hxxp://github[.]com

Resubmissions

02/08/2024, 22:55

240802-2v6b1aydja 6

02/08/2024, 22:32

02/08/2024, 22:31

02/08/2024, 22:20

02/08/2024, 22:13

Analysis

max time kernel
240s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://github.com

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
47	raw.githubusercontent.com
48	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 127217.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
1700	NOTEPAD.EXE
3948	NOTEPAD.EXE
5060	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
4016	msedge.exe
4016	msedge.exe
1932	identity_helper.exe
1932	identity_helper.exe
3280	msedge.exe
3280	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 4908	4016	msedge.exe	82
PID 4016 wrote to memory of 4908	4016	msedge.exe	82
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 4780	4016	msedge.exe	84
PID 4016 wrote to memory of 3984	4016	msedge.exe	85
PID 4016 wrote to memory of 3984	4016	msedge.exe	85
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86
PID 4016 wrote to memory of 3636	4016	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8583346f8,0x7ff858334708,0x7ff858334718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\dw.bat" "
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4517375342248993156,587004326794282074,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\dw.bat" "
1⤵
PID:1068

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\dw.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:1700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\dw.bat" "
1⤵
PID:4004

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\dw.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:3948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\dw.bat" "
1⤵
PID:4112

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\dw.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ef6dc1d541cd0b3a3dbba2cf78f2b57f

SHA1
e42436e83abb9a4362a4c293a9e4d9129af2b4a8

SHA256
91388af84a2b8e904a7050b6b71d5d0350119dc973b6727ca507d9ea6af7ec81

SHA512
cdcc8f4f540147d00888496f6e7fb064f9dd08d24640bd26b91b94c53ce0f1aa2464f4f1cee4dedf69e5b973d509f5b5259784db353e90107ed464ab6ea9ef3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
ed5f4213c17629776cd75510648fc019

SHA1
ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9

SHA256
e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87

SHA512
71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ea31d7007c1e1a58803f7090dde83ce

SHA1
9c9f942aac04f80db8395dc5450b19058ef3ad6a

SHA256
2ab59dd0f96a7ae89c8ad5e6aa0f0e0a11aab2351bac463b8d4f44145ef185cb

SHA512
a5ec9730d68d28ac5574a1abc6c34e73e2ed18a7d3cb5643efb6fa7162ce78baa2a91e346573bed50c86f68a0b020e95bd40b85d38c0064dd463ea418c920d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5db86d874e7e886edd64e713c744d504

SHA1
a10d9d664733fb58779678b46594a201b36c532b

SHA256
a23ac2f727982d7b7cd29a88d9246de41567f0b2784f918857910dde42d69877

SHA512
747aedb0cefe01b08179093a6c903496e3087a2f7fbddcf2b9ed1a8306d884533837211e0e311150b524cbda81320d423db5c7d17330e3d2167f0110ccf2db98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bcf6d06a83b3d9030c8db00e8e489bae

SHA1
12edd77c5ca2fe11eade83f3ff6e24fd4b3d193a

SHA256
7c6c4e5714fe871d8389787f7e6b13620f667d9a5082e509182151e2b9d858ea

SHA512
16adc6166fc04dadd69368bf7236f81ac159619d9bd0eea581bf642fd64b2d3c5bdc4da03267993214977789dc420a09f3184e97481e92249cad62f127efe80d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28ac6e78af901eba0dac1613643675ac

SHA1
13ab263f45ed10ee40a5a056ec5365a7f8827480

SHA256
baa3e0db3fb4f0c69b2e0532f6bcaa003da227bac70159a1128c1536da5c9c95

SHA512
10a973a4e14da46e16228aafd5f21e2a8fb7778c5f1f70cd0625f216bac4f5bfcc66248c4ac710d8964516cce9865da92c5ca4483162b911ec53efb274e48a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
9a35d4dfc54c1013d2d5034821d912db

SHA1
7b3ff2b32cc35efa48238f62f7781d82bc0123d3

SHA256
df5776ff2c2a88b5038364379e865d853353dc72d0cf45aff419b9d25bb9660e

SHA512
0104dbc7a8681ba2fdf4199c3c9333b9289018099419dacf2b5369b5aa53380e4dfcce399d3e5d854c393ba26070d904b2116251aeb6d94609d7a5d730a40b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5950e674d4c1b4c486f314364cddd895

SHA1
fd65f824d5c5c6d19bd83b21c0b0a478f0242ba1

SHA256
1841ff623b4e47f546f823df20de59c009ff80cf674ef15aa389e5f6a5dcf1eb

SHA512
b377b76461848bcea26f8c56693162fe26832349ca3d82e76c018808e6cefbcc8de1cd0a78dab3aadc2986b4da0c4895e1f706045f272cda4950e7886eef9ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da04.TMP

Filesize
539B

MD5
d0ee3fd60b90d748e0096dd5d792cdcf

SHA1
57c72404f4d7fd1a8bc0213897b27cdc552119e4

SHA256
b8673df7c78989aa6d3816f5f74428542a5aceb743b4a17304b14f7f5b994e4f

SHA512
6ce3ddfa27f4cd37f61a73917eb9f653d1190d5f237221118420b060712b41220b9229d39c0cb4ec521128df944e1c1eb9d578c6fcd28e7925891079bddbdb8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b43a68ce-00f6-4afd-82bd-c70fba75b842.tmp

Filesize
6KB

MD5
8d8f1df4dc658a6cf09d1df14b508125

SHA1
57d7207135eee0d7a454b3eec3d058e6101f1770

SHA256
79112432f2ec6dd210a02875c26dae0953795f127a7d8d03a779b0e0de808ca4

SHA512
08a5c06c600f80c068eaa111ddbad739a5baaf40d2c7aa45573a2cd164c1a504317d3ccdd7891645b70bcc29a76ede86e76e1603cdb3c90a8d9bdabfe8a74e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\df8c7697-8403-4406-9edf-7b554ed691a0.tmp

Filesize
1KB

MD5
da9fa36a30491ba801898306de1d7a57

SHA1
f569ec764fe8fbf516b5daea25b4f88a246f4f1a

SHA256
a5ef9cfd903b56d7b7cd577c040b790f6392a0446b30e635cf4c16781f1981a3

SHA512
2edc4e93b208dc251420d3e61b849853f8bed51fb4e26cd633bf4365d0b033866872168c91080e30ed0d1e93a8bcb6775458af45a53753eab9f3437e09793f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
229fcd58512943be4e0ba218332307df

SHA1
93e82491b4cbb968d2aa6c005f154f3ab1f85b29

SHA256
b2b1be26f8527145ea9eeb2981b169e425c0fc9e6a6e375839c1fcdb9f0301b6

SHA512
108de869e20e0db10769f677c779a94cf7ff4d2058356fbd047b1f0275ea4654e64c597e1ed7a3e102ba5cd435b1fec9bca6aebcaf783769362825497ebd7c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb91b2e609da91eefdd5142f7fd9e378

SHA1
32a8d226b64c77c05c08baec05e516ed490ea102

SHA256
7a2f38367a22a65fdd4685770f19d219196dee1f79a5479a9fdee6f5ea8e3d39

SHA512
d8e027c235f8dceea9159c21d12b2ec4186eca4e072ff892836916315dcd17a2d372554dc87d5042b3ceb2504d60244bb1d2c47cc3f1d88d4468147d106b7e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d2609ec318df3600b13d5bbd04cd51fc

SHA1
d376b767d299532e7256461ab0bd996c5c50d094

SHA256
9eb932f7eacf4ed455c6a05c5df86519c6090ce3c78c01fb9abe395a8bc2db74

SHA512
c917aad9223aefa4873ace074e912f02080334f6b5af7a1d66914b70e8c3c74940459a6d9c04145199b7145e2f8440bced7daa3f0d86077aa88a6b01096fecae

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 127217.crdownload

Filesize
718B

MD5
f88ba79a55b85a5652f44bf696a86275

SHA1
f226121c1241117dfc0cdf5b2d58b48687e75f3e

SHA256
da87b1086e3c26e754eb6558e7f184f6edc4ca3e78af889a947fbaa0c8be5d34

SHA512
a2a3dfde669aa190a804cd54ff4ec74332179397270ab4dbbf1e5befd233f5a992e8c9df50b660f1b35ef1ac565694c41bc239aed2a5b3ad3706e703880fa493

Download Submit
C:\Users\Admin\Downloads\dw.bat

Filesize
631B

MD5
debb5cf55f44a9ca77442c15acc7c03c

SHA1
30a1b17267fc984f2b4cde6fb5435349f4e37934

SHA256
3a90c090208dabb01eb861dd34c42cb0f807669562d5eacad08d1f68f3198c45

SHA512
e847ae4ac917f032c406f849aaead9e8b9f11a7a3dd0389dcd1b2351481c57423a3e7b9c803901f28be134729d7549fb5087725ade258d8264c55181bfecafcd

Download Submit
C:\Users\Admin\Downloads\dw.bat

Filesize
619B

MD5
9fa3bfafaaa7a3d475eb7f4a2bd0384e

SHA1
ece1bd3edc96dcc2fe6b4947143d3da4c3612fcd

SHA256
e96af9167202a78f597a2e7ee1eefb3e9b7c90a4c17264c70c31766a424b44cd

SHA512
112e93455815829c60beec0ad96931cde8e931e701d209433d74e74973fba07ee802840a3523d250e790683cf710b838ab4d3f429eb4aad53a889bb6dc72a7b9

Download Submit