hxxps://github[.]com/Endermanch/MalwareDatabase

Analysis

max time kernel
666s
max time network
438s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
22	camo.githubusercontent.com
29	camo.githubusercontent.com
64	raw.githubusercontent.com
65	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
2208	msedge.exe
2208	msedge.exe
4384	identity_helper.exe
4384	identity_helper.exe
2904	msedge.exe
2904	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	1620	7zG.exe
Token: 35	1620	7zG.exe
Token: SeSecurityPrivilege	1620	7zG.exe
Token: SeSecurityPrivilege	1620	7zG.exe
Token: SeRestorePrivilege	3220	7zG.exe
Token: 35	3220	7zG.exe
Token: SeSecurityPrivilege	3220	7zG.exe
Token: SeSecurityPrivilege	3220	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
1620	7zG.exe
3220	7zG.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1276	2208	msedge.exe	81
PID 2208 wrote to memory of 1276	2208	msedge.exe	81
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 460	2208	msedge.exe	83
PID 2208 wrote to memory of 4812	2208	msedge.exe	84
PID 2208 wrote to memory of 4812	2208	msedge.exe	84
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85
PID 2208 wrote to memory of 1948	2208	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc368846f8,0x7ffc36884708,0x7ffc36884718
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1932 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5847368127600548896,14716015954820051481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:4612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4536

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap30983:90:7zEvent30260
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1620

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap1389:90:7zEvent22157
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8216d243-189d-4de0-b265-9aba3334da4c.tmp

Filesize
1KB

MD5
64e89b2c6365e120ccac37c1b27fc3a3

SHA1
d11b960b33ed3e7b9bfb51c2cfcbccb4cfe50119

SHA256
23f24457fe5f0165f6bb3e27eb1f94e0a115b0c9904a493fb8ca13c2477d5be2

SHA512
63ca1ee48a3fa4700dc5469263fc4598ffaff84a0986d5e24635efcc9a96b2e33f046803f0d30ca85ccdad47cfe8e20d8483a37ffff1abe62cfca570355a6d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c28a3d093ee139aea26b4b86fa33521b

SHA1
2970c233d54dee23be87cf91087e173c70a125f8

SHA256
fc28bb071c2b2096d3276f104a6a917a7617626d402a806d3e0fc8e78d6fc2aa

SHA512
66dc7cf09b841c72df1ab113386f37a4115c4e89c74463e3186b612ec75b1dc73b204fc54240294b06d6e048fe780556600ada5bde30bd1d56edf86f7e4ecb52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1b598bb79d2448b96faee1574e916942

SHA1
428d1ab1da5a7daecea44b64bfea4a65a05c3295

SHA256
bdc55124af9ec4ff3e3740c93529b4e6f68f93b280a361ebaef3b67689fedbe4

SHA512
02cf2383697b6425926c17918e33fb0980fbc2bde41a597f793e0405cb00b0ecb65e9cca5eaa37bb2647c2d01f3711852f918a005b5650d74a69001110fcc41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
663B

MD5
993e41432acc37c61799cbf7977261b7

SHA1
0d1b9a2a248380716941f144285d3c6286926f96

SHA256
f30737357d61e84d05e16d73df74112d7879e47830af432e85eafc2bffb566a6

SHA512
385e49eb68049b9dcbeea22f332078dae1a57ebea1ac8287d711530f7fa22b7e6ada92ece8885c0ea38337b0820a3a4ab8da7537a95cd729761d8f5e04d459d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
663B

MD5
c743078b7ec8c84eed2101a27e7d5e59

SHA1
f21d142600283ad60c57823430501532329e62ea

SHA256
3652dc24b68e730c8d3a935e8095f55ecff51c0ef6d441b8bfb6b8b686f5a465

SHA512
5d61d62a40fb2658fcdb4585d2bb1fa4563314e87629c86e54183493f04530631fedda3b30face207cfc8f117179ca0c8313519bd824af4d09b4f35404cc4eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
580B

MD5
58223c196701afc75735b15ebf84cfaa

SHA1
7ed9b5c0024d422f6afd3dfc5273cb12d05e6ebf

SHA256
782a2aeb330a32f5fc181da4f577c32e21db2f2034f8f2c770e9b095b584661d

SHA512
9ced215f3c7c4a3dfeed91d57dd66dea2706bfea909acac37a80613b417e55c62af63c62e6bfc9d42c9f62f5225071114e0856269ee3ec4012640a5ad3c1fb76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dcf1ee412fe865188b069b9f1eb1ceae

SHA1
c17f0b8fae4b7eefdb39867c8442d68679bca129

SHA256
f597ed93938ea84977f136cd973b4872b05b333e675ea098240516e6ccd6f43b

SHA512
55fce779c089bdf204c253d3b4274e81ada26460847f08421d0682e69cbc0958502e8bcd4080f5060e534885284b9593c224aa9d16118a2fd7a18ec3a14b951d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7302b11366d01e89ea04ba473dfdfdf1

SHA1
799a4e0815cc07c7a3392cf293199fbb31e7aa56

SHA256
ae9d614fe3f261ad3d2aa5a205a5f81402a5b7a66ebbb5b9ba74e36a014feeca

SHA512
dfc90141ad8549454da947dafdad976a4c1316ec32abd1116443db7d4de230d15c8b99f01d1312e508a045a8a0935892cf012bdfdf06dd9ea686d475b3e45d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
57bccd8ec3e746428cf24494b81f9050

SHA1
e94c8db39491a0abb394ff8357604258ebee968a

SHA256
1bb0ddc5f158253089bc62179c2db96f00080f917e0ea91260b31a3749e1a4fe

SHA512
b2e4c135a685c0807ab7f66bcb44d30a434068a509f6e03789b18cc9f3b3459ebb2eb018012b826fd4bbc20b841c52151bf9221e876278f27c003195f826b0ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b98afe7323ac1225906e5d5d53f45ff

SHA1
b4224f74cd99bda3ccb4ea8efbe696433337f926

SHA256
aaa823118b7ee51e931b0860a2545f133cf73c7eb6c904ffe463cd843214ccfd

SHA512
d9be306918c9d492494b50df9b1a68a247524ca8f1239e57384360c3dd30fa83f97bb3cce238803ef06f57024904a95f6d8dc781fd78c625341e07a5fd550c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2ed8e5674a06256d488219fb091a28a

SHA1
bec2b82703324a7653c1b2b9e2eb000f9c522517

SHA256
3f2f45f729db9a3bab70a8c92fb3a1bddca6a6f97744cb74c7890b2a4440c4e7

SHA512
1dacc24d739e3fa56f5d42e7c9260e146cb8862b061c569229cb77b6f8a3d5c31ca23f6266e8653a04f1c4d7fb164cd32d8abcc5844dca365a440b1a4900aebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e7fb3d3dc27a3c731fac6064b3d940d

SHA1
f890fd55009877b572fb97f6e39c7ded58e0a0d8

SHA256
afc139205c53e647c27d893e423a5dd7e700adbba39dc76841ab98eac14b981e

SHA512
bbd794f76753ca64c80496437a641412e93bff2b1173933a6b632ede5dd2be0920e4cf58c5114c4eb0e1ef9f5fa30fc09c392e42c99fb572d50a2546bb5cd5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0db703fd233ef8d477e319dc1c77ec8

SHA1
b2f8e09b04f92f7c140ad40caa8f3f3f29826cec

SHA256
d94e3b3e1d75ded7fd81b30e57afa4d37a9187733132850e17386174ae5b92ef

SHA512
613cd9948eedf757b99f705702b2a5a260823bef8f04e2f439ad20a39fd55f7ae20cf3d434905ebdc42c4adaf5558484a24cbdb35633748d5b0d6ded13007cd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2467363bacaf425ec53ff855ed58058c

SHA1
ce6886bd5ab8bb3b90459d82b38dc56ef6daedf2

SHA256
074e6139dcfc2a76009ba5552ae4f04cb92dea15c0705ddac2b6f40a328bab4e

SHA512
d2c11887dbb81f989afe627c9700a90a5984dadcd5669208734f157fecb424cfb41ef6b39c16a7664fecaf49f6b2763334b02eaefb617207cff5621e559c6c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3fedc1422ff0ebd628c209ecd5669c53

SHA1
f093790df83d382f2f21e884f193bcec5d5254f4

SHA256
6cfb9bf3c98732d268b9432ccde8b7b9686e93190b3ea06e0eaacd713900db3d

SHA512
73f02db190c0ffe1ff8dbf7f726be737517c43a0f1d0447292e47d080c2e9460869b013204d429c2cfe5f54de2116161677f8b58e3ed558d7b6aff35bb1bf9c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21474f6ae44733823e4d50bf54993c49

SHA1
a6ec7bc2bcf2f2db134351703c395df9cda0e4e0

SHA256
a69550455c0ae5f9a6ce8ebcd1a3bb824c72a937658b4303378a9b4fe616515b

SHA512
d1eb945eb5134fa16a26b3ed23a9defa06b110b9f9e67de0fa8a506bc2ae957d9972a8a46b3a78df24624fe79dc9809df8ae64130b310cafea72e56ea2627052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c82aaa5c397dad11112ac3911562ade

SHA1
0389d15616d804c838f4a57d5b41ba0a1c3f3088

SHA256
8558e5049bcedbc2e8bbe81340de184acf5701ffb43148d97750a9349d3ed176

SHA512
09e2d43ff4f192bea83a8651536e9dba2230b87a14858d136733c97fb403496dcf1a637f06556a8f53658f69e50f66488834e74a996e3d3d1f60ba942ec0b2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b738bca6bf2de8e09a03ffb85462a77c

SHA1
4eddaf589ac08693037c008f0f02d7835697ab7a

SHA256
88315a0ba5f51762e2b19a9d5d902c99a2b93a0df6ba1c923ccb49128aa99ca6

SHA512
3b8e55f5e23ed7c361d345e45bc82ab2c9590dbcb19d7892a28bd29c2114fb20b06a1f476b268775afc10b56dd6e380f32eec596a5a75e0586782bf7d473b4e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58be98.TMP

Filesize
1KB

MD5
8eea5b055881edb6a17135cc94d96704

SHA1
d520b0d010c9c998f6b6a9c3666a0f689a50be7c

SHA256
ef84f5545800ea48704bc902dbfb6826df231ac3ef3a474ba1aaf02da68e8657

SHA512
fa019d9efb7f6a7fb658fb80af6f3f443b304a8a08664012c8b00e852f628e1b97219e9e11bf81e54f29437ce4f179cfe3b1331cf76ed8d81c717c0f38e58b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
75da5babed5998648a6e54ba93966bbd

SHA1
88fd5a9eeeab38bbdf2dd9232624018b9d5e302c

SHA256
6799e1e280e312d55a247e2ffbbdb7b8fc044dc4b25f3148dcc12bf4e7675e4f

SHA512
7b2e45ecfe56190cf4238353477cf91312e5ade99f61a3cc9ea21b5622f5a22c377aeb610e5aae5d8295b0eca6b5fa46b1c56594830d4128281f311dbf4d4d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a7782a381a7ece3fb9d20111a27fc472

SHA1
ea7cbe938c281edc6323cfb24feb8c5c9dc98adc

SHA256
477d89f654738c100abfaf6fbc90c0210908ce3717c8b3b1a6be474e959c891d

SHA512
60e1b29674f5ed1ef680f35ce4eb44a9e614a143d89818740f323ef6a485a78982e295619e322a3d6dcefb71efc9d9640d0110d50f0cfd64ffbe0ac363edc626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
006c61c226e0bd07ab50f06f0e61af9b

SHA1
5c95bfffd791c121fb79f5c24fd838bca297d1e8

SHA256
71cffef6a4d6c1c024ccae4b7177805be186152423e43e21c68294504a4dcd00

SHA512
6b63b1caa6a7b8428fa7dd70de14fbadb559d9fcf6c3cd12786e543f467919e48948508df21b1703245421f944e9ca4b4db04d1b36ce902b680ebc9261b05290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a8fbceb65957d740811ce8ade8b5790e

SHA1
a8ebd2bd1bdb970db3065bc8529a65a5a92dd44b

SHA256
c6e8f9a86028c48f186674b6b789c257e409dc0fa15f0984f5d649aa4e26a73d

SHA512
27fdec4f9b98e0ed99b23e33401be4f170eb9546b7581c4dadedf79ea180f3608b64bffa02d2bbfb65b9c34ab05ac9820c2b94e2b3c5187491497b15253a29d8

Download Submit
C:\Users\Admin\Downloads\ChilledWindows.zip

Filesize
4.2MB

MD5
5806c691583167135665b6aac348d3b8

SHA1
34d14feafac0946097fbbc03e3be2b235392587d

SHA256
00cf66b0bab94b1ae74d534160a801315df8a7efea764cda906af49f99be54e9

SHA512
dbcda2362ba5aaba904087a512e3423e2356f0e824e4bd4de99f277316afb32e03d6f8ea109d4d046ba9f14fc32f21a5d80cceb982fbce529c6f15abd7c6fa7c

Download Submit
C:\Users\Admin\Downloads\Melting.zip

Filesize
5KB

MD5
23f0f55480c0cf9696e56405ac36866c

SHA1
9e5be354e0d554d1afea539691f6d72641b40a8a

SHA256
2f71afbb548363284a237946992c56cd7caff2753ab6b946b48371b91c7980b2

SHA512
4c17dee58d66c6f3788bc9f6a29a8231db32f583eb2ad711bff5a246659e2928a50117bfe6c6017f206d1e467c572b0d898e4f17fa2f0fcb04edd3f490374ce7

Download Submit