hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

07/05/2024, 00:05

240507-adkv7ahe4v 8

06/05/2024, 23:49

240506-3t63ksbh68 10

06/05/2024, 23:46

240506-3shzcsbg86 8

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06/05/2024, 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2972	WindowsUpdate.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
88	raw.githubusercontent.com
89	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 191935.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
3116	msedge.exe
3116	msedge.exe
4824	identity_helper.exe
4824	identity_helper.exe
3636	msedge.exe
3636	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
2972	WindowsUpdate.exe
2972	WindowsUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
2972	WindowsUpdate.exe
2972	WindowsUpdate.exe
2972	WindowsUpdate.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
2972	WindowsUpdate.exe
2972	WindowsUpdate.exe
2972	WindowsUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 4428	3116	msedge.exe	84
PID 3116 wrote to memory of 4428	3116	msedge.exe	84
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 3720	3116	msedge.exe	85
PID 3116 wrote to memory of 1460	3116	msedge.exe	86
PID 3116 wrote to memory of 1460	3116	msedge.exe	86
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87
PID 3116 wrote to memory of 4452	3116	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ab2a46f8,0x7ff9ab2a4708,0x7ff9ab2a4718
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2416 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3380 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10143698950693189596,7900794439698317498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:3196
- C:\Users\Admin\Downloads\WindowsUpdate.exe
  "C:\Users\Admin\Downloads\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
305e2d01118f94fdaf76e9fc332eba61

SHA1
262ba44ae318f2f317e167f155eb1de0b79d15c8

SHA256
f8d25ea67f5d1ed6a1df87b2634ebb7cf278320f42d84a4e760abf1fe988d54b

SHA512
6b0a956c249de711bc79102d581fd9c4a3cef92e856c6a5298bcd933af12d7b16800b4c488339b4d39f84305917831bd3a68fdf03de3fa0aea9668fa94966704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cbbd06e3fc2aca21f7b4e4c9aba08985

SHA1
0b422155bcc23c39176ce000d5985c6500536cb5

SHA256
da8fa4c8a7ec786ba198d9a7e0385e824a81993774126694077a580238a439a7

SHA512
868eafa4599be6f324d37290fa1c857d18d1da46aacc601fbe596947801eb6100783eb0dcea2b44e50f09949d888be08d75a00446fe78215563f315ea4810b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d5d4e9d036208c371f64e2c678dc6225

SHA1
366c0d28b496464f2b2e7ecc5f6828ce30c3047f

SHA256
60ad99f1e86b9976aa84a1c64aef95d48711eec67b725ca15399a3a7356b27a6

SHA512
69f697b5aebe0d65827619ad5091a55c25786a5ea45ae044e77ada367fb84838c3d255bd74444115b954ded2bbf8d1bca3ade0079cc55694031b5429de8c4039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
d6e3bf37c442b2d39e58f791930e5310

SHA1
8320df56dcc995ad18a087e3bce42bb574653689

SHA256
ce37006c5534f3037bcaf0609401c0e0e7b35625d49aff65bc1e9577e01a95b0

SHA512
7f59b78af656aa8f9bf3152dae5056586c5d79f35cefc29699f57c5832a4cc2ebfe6bd9ecc7587fccde524a4ea31d4e4aa9b8a0d50279ca6a52883b70bf2da28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
1b92794633aaa7d8ca83e408ef516a36

SHA1
4ae0678d6cf8abedb3e9819fc9d7d715d3f72bb6

SHA256
0ff76dc871bd6e59abe386781ef988b4c8d734bca726a4d1eb556d3d78f1e7e0

SHA512
698bb4adf1932dd48fbffb344b0053b9dc753b97a92d88a26341e0c3b0fa2e03481c5193bd2b4a1caaa2aa2f00e41eae73c53aaadc1ac6bb8be17d0f229a61bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1f1da074d475da00022b445cfef26e8

SHA1
4ed461fdc6ea4119d35e4988d889b1d0d3d7e625

SHA256
9d62f1bdd607e91bab972805a3c2d883e9664c83ab61c299cd005699c65520b0

SHA512
4bc438abb5c1d9fba181e79ff69e8f5fb7e2acd49c2e05c94e99c67e7c58de883a37965057712e9b4c1f77fada9b96d50a2707a8381ebd58ecd38559a0254b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
142b07f043024019b930c2474f902c84

SHA1
d612e74557d21b7e61cc1889c487fac4cd6f9703

SHA256
a31a5d31105475439d14b0b6fe6c1594b4c58058b3f7e652befe4cbbe0a9b13d

SHA512
af33cceab77c0a92ec6ec153273a43d80f624de06483c1aa46a34fe64bd6ee14e92da74b53da221fda429dd556c762b8e05fa4110ee3060914f4f0ca4940177a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b3ca5e25ddfe395a87e16f5a17e16fc7

SHA1
09b2dc0924f16ed1f14665b5b70eebd2321ddaac

SHA256
97cb7b069164ec9c18834b4ae37737762d179a0e4822ede407a959e4ea8b7117

SHA512
6369175439d2a126ffa712ca62555eb3a3b5488c21bb92008eea2d5dcb97ac01cacbd4d199220ce6313085b9eb227695a2e735a8cac8f34fd90f27d52f4cc10e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2855ede3732eaa7a7c4d22aa6ba317af

SHA1
d2915c1705fa7966681bbf1bc5d700d43a94b230

SHA256
785d29ac780ea1c1b8b51071fff4c1d3eac4d6f7d3d9195914a2ecb2ad10a963

SHA512
a9575a2417abea020d25bd0e3f7d1f0a827a72cd53d24cfa1306239ac39f97e5195520ced2c89f3a837d513ab1a07cff6c05a091f55d2d4013ac6b0ea47a0589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
da5d6702fb14a5d5cdb1541fe5007200

SHA1
9d08ae1b08960b03f560c8cad80f837e415f2923

SHA256
c891babf04e47b605c7d4941215b2491efc1360ab2dd2e0738463d0fb2e05b0b

SHA512
99e12943baadcf3b381d5e963a7b3a85a2cbe068c3ee01a1aa7bedfbb7f548506a631cd8d8adcda44188074172e5a9943cab068c842d86b1ec0314ba8ee0020f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61fc1db16f5028de9c05255f61eaa256

SHA1
2546d5cd722d1da913a46c78cef90e247b21b8f1

SHA256
ae71de60452c5785c4c0116a8600028906c6088eda6876bc62e860479ad0de26

SHA512
09e2a85335f62c47895e6cb90e68e1b56fb119143f455638e93679696a1e2506338d14885c8f07633f6b606745f8c917d8678538765d5f648805617d4f39a7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
7fab5d754d98a9cb9ede32699bc90027

SHA1
409b1d956dd66f412f19ffb11188281845334d10

SHA256
5e87de8df75625af77e13bcb1783ba852200d5eb9ebe5da67b2feb4f7063e3e0

SHA512
b9a218437c6368cd0c78039b78812ee847e27a68d18395151ec219985978e977d48f8b8f021518183c8242f495a2976f9176575b9dd30092a9f06ca3a3772fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
888f7716c644b39dbec480f6b0f32e51

SHA1
f949c76a04a73066f144825ce299c975a0e27d1e

SHA256
b97f3250b44ac1a5f368b8f41c8c17e34727b26afb6a19fbef2a647e2c813569

SHA512
b7da13121bd34b2a65992b0e328052d8f3e3cf9b00c82447fd9b2f1273b9c85448a6ed2d97dcae2894969da10b2c2582bfa8cc68bc3114d88520e720844a8a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65f3f47841d32ae92290ad39ef5e71f9

SHA1
fe75f42f1cf24ac893a4982cd7c39325c49cb1c7

SHA256
2d71d09c1276c8da9d930f96666946b53f6f11031bee1cf1521e52ac3fa8e84b

SHA512
4726ede54f1c64a99caa1afbe69d322ebdfb21df887e08586c5c7c1d71806b97fb3872cb6057a067d9c13fccfc842010251cf2168b2d2e26d46151e583e80ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4f58476afd776a64ce425352f28b74a

SHA1
d991c7ae35226d7848da154a2d144c8ede89a186

SHA256
703b5ffdfc90eac38eaaab3bd93684972d22d7ca51ffcb39818d2066519c33ed

SHA512
3feb0ebd330240f929550ed109379dcce450e8b28cff67463c6d33d0c534fa3ea7caa3d0049c5aee975966d34bcd8714f2fbf64d093324a457814863f5d65a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ba57.TMP

Filesize
874B

MD5
60bba9416f78d1fa305105de070f92ec

SHA1
2d614ad97137b8851e918437f1bf6532c7c0cccf

SHA256
e9bfcaddef3b03b379ee0ee8a88d5f0f383afc2df9b133acd4a4689e1c7b7c6a

SHA512
feba0d2799a9c0af6e0a21ea18f0340fe284d82f2150caa8c7e1660a607d1241e1beb0007f599611697afc72430325fdf1b5df8652547287f21cf4e6feea2b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ec4da156f0984ab5c4113456b6e3126a

SHA1
afd5409f60627ccd65e6a7bed459d72f9806a98a

SHA256
34ff3553731b599e5271cfc4ab74d328f10e818cfe2e26dc8b469f4be75c5f7a

SHA512
d340e8a706e2968fda59844decf58c3a82959269df1606c2e83788ac676224807fbddb9a2aad750ca9fc410687f4dc392069725eb141e10c899a3a2e11a71283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f5fd83c4956768cb812cbdc40294b89d

SHA1
d8852008b279fe474780a5e767218c58d700eaf5

SHA256
7d55f4d3897e083ff607002f5f5c29e049750a33d9336e08eec9ae62579fe556

SHA512
44bf04899b8ba6e21c927588ffd8d6050c34d63fc4752f136bf4e906d17fabe2d636868c5c62c545578af66c20bd93927d235f0edbc5c72d2008ed24467959ed

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 191935.crdownload

Filesize
760KB

MD5
515198a8dfa7825f746d5921a4bc4db9

SHA1
e1da0b7f046886c1c4ff6993f7f98ee9a1bc90ae

SHA256
0fda176b199295f72fafc3bc25cefa27fa44ed7712c3a24ca2409217e430436d

SHA512
9e47037fe40b79ebf056a9c6279e318d85da9cd7e633230129d77a1b8637ecbafc60be38dd21ca9077ebfcb9260d87ff7fcc85b8699b3135148fe956972de3e8

Download Submit
memory/2972-472-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/2972-505-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download