae899672811f19869594eae4634dc045b7a7d

                                                                  SHA256

                                                                  365d9fc05d783ba196cca5c0911e0f9cdc7cf371c3a619f358b7718693053b41

                                                                  SHA512

                                                                  1f34c5ad72f6e1a0a6442a746407a657ab1964032ef24f5712e9e437ae3fe5ca250d8529020638832008ba743b7ee3e2101bccf40fc11ce3195ebe8a4fecf76b

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  4d11fe3b71d6d631f8f55464aa3f2b0f

                                                                  SHA1

                                                                  8be0480eeb40f416a6a15e08779d9862cb0d043e

                                                                  SHA256

                                                                  8101d7ed23b33e087e2f6d4750867272c1af0d7e18aeacabba9d3707f3d6a63f

                                                                  SHA512

                                                                  f2feb80acac887bd94080551de15cb16fc88985cc3cb8581e71e156ab87c2eb5d8a6fea2ba66e01818671bf308b70415c92fddff643542409e549d1cdc315589

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  6323fee63e264910ef4ce0648b72b8f9

                                                                  SHA1

                                                                  cd0fcffe66653ea9085684d2c704da91dce17928

                                                                  SHA256

                                                                  b015fff37e86b92e97b27f66162b3bb3668ffffe4f935f480a6645a6cead3496

                                                                  SHA512

                                                                  ec2146a90f83605a85c248c4b000db29859deee48463f99ac91b0551da6f1a48693f8314735018094ed2de4386492d2303e73efaf4cddbd237f82f37bd4a0578

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  da0dd61ccb4a77fdd026c4b501120a79

                                                                  SHA1

                                                                  db5fb7c04e9dbc403e2347a2a73c5c99137f27b7

                                                                  SHA256

                                                                  0091c22d24c101e2d7dbb50640cbd983951ed5e374d2cb74f72791acd96d2d1b

                                                                  SHA512

                                                                  6a978fee88ccf4b7a8bdd49cc0d5743112ff6c86fdc0f058deb5b15459c495ea6b72fe17528f702f5ef9a7a410941be273b34eca36670c6d4e6fc7180cf784b9

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  ae489d1abb2c072d69369df71bdb822b

                                                                  SHA1

                                                                  a2d7a0a7f4eb325738220402ea0ae03fe7e2f9e6

                                                                  SHA256

                                                                  2651337e81bf0b3c3930ccb2c46be5cf63f2f8783949fa01a54080c06a41adc4

                                                                  SHA512

                                                                  70707917658601d3d2d9111ee3a2954954742d6c2bf8741d8efc5eec900aba6dddb95bede4f763e1ef8a713900c52f4b25a37d65622b35ad006afb7c47ea601e

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  62ce74a9f66174fae5ce2fd043d2b297

                                                                  SHA1

                                                                  5e61b583a7af003375bb56139667fbe04a78e6ff

                                                                  SHA256

                                                                  2f1db7a6b0727f1271097cc6a62b4891ee4552735752e7b71737ff8d26531d86

                                                                  SHA512

                                                                  63c68880e80bfc6ee7667922702b74d40c1201b2a23aa9905d02a0935ff1f8daac8ae69fe8a37c76e5b679cf9e874b0a876d9fa91ae9daccc6769863614599c2

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c4f6.TMP
                                                                  Filesize

                                                                  874B

                                                                  MD5

                                                                  e10f43755f0c4c532c848841fe30e20b

                                                                  SHA1

                                                                  b438c8f85ce469cad7e427a811e37477fcdfcd80

                                                                  SHA256

                                                                  737a9047a931b8f9884e198c1c50cc0bcbc640e1a0a14735d44f9445ae02184b

                                                                  SHA512

                                                                  d967c1ca25ae0477464dc22201fcdb0a7dca788e958b6dbc979a2107b331e000912fd78a8cf9519785d3f382fa6aa6be28453070b8d316cc6336fad51241b40c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                  SHA1

                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                  SHA256

                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                  SHA512

                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  12KB

                                                                  MD5

                                                                  efc06bf86e6b20631a22308230d8ad8a

                                                                  SHA1

                                                                  61f95b14ded134f8c57ef34ea24bb93817c8ca01

                                                                  SHA256

                                                                  25fb9d368d37b294e1e77b27f90e6c7c7e0e9b39be63485ddf6b0219d1699c82

                                                                  SHA512

                                                                  6f8fb5129b3fd8bf84653efbf87f02bda84ba3153b20a7381bf978005d1349145d3a103c291b6ec39049937c57b6772addcac6c0a63aa9eed10984452bf4a4c9

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  b514184c920cc686d4e6ad5afac8d578

                                                                  SHA1

                                                                  b91edb21a449e7179cad8c8d4e9d7c8da9247125

                                                                  SHA256

                                                                  5a5b9d71f6d4b6dac29161b7b6346308c7d713727725d851fea5941f294de9cf

                                                                  SHA512

                                                                  9bad81f792bc51d37b3db96e2bcd8ee07f9e14af970a9df2fa8854e16fa54bf62574f9c6c5879980e83c13763e701958bb34ccd424c886e7122569e06a303736

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  12KB

                                                                  MD5

                                                                  0ca831307046cb2e32743d1ab6003a75

                                                                  SHA1

                                                                  b9fa62fb93555f276364cc32411c331290d9d4ef

                                                                  SHA256

                                                                  819f015352c9b403e827e2b559a1ab838202f55f6ea58c30e9ffb41ebf2a3d1a

                                                                  SHA512

                                                                  2c33ddbf38aca0e02342b5ae4df1dea75cf7e2e943a93096cf3fac110e65c024c2e59360efb6a54feb0a94d889826e33342f2d832d0e23f7eac0080dcb082198

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                  Filesize

                                                                  247B

                                                                  MD5

                                                                  d2d393b7b5d35d025ed98a03fa939638

                                                                  SHA1

                                                                  483c2ebfdd96bc4d86c49f9b0c1c08b7416a056e

                                                                  SHA256

                                                                  8df4ef0fae9e88abf12ba2689a6d053fa685073c0233412cc9c6061700922f6e

                                                                  SHA512

                                                                  f85e0759accc31ac0a004ff42f97ce44992f59d608eedb618d052bdab1d4d4200de2948d483324a8150d70b8acb5eb73830027ef23541a82461b48949ed850ac

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  0fe23b7430c17b89cd083a597100b025

                                                                  SHA1

                                                                  b34d42e28882e4f312f19c33c1dd105571110ec1

                                                                  SHA256

                                                                  158012c22fb6865945903e2b17a2bd8a18657fe20626a2069c002a44a6d27779

                                                                  SHA512

                                                                  02682c1e8223f97ad94e6fc5d3d46653ddedcafdc39bc7126b62cb448b5027c61cbd54f793827066641aeb581291f1153292abc275839a3e0409ee51d181bdd0

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  3dc9616a4867a375aceffebf9702831d

                                                                  SHA1

                                                                  77bc1fd6dc08ff42efa6a65f36d0ab7ce453ff76

                                                                  SHA256

                                                                  1b9e37375587605c4fdb8aa2a8dcc36f15ae4756a3c1b5574e67617d3fa4b63a

                                                                  SHA512

                                                                  f998a3e1668b8664b958c8417726ea95d4b792dd47458ac55db9d344e2af92b290fa014a71725299b81d3f1756187e34c1b9e322f9bbd7321ad9b2f7d3ccd1e0

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  5561fd76f40fa9382dce3538eab7ea85

                                                                  SHA1

                                                                  4db49b97052c96b42adffe3c0bf8603805a10d5b

                                                                  SHA256

                                                                  673b728f994d6fa4bfcca02d1b59efed328c9fa06a8d11434b762e0b41db014b

                                                                  SHA512

                                                                  8aeb4d8b58eefdde8b5af44922bb5903ed047096401e02dcab8845c4f58e67f5aed2f1edd9850990724e07c25093b6d092eb928aeb9467de4fe923bbaa149f98

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\Melissa.doc
                                                                  Filesize

                                                                  40KB

                                                                  MD5

                                                                  4b68fdec8e89b3983ceb5190a2924003

                                                                  SHA1

                                                                  45588547dc335d87ea5768512b9f3fc72ffd84a3

                                                                  SHA256

                                                                  554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca

                                                                  SHA512

                                                                  b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\Melissa.doc:Zone.Identifier
                                                                  Filesize

                                                                  55B

                                                                  MD5

                                                                  0f98a5550abe0fb880568b1480c96a1c

                                                                  SHA1

                                                                  d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                  SHA256

                                                                  2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                  SHA512

                                                                  dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                  Download Submit

                                                                • memory/4716-502-0x00007FFB57260000-0x00007FFB57469000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                  Download

                                                                • memory/4716-494-0x00007FFB57260000-0x00007FFB57469000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                  Download

                                                                • memory/4716-493-0x00007FFB172F0000-0x00007FFB17300000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/4716-503-0x00007FFB55660000-0x00007FFB5571D000-memory.dmp

                                                                  Filesize

                                                                  756KB

                                                                  Download

                                                                • memory/4716-504-0x00007FFB14750000-0x00007FFB14760000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/4716-505-0x00007FFB14750000-0x00007FFB14760000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/4716-496-0x00007FFB172F0000-0x00007FFB17300000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/4716-495-0x00007FFB57260000-0x00007FFB57469000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                  Download

                                                                • memory/4716-500-0x00007FFB57260000-0x00007FFB57469000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                  Download

                                                                • memory/4716-501-0x00007FFB55660000-0x00007FFB5571D000-memory.dmp

                                                                  Filesize

                                                                  756KB

                                                                  Download

                                                                • memory/4716-492-0x00007FFB57260000-0x00007FFB57469000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                  Download

                                                                • memory/4716-586-0x00007FFB57260000-0x00007FFB57469000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                  Download

                                                                • memory/4716-587-0x00007FFB57260000-0x00007FFB57469000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                  Download

                                                                • memory/4716-588-0x00007FFB55660000-0x00007FFB5571D000-memory.dmp

                                                                  Filesize

                                                                  756KB

                                                                  Download

                                                                • memory/4716-589-0x00007FFB57260000-0x00007FFB57469000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                  Download

                                                                • memory/4716-491-0x00007FFB172F0000-0x00007FFB17300000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/4716-490-0x00007FFB172F0000-0x00007FFB17300000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/4716-499-0x00007FFB57260000-0x00007FFB57469000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                  Download

                                                                • memory/4716-498-0x00007FFB172F0000-0x00007FFB17300000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/4716-497-0x00007FFB57260000-0x00007FFB57469000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                  Download