Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 02:18

General

  • Target

    https://cdn.discordapp.com/attachments/1241701744862564424/1250632024067149844/folder.rar?ex=666ba556&is=666a53d6&hm=1f14a3f8090c06905816d961fe3154a6dfb66319d270e6154e4c62d4440dc1fc&

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1241701744862564424/1250632024067149844/folder.rar?ex=666ba556&is=666a53d6&hm=1f14a3f8090c06905816d961fe3154a6dfb66319d270e6154e4c62d4440dc1fc&
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7b6d46f8,0x7ffd7b6d4708,0x7ffd7b6d4718
      2⤵
        PID:1072
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
        2⤵
          PID:4368
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3100
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
          2⤵
            PID:3396
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
            2⤵
              PID:2604
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
              2⤵
                PID:3468
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
                2⤵
                  PID:3644
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                  2⤵
                    PID:2992
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
                    2⤵
                      PID:4132
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4608
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                      2⤵
                        PID:3236
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                        2⤵
                          PID:3932
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                          2⤵
                            PID:2232
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
                            2⤵
                              PID:4432
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
                              2⤵
                                PID:1776
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                                2⤵
                                  PID:2416
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
                                  2⤵
                                    PID:2736
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4024 /prefetch:8
                                    2⤵
                                      PID:4664
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5852 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3892
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
                                      2⤵
                                        PID:1996
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
                                        2⤵
                                          PID:4564
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                                          2⤵
                                            PID:3544
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6108 /prefetch:2
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:3592
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
                                            2⤵
                                              PID:4084
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4084 /prefetch:8
                                              2⤵
                                                PID:3440
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                                                2⤵
                                                  PID:556
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:2872
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:928
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:2272
                                                  • C:\Windows\System32\rundll32.exe
                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                    1⤵
                                                      PID:3040
                                                    • C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe
                                                      "C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe"
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3936

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      477462b6ad8eaaf8d38f5e3a4daf17b0

                                                      SHA1

                                                      86174e670c44767c08a39cc2a53c09c318326201

                                                      SHA256

                                                      e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

                                                      SHA512

                                                      a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      b704c9ca0493bd4548ac9c69dc4a4f27

                                                      SHA1

                                                      a3e5e54e630dabe55ca18a798d9f5681e0620ba7

                                                      SHA256

                                                      2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

                                                      SHA512

                                                      69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63ee96d7-6630-4cf3-b8db-03fb5428dec4.tmp

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      00502cb462e342f654475e17b4d76ec2

                                                      SHA1

                                                      df2edcbc9ac643e4630b5ac85617890f697d98da

                                                      SHA256

                                                      13be651168cbe67eafceb3c86b50dccda23d8c1e344f0ecc022620040d214be6

                                                      SHA512

                                                      4c2dfcd4c02787619b74734707b218cd31b4c06557ccc443e523505c8a2daa1ce6fcc9ed3f4a4568c4640ef7ee4845cd0c806cfd637639396afe30e3cfa20fd7

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                      Filesize

                                                      64KB

                                                      MD5

                                                      d6b36c7d4b06f140f860ddc91a4c659c

                                                      SHA1

                                                      ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                      SHA256

                                                      34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                      SHA512

                                                      2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                      Filesize

                                                      67KB

                                                      MD5

                                                      bcf2d8d7778e1ebc837c3b75915335bc

                                                      SHA1

                                                      c7a1186fbbb39ac1a04b9cf64dba641cdd24c9d3

                                                      SHA256

                                                      3bc12ceb802ad6eddaa5ed768f42f33ec31626bd424f219b58713a4036b126b0

                                                      SHA512

                                                      4a9385156e524761a081780faccb8c6a4dbe0e0289c6707cedc07868ec167c82e4d06b199361186d508a4e8076a13e773b443868bbca116c7c0456d60e880ff9

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                      Filesize

                                                      41KB

                                                      MD5

                                                      b07fe559839d5ab1920a795bf8c5b074

                                                      SHA1

                                                      4e72cbb0858af473d7cf380cc4a704a8db52ffc8

                                                      SHA256

                                                      61a605bcaee63256c8bacac2d0a6c27deb9f9e38b581a54da4589744fc07dc52

                                                      SHA512

                                                      9331c10406ca27479657da7ac3fa16850e5002d9c45618f49bfb0108ce35abf3ddd157faee4cc52397dfd27184b9ea07918b727b6feb9be326396d18e5308cca

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                      Filesize

                                                      63KB

                                                      MD5

                                                      710d7637cc7e21b62fd3efe6aba1fd27

                                                      SHA1

                                                      8645d6b137064c7b38e10c736724e17787db6cf3

                                                      SHA256

                                                      c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

                                                      SHA512

                                                      19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                      Filesize

                                                      19KB

                                                      MD5

                                                      76a3f1e9a452564e0f8dce6c0ee111e8

                                                      SHA1

                                                      11c3d925cbc1a52d53584fd8606f8f713aa59114

                                                      SHA256

                                                      381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

                                                      SHA512

                                                      a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                      Filesize

                                                      88KB

                                                      MD5

                                                      b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                      SHA1

                                                      386ba241790252df01a6a028b3238de2f995a559

                                                      SHA256

                                                      b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                      SHA512

                                                      546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                      Filesize

                                                      1.2MB

                                                      MD5

                                                      76e2533d5c0f986355fe79efb4f5e4c3

                                                      SHA1

                                                      1f26c931a1b019c96159c055b72e400ffd34cb2f

                                                      SHA256

                                                      91c7483f7086c4019bee8005e6e32b15eea1d4c4e596c13bfbfb616d0f4f6a42

                                                      SHA512

                                                      07f9f9ad2bc1ad100135494c6d3662d3e169df0d949ecff246298b1e5b6f9ffa87c75cfba323f9d6d7ad0317dc19f95da6dc22df16cca3130f035dfb2145e764

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      d78048566bb9c3cd449bebbaaaec9c3f

                                                      SHA1

                                                      d72327d698dbd63483c58ff16379c8b0e525f2e5

                                                      SHA256

                                                      62b470eadacea73ec43d1129d9792f655917fbc5cfe57c536f2560627bf29724

                                                      SHA512

                                                      b9b1bcd80eb0d4b8c8531d3f23e066141caaf52f2a6b203372fe1d877e716a761e3bc4bd493ffb878b1136928724b93e08421423ccf7c249e980c5a0f3019ef7

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      4KB

                                                      MD5

                                                      a2724325f81e41c2ee96dfd0aafd2f08

                                                      SHA1

                                                      64b8982fb03e83f1c621ad57af34e2301c34df48

                                                      SHA256

                                                      70ad37203456e25496525146e519352c43b80f1bc298932a03579d566455de77

                                                      SHA512

                                                      1e49644cb233ca21d14e2ed31eb1445a8c025c18033debe4abdf0ad53ebf025cdd1b166ef75c41cdf51a1f7214d038f2718b4e88c8133f27e662698fea463401

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      847B

                                                      MD5

                                                      73180bf76c4a731def330dd524826969

                                                      SHA1

                                                      9638f853379b0a58a0bd2eb4fdc727ac984d4964

                                                      SHA256

                                                      9cb166b6210ccdd27af6fa0af7847d732cc8d6d4a9082a21725e0a8ae68c70ae

                                                      SHA512

                                                      381fd1ee294924ef0f65f70c6815b25bb8ddf4c50a4f22dee34823c355c3dc3453b00dafb418adaa270cfec86157e541d78bcb245e9d50a1a7843540344127e7

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      932f283003c9b0517f2f2c8294d3e453

                                                      SHA1

                                                      df565dde29ec3491b0ea55d1db5770c697f24883

                                                      SHA256

                                                      a99d831191d16effb510b59ff606a0bb0f0206d929ac3cadbb5a30f38a46bd10

                                                      SHA512

                                                      6162a15617f43b457b726a13a681c6d42fe25428a59dd4bd5bac1d422cc2e1ee6aab6b8b791fa0bb78c654e7b87a6e6666c82814f3ee627d794402a4fdce0dfc

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      7119cf80c65a0395cb3569e7cbb693c7

                                                      SHA1

                                                      02d70898ff914ffdc51d542bbbd2c24f18483e13

                                                      SHA256

                                                      c71cb26b8c8ca504ead7cd978445b8ec91b449b4541b5bb695c9ca22b618f307

                                                      SHA512

                                                      857f938b1935d83312c60714a69d0baf9759d0fa0c3873e6cda9b51bf2174de5407c4527bffdcafe20042218c49db08551c6ea4a6b6bbd979b7d6218a7a6070c

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      42f1fe861151e63b3c35a675fbc325cd

                                                      SHA1

                                                      bf50637190a74fd3c3122912e43a93d338a3d182

                                                      SHA256

                                                      cd951eba90bd8259e213f881818aa7e43a9496f15f997aee6792b5dff36c74aa

                                                      SHA512

                                                      3951ff8ae8442373fba20e1f77b0531604aad78e7d909ba5b24fe15ab47285a7772252abce8551abdcb0c7f0c225a86ed5e1719086edd113190eeaad312158f2

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      2b8ae7dc292da483ce9d5409fdfb4f26

                                                      SHA1

                                                      bbf79cd9d4e7d8be9790328e5e171ef6eae9c1ab

                                                      SHA256

                                                      630a4fa3a4ab8ccb348c391b107568ad399abd7a6da693aaea62b878b6baaae6

                                                      SHA512

                                                      81eecd2f7c21035b5a5ee63f28f9415cc8bce731f441d397ea16e00ab6079e06ddd0670881a9ce78769f5d6438d0e41c38f7db4da12ec00dc5888f4392129171

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      c7534d7bd42960d0134a232dbbdd1905

                                                      SHA1

                                                      30c50db9141e20be2bd6cd766c486ac591f8d8ba

                                                      SHA256

                                                      0e3f24ecb8a42f143a8af0b9e565753dc92a9e803cf58fb60abea1f3a0037928

                                                      SHA512

                                                      adad9ea4e315b88cd30b78541d4b036e61230ff6dcba8d475cdfe7fa230f21ac19c20773a22518c3b7f895afeb745b475e65511d3e53e8d2786791b2f1cedbc4

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      bd2b63d3058029b8a0743e21feef8a82

                                                      SHA1

                                                      a02b4cef6d8f5635298fee6e8a7fb178bfa1ca57

                                                      SHA256

                                                      a2de8e2c808d5f251b838b580c917e6643eb691ce2b2d8e54cfade3120e56ab2

                                                      SHA512

                                                      7353ddbb2735f9d6dc4c273aabf4eefd1d687e460f321dacc654ffbf0520a81de1ad2fc494be0b284abeccd8d7fb0c104f9cab60d75a3930e2c9941098aa11a6

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      130834410d62063c11fa393d7588f021

                                                      SHA1

                                                      c78c680c8bc3d69b77742e06c61bd4512309c912

                                                      SHA256

                                                      3a5cd3a288e08dfe6d4907d05ceba969c660c4562d6c8042cc97523d3b7ffdea

                                                      SHA512

                                                      b92c0be5069f9205d394bdf286b84b59185d8c32398a3a64b9e636e331e20c266c337d9ed32e11d615be14a1db16bc16476dcf63085b572cc2aab092fb8dce71

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      538B

                                                      MD5

                                                      b57663663b9cc908a184b6ce04b93d18

                                                      SHA1

                                                      7f174be5902484a09632279d4e424795bfc62d43

                                                      SHA256

                                                      aaf8405489692bea4d29c3a8722ea92e6a5d2e9ff87602f6db0f569256c4ea0a

                                                      SHA512

                                                      f61d1f231a09f006f3fcc135a727a889ba4fadd5c4fee69b214cc9b0297297f071d600a87933f4dcace3bb6f28376c015503552a374ceee6765ad039b73d053d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      a1339d1bd1718c5c1b594fc1a692aebf

                                                      SHA1

                                                      d96bfda2f5acc2e7ac796ff3f1543d80c3b07c4d

                                                      SHA256

                                                      4e7b5fbc1c18b3af549d546ea9651f0a18e2d5e5c0957ee02944a15274d0007b

                                                      SHA512

                                                      61aecde27ebda86d5dea2bf8e5478ee022b12ef862d45d11dc0581328aef7c8d1509a6a23e44be9d754436868b832ecc9373983de7f4475f568cc8d5d63ee427

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      1774a5f56584c975d6004d4ffe5bbf92

                                                      SHA1

                                                      3502bff8c9cf7d119b878c6025015ee3d199e320

                                                      SHA256

                                                      3c157fde7f972a2006091b4702f45a1f5f7ef29a61f3b55cf6509a8c56f46437

                                                      SHA512

                                                      0a37c1f08682c6531ab92e6e2d3681e263caf609fd79c7e4931e2dfad4896920a0d10e341e8f3ffb68b140bf9573c1764e23245f75188c840eccf232a5d44699

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      0f5dff76a00be81e8ce12ed7cb991380

                                                      SHA1

                                                      1cae7cc7091b6fecaa642530cdaf9051bd62689a

                                                      SHA256

                                                      432255d1927ebd63c4ba3506bbfec623cef1d01cafc527917aceea86a8d7afc1

                                                      SHA512

                                                      78302e26a38644ee09d7391ed6f4ffadff1f924ec2daa1903c37846650c83bf941797934c8cb5b4d85c5390f29195f26292dfe27a776b6f1edea5541f1d51073

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      6bad4e2bc1cffc34ff9b6b1756ca90a4

                                                      SHA1

                                                      19c69dc94b20910f024b022a76578964af8113e6

                                                      SHA256

                                                      05be6e231107bf1f4225abe7f8e68194790f8b392d51e5f79be649b9d2cd77b8

                                                      SHA512

                                                      7fb1083d276d83b84e7743833fc0cdb37dcc2ef50b908441a5025075e411cb28a5f2d488fca968c15a67ab14eceeb01a135983ac100b069a7921757598542199

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      50795f6d0c4bce95efc38994b3ee674b

                                                      SHA1

                                                      8263ffa0c9d41484385afdabd86e00e656e91682

                                                      SHA256

                                                      8849f5a3568e7782d9566fdfdc9d73dc8fff42944046d71ab5a8daa6c24e421d

                                                      SHA512

                                                      356fa86258019f79eb691e3b6ffd1891f628030503d6b7a6862202173273456a517e2999aae57a3a38eeb130659836bb9fb168aa1d13dc4c83f26e3bae7d075c

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      87812542be2431aaed279e8ff58507c6

                                                      SHA1

                                                      bad6807c06be38dfe29cd6d4fa72130eafe83b81

                                                      SHA256

                                                      bd2f37f70e0cfd5a16cd78cdc62ffda7a596dcf260133ea90e87d6ff0c7e414b

                                                      SHA512

                                                      a8c25718d3df7ae382c3fa34c8b96bbc0da6ce9e05086b38f230211762d4f7ccc03600fd49cc8bac77b211504ae3b88239c4d9874b38f14fda711f82905d5a14

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583498.TMP

                                                      Filesize

                                                      538B

                                                      MD5

                                                      942e383bbb1c89ed48c8b2f08f4af0c1

                                                      SHA1

                                                      a14868579923e615c369e8eb67121a68dfe16755

                                                      SHA256

                                                      8a9afdd97525e16bccd9aa4b85c1632352723eabcfefd681ce972b92101ce042

                                                      SHA512

                                                      0d800fe9f20323136380bdf3aac429f886d02978182377601680b7627790a85bc7a7e261d0b4b914a5f42258fda2159f8d25bd500d99dcb6cda08138cd0cec39

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                      Filesize

                                                      16B

                                                      MD5

                                                      6752a1d65b201c13b62ea44016eb221f

                                                      SHA1

                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                      SHA256

                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                      SHA512

                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      12KB

                                                      MD5

                                                      3b834ad4bb02cfdf16d2371a032aefe4

                                                      SHA1

                                                      8329f09f5fb8752047c0216f615a9ad78c7a6b1f

                                                      SHA256

                                                      07cc659bf7186593c67f52c1a03d68e9d50249e681bf6af2120b28a09211f378

                                                      SHA512

                                                      fbc769a23294e6a7268127d5faf006c76a63e4e5576400367a4a2c9869711e140016ca1d95dc0945632e264ecaf0dda51b7c592f684d0f9959bf0c2f4fc5b497

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      f5ce7cf51ffb242953d4ef0acea23aa9

                                                      SHA1

                                                      2d19cae03de98205191783a0ef4d3707506c0870

                                                      SHA256

                                                      0b21efdb606a52827a442bb342608718428a6c8d40088108348ce8320f32de69

                                                      SHA512

                                                      ec3d8645ea298fe9ff76ff62ddc5655c35793f6ae2321a5b67c34013851692fe265d62b4b613f6ee092b266122a4b705f740499109579176cd5157b832e8b62c

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      12KB

                                                      MD5

                                                      f2db459f0a2b348e9d72e2c23e31384b

                                                      SHA1

                                                      6c9a6ade821950b5539cf504e34d0ee6cf0a06e7

                                                      SHA256

                                                      1651a3108dae0838fe02d3ce453bdd359d71ac3018b261ee0247df0e4b81cc5e

                                                      SHA512

                                                      46649b67bb4a98d10960ecd73986b3b83b79c380ecac776d518178bad03b8577d70aea4684a3178d6dac0560155e11b434a49073539a5004c6b37a4cea2a44fb

                                                    • C:\Users\Admin\Downloads\Holmium (1.01).zip

                                                      Filesize

                                                      103KB

                                                      MD5

                                                      5482128a78bbefb9fd1545f2c6eb5968

                                                      SHA1

                                                      5f9fd4ea54c9b07f16d7d32e5ed7bc96ed749640

                                                      SHA256

                                                      212ac8f4ddb413ef4000f8e9d807edee28fe6b9f728ce1f7f504291f2f189e4c

                                                      SHA512

                                                      205d49741d7c7598e32945c6ae59385572d625714f3bd3f907419895005c6d7171668c09bd983d28098565343c451800cfdb1b38f2de1959f4c715968e00435a