hxxps://github[.]com/pankoza2-pl/Malware2[.]0Database

Resubmissions

19/07/2024, 13:45

240719-q2jwsstglk 8

Analysis

max time kernel
382s
max time network
378s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
19/07/2024, 13:45

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/Malware2.0Database

Score

8^/10

bootkit evasion persistence

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
12	raw.githubusercontent.com
32	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Holmium.exe
File opened for modification	\??\PhysicalDrive0	Holmium.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
3908	reg.exe
3392	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Holmium (1.01).zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2744	msedge.exe
2744	msedge.exe
1372	msedge.exe
1372	msedge.exe
2692	identity_helper.exe
2692	identity_helper.exe
2680	msedge.exe
2680	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	3104	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3104	AUDIODG.EXE
Token: SeShutdownPrivilege	3288	Holmium.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3288	Holmium.exe
1516	Holmium.exe
4300	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 5036	2744	msedge.exe	82
PID 2744 wrote to memory of 5036	2744	msedge.exe	82
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 4524	2744	msedge.exe	83
PID 2744 wrote to memory of 2124	2744	msedge.exe	84
PID 2744 wrote to memory of 2124	2744	msedge.exe	84
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85
PID 2744 wrote to memory of 232	2744	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/Malware2.0Database
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef8123cb8,0x7ffef8123cc8,0x7ffef8123cd8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15411250080007146542,15397572058058145091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:5276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8

C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe
"C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
  2⤵
  PID:4904
- - C:\Windows\SysWOW64\reg.exe
    REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
    3⤵
    - Modifies registry key
    PID:3908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3104

C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe
"C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:1516
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
  2⤵
  PID:4244
- - C:\Windows\SysWOW64\reg.exe
    REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
    3⤵
    - Modifies registry key
    PID:3392

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
afe63f44aa3aa9393e4251b4b74226e3

SHA1
29eef15e4d60afed127861deebc7196e97d19e4a

SHA256
7787181844d106768f78847869b5e784f07c1b65109d59b46932979bac823cd3

SHA512
f0f7951b5d55c2cbb71add5ab0c2ed3617a6fdf93f2c81ee9dd15d9f7c67881b42cbfd97cc4d2f17ba8a383624b23da1897fee069ddcee34233c1f625062a1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b0c53c5fe6ad2ee4ffbde1b3384d027

SHA1
0c9ae4f75a65ed95159b6eb75c3c7b48971f3e71

SHA256
2e9fc3b050296902d0bb0ce6b8acc0bb54440f75f54f1f04ae95c9956108171f

SHA512
29f62e085d685d3b4902515790ab4f298454d0f8d53b6234fae9f9a0edffdd0d4edee57261e8eb0b94a4af8e86d3f7ab8b044c6f259576b89f91183002e58b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
21KB

MD5
8acc4eb95099ce31d03073bd3be22388

SHA1
1c6ddf9fc3f02f949c293ebba4dcc0cb4cdd132f

SHA256
7bfe4d08f482976ffe609c77a2e307f1ee134a4ac5dd7ee409101524febfd57d

SHA512
214a6e4b2e5669c88cf29392b058b3898d8fe76a10b3c344aa2d40795c94ff23167ae7f8110cd1a46ecbc1713a8e5ce7cb0fbb9dcdabf552aeba800d64747689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
f379276efec34127fed6f06101a024d3

SHA1
279e8e9dc86c622343e5bba17043d893c9224086

SHA256
1f92cc266344c34ab3ba73fd7107c0b7d53de896e47f3683c9e7ea4b1e74b8cf

SHA512
a87e994179341eedf39393fd4b7a57e8ac341f43bcd846c3bc16da9632921c08566be9ccb1b3afc0a1b9a9152c6a1339bff584401aaeb7f1cff7a36af66db5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
37KB

MD5
f9a90d58144602c12373f3a51ae11c3e

SHA1
50930fadc719a0cf689f480f053fe55eaab64817

SHA256
477adbd55274ba5f7057f114fd4c4908fe46d7f486c7cd6dfe452a80ff0b7c82

SHA512
0f06561a943bdafdc0f6355ce4a5dd2a3daa348d621ac8c0d95632d5bf0458b4068803af0f3e9819496ed750299a63e6eea88c53bd2816c757a0e4c721d7e4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
25KB

MD5
6f0d8c2d86b40b21934ff819a3961667

SHA1
2e411280d2191d0f9732fe01ebc522aa87363b34

SHA256
8ef59cad09decea1d3b42a9ddd4a9b25a6c7d7bdac03d0621b4bef1448276c88

SHA512
b9406b8e4f3ca0fb1a45d3ce677d12a84c83c9c1039be109b0002c4a42435d68107cacaec2e07474b7e9d48e6e00df1734e33d1b18d6aac7a604ea6500e01024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
17KB

MD5
d7580dce32412dc9d53e8911beeac7e4

SHA1
fb93b2d7546f30ded645e40c4ad2ae962bced731

SHA256
136b2c40697b50198694dcf1ccae005f9a5dcd15b3d67bb48745df477a49df06

SHA512
2440ddd41e5d17fae4ff5e261d2d4694937f27d94292f1424c398585471f71cd20131f2babdf3332176ca2aa191bde920aeadb15705843fed3d4183fbfbe6e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
57KB

MD5
883db639bbca3123c523cc7e29d3f8f1

SHA1
dce0983b3bf9c7609bee34e61613ad77416d66d6

SHA256
fea376c85578151c41dba3e47f73358361ef059464d657ac944e3ae98ed37622

SHA512
7c72b0954283b802fa89d25f06061132d5456383930ce6db4cc1decd33c9864a5d3a5fa0227fdeec446ea59649ace1440b73082857ec644d3f5c31cf7b416601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
681b3fc333cae54ab17c3dc34a8cf707

SHA1
071db9942e4b9906a67f1af7541bb039e6816cc0

SHA256
e6b305df0502b1cbc3d021ee9458ae110695004559ddb1604c86ddb5fc8dd8b3

SHA512
0d4609fc0bd421d8ca30847ce83e2b594169226b13e6aac75ab0b31e0268139ffe406eb277c5511f09cb7809d5d848393ada19d57a319c15ed295b7f033fcde9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
53KB

MD5
8fcb818bc23425964d10ac53464bf075

SHA1
396f40d25a7d38eed9730d97177cd0362f5af5d7

SHA256
8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7

SHA512
6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
ed239671d609c66bdea1297bd11879a9

SHA1
7a3ece813c6df65cad259a070a4cbf5bfac5e7a8

SHA256
fe320f1c5b67402aa8fede269a0a6d1169b478ecb4104acc79c67cbfab06cfe4

SHA512
018ac5e9e86728e6577fe9fffb254e8fe51efaaa50bcfff0a8c2fcfc21ac20af55d92b837554c3e419e47f5a8f226fe1e1e5702eb710c4c1b00b00fc9cbe3576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
22KB

MD5
015dfbcf0c986f99bc0c1d6ab9fc162e

SHA1
6dff455e6dcdec9ee55ca25edb5f8edd1803f3f1

SHA256
291c3acf9855517f481cf0d64ba43f4e085381d857589ed5fc75905c82133951

SHA512
1d34e7bd775cc7b70371a579de085824a0eee0c6ae81dda89d51500c51eb0163987055a2dbcbd9ea191ee8b35ee0cfe4813bde076bfa5df0428ba7e043a6522a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
132KB

MD5
01088b35a7144b96e1c65db9ecf5aeab

SHA1
3d5b4a4fafdc3867adca4a4a640d6296bba06f82

SHA256
66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f

SHA512
bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
73KB

MD5
b5050d142f73eec2794b0b0d46c2abba

SHA1
eda5b02c6b699edd77d05e6aea0cc7a2d3e370bc

SHA256
5a8c23569dfb31de53e3a0f33ffd19e8140d012ef13afbe367affe18a20580ea

SHA512
92c86f2ffc68cd0da297b9bf9bc60dd0f1e580ddf6fa506db319b07e7d9d69b43f6c396de1396d8d36ac283f5dfd09137e541ea7df86317b79d16b7462cfef9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ffa9ad1d0dc4208_0

Filesize
8KB

MD5
e67fbb8d2f8259fda80e7f481da10e28

SHA1
cbe797420ea1dc40fc0411bdc8e40eebcae52cd5

SHA256
de3cdb4a3f589cce5a2564d4675f634311ba0e8e9bbd1ab62c91602345ed85fe

SHA512
50783aa4b3245e1f01a4654acf1cc027fa2eb7d30c1d8be947abbabe8e80051bc92f9f5f5c750069afc9a6f7a3ef4b6a768cb0ac8c90d419b4803706092d56f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62e56eb8813a9424_0

Filesize
43KB

MD5
80b62391defe5791c87519b3c23522da

SHA1
b2661539e2061da2c21a99508c15151f0f993464

SHA256
b6ac3d10a3242f16a06181d26f9e3169bd486d8b3c0af9b3a7af8a50171f4ad7

SHA512
abb8a4a25a46d758df301011825ebfe6a0628793e05a69193007b69c88cd1566b08f489b057ed4746569aecbce7fd471df7e25381587b256f0a6129fc6dc7090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\66bcc6f042af58b8_0

Filesize
8KB

MD5
f3d6e8d958e4e0407dd03c18f44d0dd7

SHA1
d5d0fcb7bd35433dffe859c4793ad5a7a1736a35

SHA256
f04137c2b75a6339221c02ad938744cb75afa89e2e28d19c0705581e60f3915e

SHA512
f58350e606a9855963e58fec91446d7571f5ceed822faf78324ff1c55f5a010d8c93d2fdd25a3ee531d5af8ed91da5d4de25a7ccf999a4174a6cf0a3fad2ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83511915f718057b_0

Filesize
1KB

MD5
7acbe8928bf3c4d7588cc07a10e45151

SHA1
59fe57d71597ee611799afd3c49215070a9ebb8d

SHA256
29a2b0f94cf9503dfbe323e8060d8f54e7cc5eadf222bcc24271d7881d024574

SHA512
ee40a2cce969c2b519cccff89c6185a8b1e942e3cc8f5bc1df5d8cdead691dddf587408b5697d8af3926f3160b6420355a3306038697382c160d1e2f55fd2493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a22565de8f850e9b_0

Filesize
119KB

MD5
0d08b3bc02cfc32b70301a1c75713126

SHA1
5e46ee6e0b91602ccca80aebc6d397f4023709e7

SHA256
e608eec0e91cda2f4c752873b3f40b13fa27c35e33142093abb9d5b0e0527f61

SHA512
b35e984597a6ff0be37c74b9f678cf55bb7cd4fea56278eb349f4f36f44e2027cd4d3fb8d2531f0d87c7819931043fffe33c255ba63354be26f7c00e36faaf5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4a4e115844d3f41_0

Filesize
11KB

MD5
42d680ed68b108d6b8928e2a071c9052

SHA1
a8b306b450b1c7643f29f640a122f3eb2a37673b

SHA256
6146f104862337cf1768590b4f2dd92c6b121cd3721912a99f1c7e2611fefb8d

SHA512
4569fb01ee7c211197ddbf92de3de1ad42357863be0ae88fb09db8b52919d34de3bfb725e4a018afb2441e4be1980000e92df06c4196fc6005afc66e531c8441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f63b2dcf918f4446_0

Filesize
318B

MD5
e40d747ca1fa64c287de81a9c39c0e60

SHA1
8a09d1533dbddd694687ee287f3728c96ba37628

SHA256
30bf46783bcd3deddf2d73ae6731ae14c0569cf8c4162b5ef6af7cca96b674db

SHA512
d8d88587ffcd5bebc05e75fac726eb9da995b8ca753586344a352584d9372e7ad2a224c210177b5750726dd6a52d828e85de4735184a2e7e5d8032a6b80e0b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7fef77efa29a4b39612f2941f06befe9

SHA1
c34a23b9a1fbb23ba39231c29f212703a155142c

SHA256
311015ec3d807c6b43f1e64cfaef49430e937bf7f0b47f077cd24fac4a13788f

SHA512
f2dc7c4fc49e130cd74bf64e6ada5fa4b3f9c77ac66c6398877aadd69386a6a3db45a48c8449cb0ea7782e4297a6604b4e65e6e3432308d563405a38c248825c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
ed5f4213c17629776cd75510648fc019

SHA1
ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9

SHA256
e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87

SHA512
71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
99936682c6b17e48c371590df2c9bdda

SHA1
1d90d8ca9e6c918ae6fed7e95d6148cb414f4d0c

SHA256
17ebaba8fe233eca464c42783938f18ed1d76e5d6b65ec24fc696c35a11c0926

SHA512
81c7aacaac251aa92cc6b30fc9750785d2c6fc60761a6039649988af051567c78a76214c54d1227a6f32ce166d8fff1984fb1467fda28edf6d5a7e05c0caba58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3285444e5067ee75c57ca35396abd05

SHA1
4f37987aa1124e48d745a53ce91cc1aa4268a96d

SHA256
9ac3240b80ab38227f38b10008c094f6bf2e2818894a935ff85f30ffda20d479

SHA512
14f920259f7e894aec27e74407af0ae654a810cffe097eb97ee54ac40a8ab08226cf6608910ed3df406d1d778670f82e2da7becd7770002d795f687488690e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47177272091b71ea5b756eba1ca9ee15

SHA1
ec6666a04f2d55d6ede2af3464e50736b727519d

SHA256
a93954b9a7eae44276340b4f8cc00c080a01dc02e91c22af8ef21125f5b602a9

SHA512
dfaf1a1648739114b610fb8d7f93f2b8867746b20b266e830be2cf8ae794c6b21c667e0c36b568b0e151cbae5cd584005685523cd5f27d9086afda359fccd646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f943fe4dec5a44980a124e56871eeff

SHA1
369015d54ed7103a98089bb8108e60fb26dc210f

SHA256
7ec2f2d87d60fd1570d0a374ed4fc8aed7d86dd2adc037ef0ebb669bf58114b2

SHA512
4968c41e4b54d7589b498be2e44543bfcc7c24e3958222ca4b2a9e7e3c6f21ad9c1c7caae556d64c09c016b2e489029288baae2604015452a86df98f5374ac98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
43048561f8d69a764b5545dbca53663a

SHA1
844c7cb4bcd395bc55281fb059307987df52fcc7

SHA256
768095463a0aa35bbea0a0f2faf4b2c904ae01040477229679a9d0ecc844c327

SHA512
04ed503787be16118acba5ee7ceb8cd7a2027f8890b9fc6b5f73b7b38b36c734c8d529a93313b1d3b1a14944899a6217fbf875bcabd4e413272b3da2e9ed34b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0150ee99a83f8f79341d493a06a6328f

SHA1
5b62579f725c722690da5cf794bb171d71f65514

SHA256
ecbd77adbf36be3eada808fce69f6395c268660bd619c146a3e68b5fd89c3628

SHA512
e733c309592938620504c294c5820b2ca281acc742291091e97bd13909c00715ae7f82c0f0ff5ebceb7cd5ee22690b8102e0a6d946f0effd04588b07072f025c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
557c0d3422dcf57be3b586129fadee64

SHA1
5d57e96d214d08e163bea9ae74f42defaf241ce9

SHA256
bb5037fdf8d34ba52ab3118712bda45d9f3e99172346609f182a65c5fa36e376

SHA512
7ddadc30b4787b46b8a28eb2628028fa643becfb71480d580f00bf27b263a1003d88d3572634cb92ea418585c4043dfa9aa6d7d4cbc04228cba9625539290595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ab73eec6cfca73cf58612ad076bd02cf

SHA1
e259fdc2cd7afbf333295de4d0c2e89d89be955b

SHA256
18b7a4d23fd8a2b7ba5ec612a9007da9b8ae4551ccae38790f3d0e41216c4db6

SHA512
e09fa869cca59b3c73141ee3fa5bafeaa737d4c94f133c014e2a6485cc81b57efdb4d950f98f006545ca57371556e0244f447aabbf92e393af14ad9fce1c8660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59bebe1cc95c617387cd71f6d825a262

SHA1
52ace8ce0297b730df3d941f576ebb4fc33892de

SHA256
25c9bca3d1ed47105a71a364db1e5ccf34d2ef968651314e9f64d447162c8d45

SHA512
089ce3bb281cb751a290b8269a641665b0f9ac7db53145ddef1ae99f5d44ac288121df0cc92fbaed4156890465cd8be48d839069dbf14023fd1c5eb5138b5d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5818b3.TMP

Filesize
874B

MD5
24460f7fae4a84a405135a4f841048f9

SHA1
8e015cea3409dfa6dff9c582df58bd5977f1cfd1

SHA256
da182a190f6699798dce4e532832b5d6a2382bc66fd4b262556b8756ce46df61

SHA512
21cd340bb8de7df530a7efff110a1dd99198131cf0dfc8a757a3114444cf65f3332dd4a014e7aecb5e1d5c1eb43c5d20ff01889441c64665f84af3f78c4fb84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89edccb6562bf2e2ed531654c5a44be7

SHA1
6c29c0b4f137db18ebb03d83adb1700d45b5134e

SHA256
c7e5eb5a1c724f75831e0903a37742a8f22b53c7b2157b8d54c13b941b24d7a2

SHA512
28d783ab1d960d4b5d14b286977d601633b7f9540965be024e45b362157e319dcbc7f8486703fe24eb193286793bd9aa500bb40641056e27a8532bee566feb68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42d2d5b7679417c119f1fb2af6128246

SHA1
29fe85183dbc908dd4b00f95e92e1e26f2963b6a

SHA256
6dacfc95fcfc81625ae8b732d804242e41b0db343343d10859f765723217a861

SHA512
b7f9ea9306a0f7f9c4d27b0c2f56a601138f837fd2128b1f5ff072aa4ed5eced6b3170c0ec7bcf50193d8abc64e49da87879f2cfd254818a88276ba64f473472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13d2fc45c45210f87d0ac03eeaa43d7a

SHA1
abe1e07743b502fceb94c64d2afb2fae8a4af6dd

SHA256
8a83f58c2ec39f8a32682a34a635d719dc5157d44888d6d7bd74f4bb070b3255

SHA512
eb70720781b1ab82f416b4fc5cf5bfabfa7cf07e1e7f69552e96977b49cbe66ef507c8097e3c4a4f6d5f727756830b2b5b504ae18b7164590a4f3c59621da706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55403687edf79f06f977257f7cb99670

SHA1
125b900589c2109c1c11757bc5a7885be7f0a56e

SHA256
809e0f5ad03f0407c9ff9e52808834938caaa2de15aea8d312aa2fe66fbe793d

SHA512
b00386db7c04fc9870f7b978d960494c32a7d6802a710ad90114dc7571d4d68a6c2e7b94faea080168f3d250538b4db21537c9756ee7e9b692723557a4e22fa2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
47c7a4e1f805aa96129a49cd4a139e0d

SHA1
255e7e1b2c74231e5a67149a844670060e412da3

SHA256
d89cd516a97caecfe9b1a191f45c501f61531776450f83177438b39d38d7b5af

SHA512
0fc1e29ef7e56c2670e5526657a809f42440d593eb892e5c74e35f278c23b0f1a492e30018c9aadce3ecfe2260ca9d6d81ef483f45777c5079492534c76fc2bf

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
b804075afaac9bf7e363297df2b10534

SHA1
e3f4ca96b16b976154b9687ace50854160f9e332

SHA256
ed82e14aad6c79981106d556d0cf80b852edf2f2d061262d2427116221746b97

SHA512
c5aa25297cba3e04e5aea86076d56059419fd95a98b0cd78c2bcfc5851d9f69f832701eec388d252ce4e643915183e03002a7beeed6eb80394d279496555cbcf

Download Submit
C:\Users\Admin\Downloads\Holmium (1.01).zip

Filesize
103KB

MD5
5482128a78bbefb9fd1545f2c6eb5968

SHA1
5f9fd4ea54c9b07f16d7d32e5ed7bc96ed749640

SHA256
212ac8f4ddb413ef4000f8e9d807edee28fe6b9f728ce1f7f504291f2f189e4c

SHA512
205d49741d7c7598e32945c6ae59385572d625714f3bd3f907419895005c6d7171668c09bd983d28098565343c451800cfdb1b38f2de1959f4c715968e00435a

Download Submit
C:\Users\Admin\Downloads\Holmium (1.01).zip:Zone.Identifier

Filesize
240B

MD5
8d8d8613f6700ab9afe701c0365282da

SHA1
23042741c80a48cd5af9acf862d723cd26d6b87d

SHA256
23ac7306b8bbc4deda88d7585cc591686a6ec3ac2183dc2bdf8ac23f9995b01b

SHA512
bb5d664e901bca652b8f797f742f7b95d35cbe1a395021c249d7c8729184e8f3ab66b98ad6021b70d2228f8f641f5e52a261ffd98c6eee88dd35f30142afd734

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads