Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows10-2004-x64

10

Analysis

  • max time kernel
    299s
  • max time network
    294s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-07-2024 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
10/10
dharmadefense_evasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Signatures

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (572) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 5 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops desktop.ini file(s) 64 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Interacts with shadow copies 3 TTPs 2 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4932
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2f4246f8,0x7ffc2f424708,0x7ffc2f424718
      2⤵
        PID:4372
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        2⤵
          PID:1344
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3244
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
          2⤵
            PID:5024
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
            2⤵
              PID:2996
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
              2⤵
                PID:1388
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
                2⤵
                  PID:2236
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2868
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                  2⤵
                    PID:892
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
                    2⤵
                      PID:888
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
                      2⤵
                        PID:3524
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                        2⤵
                          PID:1836
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                          2⤵
                            PID:1052
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5608 /prefetch:8
                            2⤵
                              PID:2268
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1208
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3120550668406108886,11895467355840493955,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5996 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:13352
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3076
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:184
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:1172
                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe
                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe"
                                  1⤵
                                  • Drops startup file
                                  • Adds Run key to start application
                                  • Drops desktop.ini file(s)
                                  • Drops file in System32 directory
                                  • Drops file in Program Files directory
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2016
                                  • C:\Windows\system32\cmd.exe
                                    "C:\Windows\system32\cmd.exe"
                                    2⤵
                                      PID:2352
                                      • C:\Windows\system32\mode.com
                                        mode con cp select=1251
                                        3⤵
                                          PID:14348
                                        • C:\Windows\system32\vssadmin.exe
                                          vssadmin delete shadows /all /quiet
                                          3⤵
                                          • Interacts with shadow copies
                                          PID:22536
                                      • C:\Windows\system32\cmd.exe
                                        "C:\Windows\system32\cmd.exe"
                                        2⤵
                                          PID:10368
                                          • C:\Windows\system32\mode.com
                                            mode con cp select=1251
                                            3⤵
                                              PID:11904
                                            • C:\Windows\system32\vssadmin.exe
                                              vssadmin delete shadows /all /quiet
                                              3⤵
                                              • Interacts with shadow copies
                                              PID:14992
                                          • C:\Windows\System32\mshta.exe
                                            "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                            2⤵
                                              PID:13912
                                            • C:\Windows\System32\mshta.exe
                                              "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                              2⤵
                                                PID:14128
                                            • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe
                                              "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe"
                                              1⤵
                                                PID:22640
                                              • C:\Windows\system32\vssvc.exe
                                                C:\Windows\system32\vssvc.exe
                                                1⤵
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:22904
                                              • C:\Windows\system32\OpenWith.exe
                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                1⤵
                                                • Modifies registry class
                                                • Suspicious use of SetWindowsHookEx
                                                PID:8888
                                              • C:\Windows\system32\werfault.exe
                                                werfault.exe /h /shared Global\63584f3e08154f12af1f42aeeaf8bfd2 /t 14208 /p 14128
                                                1⤵
                                                  PID:8644
                                                • C:\Windows\system32\taskmgr.exe
                                                  "C:\Windows\system32\taskmgr.exe" /4
                                                  1⤵
                                                  • Checks SCSI registry key(s)
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of SendNotifyMessage
                                                  PID:21340
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:20068
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte225ceach629ah45dchad11h9dfda36f5a87
                                                  1⤵
                                                  • Checks computer location settings
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • System policy modification
                                                  PID:16064
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc2f4246f8,0x7ffc2f424708,0x7ffc2f424718
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:15876
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14915624912466106021,14171192586678675793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:10968
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14915624912466106021,14171192586678675793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:11140

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id-F24185EA.[[email protected]].ncov
                                                  Filesize

                                                  2.7MB

                                                  MD5

                                                  81c60e3d181033dac5c92cb6092761eb

                                                  SHA1

                                                  ea1f2268fe9289b9347d54499b999209456406e9

                                                  SHA256

                                                  b0bfad2ba76ad5a00f88a68ab4a407f75e532ff0311241621c23744d0be96c92

                                                  SHA512

                                                  8efd806bf48b155b178b3e08c5b9da1432addf093eef050e852fe691362c94e76de8ca7f5b993312352fbd292f70482ba60fdea510871c6be1e4baf0fbae26a4

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  210676dde5c0bd984dc057e2333e1075

                                                  SHA1

                                                  2d2f8c14ee48a2580f852db7ac605f81b5b1399a

                                                  SHA256

                                                  2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

                                                  SHA512

                                                  aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  f4e6521c03f1bc16d91d99c059cc5424

                                                  SHA1

                                                  043665051c486192a6eefe6d0632cf34ae8e89ad

                                                  SHA256

                                                  7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

                                                  SHA512

                                                  0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1f3bd1ee-6094-4c01-aa18-7270ac4aee74.tmp
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  f749c490eb13546b27b0c4ed54968545

                                                  SHA1

                                                  eff780a79af9503a6e82ab97c20adeb3c4acd686

                                                  SHA256

                                                  d4fbf970ec4f79a77dda2817843569897962f9b155c4d14fb6634cec6be3809a

                                                  SHA512

                                                  af1b0d47e938808c345326ac5925c076d387a2f216657a00aa29ebe649a944c8ab2afc5a9cf8e625a3da9a1449832d35ef9f1079ca4fa41c99e08de079cba3f4

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  9f7afbd17d7db997aac2a17d382c9381

                                                  SHA1

                                                  32968624958a2a1772b01eb25fa990d7154db4a9

                                                  SHA256

                                                  8a36ed206883a1da2f0504d5c72dd2425511c82858faba7197428394c3e7cc84

                                                  SHA512

                                                  7674925e97f81bf61b02a37aae75911c2ea24f07e8d9c12e8d93fc65ce050b14c6bee26c6a72e962392a2ed815bae1d2a2d4f3b4a3b8f5c314bcd0c7fbe70afa

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  573B

                                                  MD5

                                                  a6d346f58cbec0a6e4015327b25f1537

                                                  SHA1

                                                  750056e65a8b1c20b1a6051f5adcdf35821a6ac1

                                                  SHA256

                                                  1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56

                                                  SHA512

                                                  74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  f8a11d044e6f58a7eec1581e2423e0d7

                                                  SHA1

                                                  b3270d54f43ef493c228a13b36f351e85b664bbc

                                                  SHA256

                                                  8955551e7a779718a426a49d283c6e3542a1855ff00549673e8fde362e759323

                                                  SHA512

                                                  158b9038578a3a7df77fa7e6d7b5485746c3c5b17769517a89273d85da349ecac6f91907881aa653a4b8a082b6371afb641ebb691751b2609a55b6abba9a5f4c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  79f400e0e2b403f0a8e2309379291b53

                                                  SHA1

                                                  829241b6898438e52c44f0544cceac5195bcc2d7

                                                  SHA256

                                                  d16606d6160b4a5b412001970b498359e85956a507b48ef11204c42e44ffeba2

                                                  SHA512

                                                  ed026328a0220a61955af33b4bc9e6ab631e31573260033a9e60e08ebff427f759c2fafcc601f2b5214881e2e6b107982ef1fffdabd64d9c808544ec47c36e39

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  03f906cddd59558d0a2dc08b92d05771

                                                  SHA1

                                                  235f8268097d4d22e9025257e0f093437d94d8d8

                                                  SHA256

                                                  fcce95926ab26b979a8f08261d30641b25960942687accdb9f44ca96639dfdfb

                                                  SHA512

                                                  c72345057ede810ace9931d5ee67ca74691fb80fec5e5d6294217b543c21b38024fb24632416d25258b8f195aa6207f45243f2ede29de926fe3c3f8df8a7e874

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a5b.TMP
                                                  Filesize

                                                  874B

                                                  MD5

                                                  976abc9eda59a16dfcef4b40fc0a0c14

                                                  SHA1

                                                  aa72b72299d7d173e818364151518e10dcab79cd

                                                  SHA256

                                                  0836d7750ddd187eb48905e4e318f32c83ae2e1a922396e674312472b4e7137f

                                                  SHA512

                                                  a2b1abfc94610ab745560b66107673b79fbc2492cb55fc3cd5d52c53e62c1597a953c0387df481431fb810d02d3237cccd466e35d474685052ab64a3ee487ba1

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  d4430901ebaff77dc6f2f4f5ee77dd6a

                                                  SHA1

                                                  9796fc3639a9b66bc9f8b8631577234d70e3e52e

                                                  SHA256

                                                  5dad378fe356a4a0062f5c948d5599236082d5dc21c27aec36b7df6ad6acc7bd

                                                  SHA512

                                                  ab36f0b32750e8d1714a435731b26c8c40de3160d5cd7d89ae884cfed56f3e381ee1a02f49736158d7de1590606ee3e3dad9585f2875cdead254b869f742b9b4

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  12KB

                                                  MD5

                                                  02dc753ddbf11eabb18089d966777494

                                                  SHA1

                                                  68cab8a4b18bb611c0bb90e3770de572c92f6996

                                                  SHA256

                                                  bd6eb2bee2e7f258666c9c4329b17878ead35f674671d486ee9d034aa8906e59

                                                  SHA512

                                                  350ab8bf7fe49ee2e7292416dd10eeb14cc11cdcaf665f7de93a7e38fbb66ea62b60afdb11309a2f011502110b8ef112ec48564ac07c56c9597ebcd41ad7e71d

                                                  Download Submit

                                                • \??\pipe\LOCAL\crashpad_4932_YEYVODVURGXEKBVP
                                                  MD5

                                                  d41d8cd98f00b204e9800998ecf8427e

                                                  SHA1

                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                  SHA256

                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                  SHA512

                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                  Download Submit

                                                • memory/2016-268-0x0000000000400000-0x000000000056F000-memory.dmp

                                                  Filesize

                                                  1.4MB

                                                  Download

                                                • memory/2016-267-0x0000000000400000-0x000000000056F000-memory.dmp

                                                  Filesize

                                                  1.4MB

                                                  Download

                                                • memory/2016-4566-0x0000000000400000-0x000000000056F000-memory.dmp

                                                  Filesize

                                                  1.4MB

                                                  Download

                                                • memory/20068-26016-0x0000027B665C0000-0x0000027B665C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/20068-26017-0x0000027B665D0000-0x0000027B665D1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/20068-26018-0x0000027B665D0000-0x0000027B665D1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/20068-26014-0x0000027B665C0000-0x0000027B665C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/20068-26012-0x0000027B66480000-0x0000027B66481000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/20068-25977-0x0000027B5E150000-0x0000027B5E160000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/20068-25993-0x0000027B5E250000-0x0000027B5E260000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/21340-25968-0x000001E96FC80000-0x000001E96FC81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/21340-25969-0x000001E96FC80000-0x000001E96FC81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/21340-25972-0x000001E96FC80000-0x000001E96FC81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/21340-25970-0x000001E96FC80000-0x000001E96FC81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/21340-25966-0x000001E96FC80000-0x000001E96FC81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/21340-25967-0x000001E96FC80000-0x000001E96FC81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/21340-25971-0x000001E96FC80000-0x000001E96FC81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/21340-25962-0x000001E96FC80000-0x000001E96FC81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/21340-25961-0x000001E96FC80000-0x000001E96FC81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/21340-25960-0x000001E96FC80000-0x000001E96FC81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/22640-25949-0x0000000000400000-0x000000000056F000-memory.dmp

                                                  Filesize

                                                  1.4MB

                                                  Download

                                                • memory/22640-25946-0x0000000000400000-0x000000000056F000-memory.dmp

                                                  Filesize

                                                  1.4MB

                                                  Download

                                                • memory/22640-18613-0x0000000000400000-0x000000000056F000-memory.dmp

                                                  Filesize

                                                  1.4MB

                                                  Download