Analysis Overview
Threat Level: Shows suspicious behavior
The file https://cdn.discordapp.com/attachments/1241701744862564424/1250632024067149844/folder.rar?ex=666ba556&is=666a53d6&hm=1f14a3f8090c06905816d961fe3154a6dfb66319d270e6154e4c62d4440dc1fc& was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:18
Reported
2024-06-13 02:21
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
146s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{54BFB88C-263E-40B1-8890-E7F7D41C0FE6} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1241701744862564424/1250632024067149844/folder.rar?ex=666ba556&is=666a53d6&hm=1f14a3f8090c06905816d961fe3154a6dfb66319d270e6154e4c62d4440dc1fc&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7b6d46f8,0x7ffd7b6d4708,0x7ffd7b6d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe
"C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| SE | 23.201.43.89:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| SE | 23.201.43.89:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 89.43.201.23.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_4892_PRCZDTKZSRKMVGSE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7119cf80c65a0395cb3569e7cbb693c7 |
| SHA1 | 02d70898ff914ffdc51d542bbbd2c24f18483e13 |
| SHA256 | c71cb26b8c8ca504ead7cd978445b8ec91b449b4541b5bb695c9ca22b618f307 |
| SHA512 | 857f938b1935d83312c60714a69d0baf9759d0fa0c3873e6cda9b51bf2174de5407c4527bffdcafe20042218c49db08551c6ea4a6b6bbd979b7d6218a7a6070c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5ce7cf51ffb242953d4ef0acea23aa9 |
| SHA1 | 2d19cae03de98205191783a0ef4d3707506c0870 |
| SHA256 | 0b21efdb606a52827a442bb342608718428a6c8d40088108348ce8320f32de69 |
| SHA512 | ec3d8645ea298fe9ff76ff62ddc5655c35793f6ae2321a5b67c34013851692fe265d62b4b613f6ee092b266122a4b705f740499109579176cd5157b832e8b62c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 932f283003c9b0517f2f2c8294d3e453 |
| SHA1 | df565dde29ec3491b0ea55d1db5770c697f24883 |
| SHA256 | a99d831191d16effb510b59ff606a0bb0f0206d929ac3cadbb5a30f38a46bd10 |
| SHA512 | 6162a15617f43b457b726a13a681c6d42fe25428a59dd4bd5bac1d422cc2e1ee6aab6b8b791fa0bb78c654e7b87a6e6666c82814f3ee627d794402a4fdce0dfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42f1fe861151e63b3c35a675fbc325cd |
| SHA1 | bf50637190a74fd3c3122912e43a93d338a3d182 |
| SHA256 | cd951eba90bd8259e213f881818aa7e43a9496f15f997aee6792b5dff36c74aa |
| SHA512 | 3951ff8ae8442373fba20e1f77b0531604aad78e7d909ba5b24fe15ab47285a7772252abce8551abdcb0c7f0c225a86ed5e1719086edd113190eeaad312158f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d78048566bb9c3cd449bebbaaaec9c3f |
| SHA1 | d72327d698dbd63483c58ff16379c8b0e525f2e5 |
| SHA256 | 62b470eadacea73ec43d1129d9792f655917fbc5cfe57c536f2560627bf29724 |
| SHA512 | b9b1bcd80eb0d4b8c8531d3f23e066141caaf52f2a6b203372fe1d877e716a761e3bc4bd493ffb878b1136928724b93e08421423ccf7c249e980c5a0f3019ef7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b8ae7dc292da483ce9d5409fdfb4f26 |
| SHA1 | bbf79cd9d4e7d8be9790328e5e171ef6eae9c1ab |
| SHA256 | 630a4fa3a4ab8ccb348c391b107568ad399abd7a6da693aaea62b878b6baaae6 |
| SHA512 | 81eecd2f7c21035b5a5ee63f28f9415cc8bce731f441d397ea16e00ab6079e06ddd0670881a9ce78769f5d6438d0e41c38f7db4da12ec00dc5888f4392129171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583498.TMP
| MD5 | 942e383bbb1c89ed48c8b2f08f4af0c1 |
| SHA1 | a14868579923e615c369e8eb67121a68dfe16755 |
| SHA256 | 8a9afdd97525e16bccd9aa4b85c1632352723eabcfefd681ce972b92101ce042 |
| SHA512 | 0d800fe9f20323136380bdf3aac429f886d02978182377601680b7627790a85bc7a7e261d0b4b914a5f42258fda2159f8d25bd500d99dcb6cda08138cd0cec39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b57663663b9cc908a184b6ce04b93d18 |
| SHA1 | 7f174be5902484a09632279d4e424795bfc62d43 |
| SHA256 | aaf8405489692bea4d29c3a8722ea92e6a5d2e9ff87602f6db0f569256c4ea0a |
| SHA512 | f61d1f231a09f006f3fcc135a727a889ba4fadd5c4fee69b214cc9b0297297f071d600a87933f4dcace3bb6f28376c015503552a374ceee6765ad039b73d053d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 130834410d62063c11fa393d7588f021 |
| SHA1 | c78c680c8bc3d69b77742e06c61bd4512309c912 |
| SHA256 | 3a5cd3a288e08dfe6d4907d05ceba969c660c4562d6c8042cc97523d3b7ffdea |
| SHA512 | b92c0be5069f9205d394bdf286b84b59185d8c32398a3a64b9e636e331e20c266c337d9ed32e11d615be14a1db16bc16476dcf63085b572cc2aab092fb8dce71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | bcf2d8d7778e1ebc837c3b75915335bc |
| SHA1 | c7a1186fbbb39ac1a04b9cf64dba641cdd24c9d3 |
| SHA256 | 3bc12ceb802ad6eddaa5ed768f42f33ec31626bd424f219b58713a4036b126b0 |
| SHA512 | 4a9385156e524761a081780faccb8c6a4dbe0e0289c6707cedc07868ec167c82e4d06b199361186d508a4e8076a13e773b443868bbca116c7c0456d60e880ff9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | b07fe559839d5ab1920a795bf8c5b074 |
| SHA1 | 4e72cbb0858af473d7cf380cc4a704a8db52ffc8 |
| SHA256 | 61a605bcaee63256c8bacac2d0a6c27deb9f9e38b581a54da4589744fc07dc52 |
| SHA512 | 9331c10406ca27479657da7ac3fa16850e5002d9c45618f49bfb0108ce35abf3ddd157faee4cc52397dfd27184b9ea07918b727b6feb9be326396d18e5308cca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 76e2533d5c0f986355fe79efb4f5e4c3 |
| SHA1 | 1f26c931a1b019c96159c055b72e400ffd34cb2f |
| SHA256 | 91c7483f7086c4019bee8005e6e32b15eea1d4c4e596c13bfbfb616d0f4f6a42 |
| SHA512 | 07f9f9ad2bc1ad100135494c6d3662d3e169df0d949ecff246298b1e5b6f9ffa87c75cfba323f9d6d7ad0317dc19f95da6dc22df16cca3130f035dfb2145e764 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 73180bf76c4a731def330dd524826969 |
| SHA1 | 9638f853379b0a58a0bd2eb4fdc727ac984d4964 |
| SHA256 | 9cb166b6210ccdd27af6fa0af7847d732cc8d6d4a9082a21725e0a8ae68c70ae |
| SHA512 | 381fd1ee294924ef0f65f70c6815b25bb8ddf4c50a4f22dee34823c355c3dc3453b00dafb418adaa270cfec86157e541d78bcb245e9d50a1a7843540344127e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6bad4e2bc1cffc34ff9b6b1756ca90a4 |
| SHA1 | 19c69dc94b20910f024b022a76578964af8113e6 |
| SHA256 | 05be6e231107bf1f4225abe7f8e68194790f8b392d51e5f79be649b9d2cd77b8 |
| SHA512 | 7fb1083d276d83b84e7743833fc0cdb37dcc2ef50b908441a5025075e411cb28a5f2d488fca968c15a67ab14eceeb01a135983ac100b069a7921757598542199 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c7534d7bd42960d0134a232dbbdd1905 |
| SHA1 | 30c50db9141e20be2bd6cd766c486ac591f8d8ba |
| SHA256 | 0e3f24ecb8a42f143a8af0b9e565753dc92a9e803cf58fb60abea1f3a0037928 |
| SHA512 | adad9ea4e315b88cd30b78541d4b036e61230ff6dcba8d475cdfe7fa230f21ac19c20773a22518c3b7f895afeb745b475e65511d3e53e8d2786791b2f1cedbc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a1339d1bd1718c5c1b594fc1a692aebf |
| SHA1 | d96bfda2f5acc2e7ac796ff3f1543d80c3b07c4d |
| SHA256 | 4e7b5fbc1c18b3af549d546ea9651f0a18e2d5e5c0957ee02944a15274d0007b |
| SHA512 | 61aecde27ebda86d5dea2bf8e5478ee022b12ef862d45d11dc0581328aef7c8d1509a6a23e44be9d754436868b832ecc9373983de7f4475f568cc8d5d63ee427 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd2b63d3058029b8a0743e21feef8a82 |
| SHA1 | a02b4cef6d8f5635298fee6e8a7fb178bfa1ca57 |
| SHA256 | a2de8e2c808d5f251b838b580c917e6643eb691ce2b2d8e54cfade3120e56ab2 |
| SHA512 | 7353ddbb2735f9d6dc4c273aabf4eefd1d687e460f321dacc654ffbf0520a81de1ad2fc494be0b284abeccd8d7fb0c104f9cab60d75a3930e2c9941098aa11a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 87812542be2431aaed279e8ff58507c6 |
| SHA1 | bad6807c06be38dfe29cd6d4fa72130eafe83b81 |
| SHA256 | bd2f37f70e0cfd5a16cd78cdc62ffda7a596dcf260133ea90e87d6ff0c7e414b |
| SHA512 | a8c25718d3df7ae382c3fa34c8b96bbc0da6ce9e05086b38f230211762d4f7ccc03600fd49cc8bac77b211504ae3b88239c4d9874b38f14fda711f82905d5a14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3b834ad4bb02cfdf16d2371a032aefe4 |
| SHA1 | 8329f09f5fb8752047c0216f615a9ad78c7a6b1f |
| SHA256 | 07cc659bf7186593c67f52c1a03d68e9d50249e681bf6af2120b28a09211f378 |
| SHA512 | fbc769a23294e6a7268127d5faf006c76a63e4e5576400367a4a2c9869711e140016ca1d95dc0945632e264ecaf0dda51b7c592f684d0f9959bf0c2f4fc5b497 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a2724325f81e41c2ee96dfd0aafd2f08 |
| SHA1 | 64b8982fb03e83f1c621ad57af34e2301c34df48 |
| SHA256 | 70ad37203456e25496525146e519352c43b80f1bc298932a03579d566455de77 |
| SHA512 | 1e49644cb233ca21d14e2ed31eb1445a8c025c18033debe4abdf0ad53ebf025cdd1b166ef75c41cdf51a1f7214d038f2718b4e88c8133f27e662698fea463401 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 50795f6d0c4bce95efc38994b3ee674b |
| SHA1 | 8263ffa0c9d41484385afdabd86e00e656e91682 |
| SHA256 | 8849f5a3568e7782d9566fdfdc9d73dc8fff42944046d71ab5a8daa6c24e421d |
| SHA512 | 356fa86258019f79eb691e3b6ffd1891f628030503d6b7a6862202173273456a517e2999aae57a3a38eeb130659836bb9fb168aa1d13dc4c83f26e3bae7d075c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1774a5f56584c975d6004d4ffe5bbf92 |
| SHA1 | 3502bff8c9cf7d119b878c6025015ee3d199e320 |
| SHA256 | 3c157fde7f972a2006091b4702f45a1f5f7ef29a61f3b55cf6509a8c56f46437 |
| SHA512 | 0a37c1f08682c6531ab92e6e2d3681e263caf609fd79c7e4931e2dfad4896920a0d10e341e8f3ffb68b140bf9573c1764e23245f75188c840eccf232a5d44699 |
C:\Users\Admin\Downloads\Holmium (1.01).zip
| MD5 | 5482128a78bbefb9fd1545f2c6eb5968 |
| SHA1 | 5f9fd4ea54c9b07f16d7d32e5ed7bc96ed749640 |
| SHA256 | 212ac8f4ddb413ef4000f8e9d807edee28fe6b9f728ce1f7f504291f2f189e4c |
| SHA512 | 205d49741d7c7598e32945c6ae59385572d625714f3bd3f907419895005c6d7171668c09bd983d28098565343c451800cfdb1b38f2de1959f4c715968e00435a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63ee96d7-6630-4cf3-b8db-03fb5428dec4.tmp
| MD5 | 00502cb462e342f654475e17b4d76ec2 |
| SHA1 | df2edcbc9ac643e4630b5ac85617890f697d98da |
| SHA256 | 13be651168cbe67eafceb3c86b50dccda23d8c1e344f0ecc022620040d214be6 |
| SHA512 | 4c2dfcd4c02787619b74734707b218cd31b4c06557ccc443e523505c8a2daa1ce6fcc9ed3f4a4568c4640ef7ee4845cd0c806cfd637639396afe30e3cfa20fd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2db459f0a2b348e9d72e2c23e31384b |
| SHA1 | 6c9a6ade821950b5539cf504e34d0ee6cf0a06e7 |
| SHA256 | 1651a3108dae0838fe02d3ce453bdd359d71ac3018b261ee0247df0e4b81cc5e |
| SHA512 | 46649b67bb4a98d10960ecd73986b3b83b79c380ecac776d518178bad03b8577d70aea4684a3178d6dac0560155e11b434a49073539a5004c6b37a4cea2a44fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0f5dff76a00be81e8ce12ed7cb991380 |
| SHA1 | 1cae7cc7091b6fecaa642530cdaf9051bd62689a |
| SHA256 | 432255d1927ebd63c4ba3506bbfec623cef1d01cafc527917aceea86a8d7afc1 |
| SHA512 | 78302e26a38644ee09d7391ed6f4ffadff1f924ec2daa1903c37846650c83bf941797934c8cb5b4d85c5390f29195f26292dfe27a776b6f1edea5541f1d51073 |