Analysis Overview
Threat Level: Likely malicious
The file http://github.com was found to be: Likely malicious.
Malicious Activity Summary
Sets file to hidden
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in Windows directory
Browser Information Discovery
Views/modifies file attributes
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Modifies registry key
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-03 16:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-03 16:18
Reported
2024-08-03 16:21
Platform
win10v2004-20240802-en
Max time kernel
201s
Max time network
203s
Command Line
Signatures
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Greatgame | C:\Windows\system32\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Greatgame\:SmartScreen:$DATA | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\Greatgame | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Greatgame | C:\Windows\system32\cmd.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "184" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Windows\Greatgame\:SmartScreen:$DATA | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 641994.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 306781.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 989988.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 183152.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 653988.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\shutdown.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa928946f8,0x7ffa92894708,0x7ffa92894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\koce.bat" "
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\koce.bat" "
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\regeater.bat" "
C:\Windows\system32\reg.exe
reg delete HKCR/.exe
C:\Windows\system32\reg.exe
reg delete HKCR/.dll
C:\Windows\system32\reg.exe
reg delete HKCR/*
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ugly.bat" "
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5794087732825109378,9730790048930014153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\RIP.bat" "
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\reg.exe
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Greatgame /t REG_SZ
C:\Windows\system32\attrib.exe
Attrib +r +h Greatgame.bat
C:\Windows\system32\attrib.exe
Attrib +r +h
C:\Windows\system32\rundll32.exe
RUNDLL32 USER32.DLL.SwapMouseButton
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\tskill.exe
tskill msnmsgr
C:\Windows\system32\tskill.exe
tskill LimeWire
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\tskill.exe
tskill iexplore
C:\Windows\system32\tskill.exe
tskill NMain
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\msg.exe
msg * R.I.P
C:\Windows\system32\msg.exe
msg * R.I.P
C:\Windows\system32\shutdown.exe
shutdown -r -t 10 -c "VIRUS DETECTED"
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa390d055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_4868_XYDEKTAGKFHDCSWY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c13e268514b6d72b2480ba1f839cb0b5 |
| SHA1 | 4360e8e3bf90a4943a44433072097691b91fce53 |
| SHA256 | 0cd9b1e000e9c4818b35ac4ba9e07da2045588e87df5671fdd2c176de46d6276 |
| SHA512 | fe82d3df5dea1ed49f5a3fa6400fd0240c7534af197ed3e0c294f7edc2ee510e0ee56e7c2dde5daf9cef71973c58f5981d2be3feccaee43dc88e4922bd7bf61e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 10f8bbbeeb85b492594c92e5608c30e7 |
| SHA1 | f765a3ff610a3cd3930e6caa06443937aa3a5110 |
| SHA256 | 3e6b904098d1be6a02b7b0b832134f6bcd7550cee0e227d5c38b108fb0938fd0 |
| SHA512 | 55db110d4e2e8e17b7d100f63b80272d22cf4420827e2e6dcdcba4467b481ad7e4273874d5c980b54772037e88c49fc05bc8b6b1935098a149d7b03ff1f26b4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 35d72803efa8318c83d72042d365e477 |
| SHA1 | ebccc9765af6f4608bcbddc259e4b45f532646ff |
| SHA256 | da2e378dac14b2e43f5f0a7f415adb2404148c3ac0d583fb70fadb5622cf8544 |
| SHA512 | 6d25bb0d8aa9f3a96911fe7097c0cb9cef66e991c55934c31740d60f32b9c32c3b8bb5a13e42be7eedf9b9f6a352fbf76994962f65214c5b1170bf8e59d3d75e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e2dd594ebc2aa0e59fdf7552cdb9218b |
| SHA1 | 938c87a103d46d203cdd5305b6e311c6af2b0267 |
| SHA256 | 5b3bcf409f4e9c3ed31aec94e5314040bc7f83302d8d8c90181af98d27eab617 |
| SHA512 | 5c8e798454bc02967b8833fa16dde42669c77d967eaf564e031703541576b69d8a2cb2d21e0ec35d5374c94a7a503bdf119c35eb35da6fec235020f23768a23c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f16ca479bd30cca62d3dbc73723302a2 |
| SHA1 | 622aab0ff9588d79fd6a3ab8b9ccd4c65330a2ed |
| SHA256 | 38783e7dc52c161126736041b58430d56b14ea64f377cd26121e43ce8899c59f |
| SHA512 | e63af5f753375a7a1d207cb061a457b3bce8f1d697a0a4fd02feb034e5bacedb0768a8f8ce9830d5a4534586faae22d857926d09d4020bf5f2b69d3162c9777e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5840dc.TMP
| MD5 | 43d5f7bfad6db49985625ec3a3a9aa86 |
| SHA1 | 864414586ff072003867b6acb2111752cf172ab6 |
| SHA256 | c0308e091698e594f1a9103ce11b8a1bca636806264ad40ce35bd9f51d568ded |
| SHA512 | 202a3cfeaf0284837b9c50d1994e4335af3cc6e6e6cf90057345ff1caac7b0de5b52f70faa4200fc0929d8df08ca76aac516cbb2137c8fe2cec5f861cf0a4550 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 474de3b635266d2d3dec58e1c38ab84c |
| SHA1 | 63fbd790bfee0157529ca3040d1d15d76587c4f6 |
| SHA256 | 390f555c9d92864aac4d12868d34ac4362afc2471b39c88c93d3b5b6e619f014 |
| SHA512 | 68a8370aceb29a0956a390c0b9ad9f163dea1964f013f661be848ebea6260e7707c29439214148d74cec70934d9e675c61b63e1a3452d26b2ed269a702cc3acf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 30e521903b038312ba0ff65c581725f8 |
| SHA1 | b836d331984299cc96cd3adb4ab8e91d4dd7f9da |
| SHA256 | ce7e78edb506759ff4d6e1304a78853ed1f29c7f1f0bba7299e2f00ace76c5ea |
| SHA512 | dc3e432bd6d3bdbb0fdff5f2eb5f6c370622e2c971b675ec13bd5d45f20db9d29dde8046ce3c792cd73c9522753b08f08f4c9357462d94ca4b07795d3fef9ea8 |
C:\Users\Admin\Downloads\Unconfirmed 641994.crdownload
| MD5 | 7ff814e5f47235f687dbaa48d8c1d1c7 |
| SHA1 | a7126f96928a58db6d9977b351bbc288e7262c9d |
| SHA256 | 9a935b33ec79f991cd7c6fd224ca4637d3195b72fd2d23253508a320b72cee20 |
| SHA512 | eff587829e17f453a2aa5aa43868a082eab456659eb1d33b137acddab46b75430d0d2b6d71529d637da00d0e0d37e14d2fd6320c2bb9124315fcb8bae3223256 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f861f6f9b58c52d5032def551b43e230 |
| SHA1 | efe2c3a18cdbeef54b18dff9a9db0cd0f95c49cd |
| SHA256 | 58de693413dfcf57fccaa1b82a94d94d37e47e5f3417d60264313dc2e51ddf7d |
| SHA512 | bbdf16aba8f19981089dc0aac36cf7b1f15fa34771d127002d1b6356cf772abbdb85cc0de6ad9df2b6739fcd2c472bed071470089bae87a52baac0e443ce357b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7dbe03ae7f6aa4268abe94938d08d678 |
| SHA1 | 9166d13aa1d1f2589ada3170843ef782d64288d4 |
| SHA256 | 7cfa570aa457b30591ec4966aa457c3d40185d42c3e9e59e3019f24b8befa7f2 |
| SHA512 | 10f6a233b9029795883c597bf2a9cd8876c551e55df26423c975d076d7e662b6e677746e6458e3a41dc5ee3605b3d44eb798ba1a46eac222310186406d7c5742 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19e609cef95de9567e9a1aecc3932f2e |
| SHA1 | 2d586e7c85999b9d2eed623fe87a820288332b6e |
| SHA256 | 51fcca8ac0f63d21f3f2ddcf4753b821473cd7db4bef7984160b2352eea0a9a2 |
| SHA512 | a603811b75f72f4e991db7b845b20e41cf4b2c631d3254d2056ce5c8cdcd2ebb6c2038048dc13d8a2490668dd4f210de13cb3df5fe45f093b1cb0e3cbb1ac84b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 90d8ea6b1c501cf2fd4511f67f103898 |
| SHA1 | c2fd6b03ed884799894343827c0ec132715900b1 |
| SHA256 | df2bde3a653936f7436522d61cad75b0ec5bfe4c2b5b1c3747b893e0cafd91e5 |
| SHA512 | d21753a89437f7188bd8d05cc376beac4bda43e67a51b8a62881e5f1a46673a23a202ff10fb7bdf45168f2ec41659655fd85242f52bec336f1a387522e15c291 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4b73eaaf39705a7106136e4423b815e4 |
| SHA1 | 62feff8de0cbcc6a2953f44d17b2e0b51f3d1349 |
| SHA256 | dadc928f5d867ea5e2e6b80a6a8581207098bfe68184b16f5523387d91642b37 |
| SHA512 | ba0cc54b208f43d54edd6d88fca3a3695f6ba1270d5ba5b38d1f1512aeb1cf9adcdb3c8e45449f30110840f1d2708b5af8b9c8bf94cb9ccdbf54db9d79c7e515 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c7b2248cef86648d2d01ea990ae8d2c7 |
| SHA1 | 20df5ca1c8175b18d6627bcc6ef1805fbdcf5975 |
| SHA256 | a444d651dc966b27e718c583e64ffea81248a7e78776808e190b4018c473734c |
| SHA512 | 9d9567739859bf53727e55895ecde7e6703925b245ed970536fde5837ad573c4556f18c3517db23fa8892f9092441be6e59fc41f1a98c3a8d1639cef536eeeef |
C:\Users\Admin\Downloads\Unconfirmed 306781.crdownload
| MD5 | e34d75f34584a710fd125d0a74b5398b |
| SHA1 | 901a23e256572eb7cdf61ee67effd551dc11488d |
| SHA256 | 2545c59eaf9c1d7b789028caa2ce9731ca074c42aeefd4b8a78587b9df6d254c |
| SHA512 | 113d87f9a90d09fcf771a42e5a20842e3786a0d8f2613b8110bc2518e5faf02ca5571a3637abcb7940f5b171c7c48664265f0e882f0bf14e435ec830a869767d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9d167ed5c8b42420c3c16f7dc2198aec |
| SHA1 | 1781e74d950e7d371ca8cf9e5df8d241d334554e |
| SHA256 | f572ff47b2bd1b455434eaaf8df3b37463a7d5e83bd0596d646d75467f834575 |
| SHA512 | 2548cd200be7b4689d1af74821ab01257bd71778e1d49914cf4556656f63d5fc389e2175a6182b665bafd7c41f887bec496f37f280c67c6f12c84cb3947efad5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a39632d280b0a96a2d24fa120cac22e6 |
| SHA1 | 5612e9ffc08f15e7b905bd47ae529002756c1a43 |
| SHA256 | b472fbb6968dad6ee86b7b5f00eb1b6b36d81ba76e41c7f6754b5f044b048ef4 |
| SHA512 | 7e0884a0237ecf8b29e90712786b1897afd5de04500bc07d40886628e01127be9d34eb1a73ea1e835ca5828c4a378f3dda5f075a00104204550839ed1241effb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | eaa41e447d34ee9c6bea6cf1ecc64ebd |
| SHA1 | a2a47395a06103cdcd85d3f247fd3b55bbc44d3b |
| SHA256 | 62b4fb5acfee3d2deb0d1390df26172cfa2b5a17289541d7e7caa2af7c5d379c |
| SHA512 | 5cd96c25eca6189037a78cf9cf4fc93771bd939420c27e9e6fb0144c3c738d3b6c1d69bdfc1bd98c140a40dab0cedee34b37adfed69fc79e5a8c601140376844 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b02e777c8db12431d899a6b77bdee8ba |
| SHA1 | 5f9fbaee448d229f95f3918a2ba9dbb32bebb044 |
| SHA256 | 31bd9402935c289032742f9644dc1ae11fc1caaca099fbaa453af8950fb6dc40 |
| SHA512 | 7355015abadcbd1000fdd7a0e88c87c897113fac7d6bd39bef5b66b460d4e5fe060230dd06af4e454c7551458da71737d364d726e1515895573782ee167c2bff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ce75979e14dc8f9e4fc5e753f83469f8 |
| SHA1 | f1d8a4b4c072606f55a47883c4d341263d777986 |
| SHA256 | 082c1c4e2eb8c2408bf6d51c9e9642493cbce9bc5da78173f5bc9a935124a3f0 |
| SHA512 | daa172ffa3b07ac5640e4ef43d753a7580a3b4c57916b7dcd74b8db4e1df8e54a9d9fea1d2680ae1ebfdad1f48f62cafd60ee3042c0e5dc16935e2220fc97e8a |
C:\Users\Admin\Downloads\Unconfirmed 989988.crdownload
| MD5 | 793899e4c918975896380db1378b24bf |
| SHA1 | 7cb206775e262cd45ab4f344319280e9e53a808d |
| SHA256 | 54974f418e47ae7083f805caf75e2fe6a766c94e3343e8ddc90119afb6138ec2 |
| SHA512 | a0b321d10c9d6cdea969b7e7883c44ddeb2e199bc55f9a890c57de9bfda9ec2a2e82aa111f7c154888ad8dccb7f664d77f7de09ec79d236635d79cb97c2b12eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9c37c5a87bcdea80ae02455832f0c76c |
| SHA1 | 2d1de1fecd0cc547a361b5c2640ddddfb310189d |
| SHA256 | 8a62369e75e0ee0cbbafce8eeb677b86208e6a1746e494aa977752bb533047e8 |
| SHA512 | 4ec5640e5d5a4ac02a40c2205f2eb96b2a2b7881649498f5604b911c572d56c47de72f7d09ecc794c52daa9bd019ae31c0ed447f756e37f5a00aaec981305c1b |
C:\Users\Admin\Downloads\Unconfirmed 183152.crdownload
| MD5 | 71637c896159c609c27ed90ebd660d91 |
| SHA1 | 6c6f94be110a7f95feb03d8f58882a53ea6aa313 |
| SHA256 | 03339df2e217ca30d24d8ed23f65d7d4c61327a737066182418db0c50e8370d1 |
| SHA512 | bdd8018f487e1c8bb912a129b5e61f3ff77d65343abee391418bd2302a52de63e42b91ff5b25d5aa927b1266302359fb75806d0e1327639d2425d21a9325f849 |
C:\Users\Admin\Downloads\Unconfirmed 653988.crdownload
| MD5 | 57f1333d20ddaad7bbe04a6cb28af86e |
| SHA1 | 56ff118b58db80599a8fde572d0e75133425701f |
| SHA256 | 56ffc8cc10faa2aaa21b95d175862ec82a615e0140f724ec769f834f37d22d44 |
| SHA512 | 04253d2e6f0810b26dc55194ed37963f597600e6af2eecf224879e6cfc21cd625e0bd06aa98758578937ea66f325db89e4244179da190052c6a745f728ba52fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 35a759d452c51d495483756d5311ba3c |
| SHA1 | 245680ea865d02b4343a0e390b6cab1eb3473979 |
| SHA256 | aae406e682eab45ed42d14390679a9467aec6d4d5998e4a07b80eef04e300135 |
| SHA512 | 9dae4bbe4b69f507d7653e332f4d728eaf8174aa152546efb8344fa0434d69ca6dfc276b914f6e33d9374e8d0485ba6218e16ad00446d2b514a880ac391f27c4 |
C:\Users\Admin\Downloads\Unconfirmed 653988.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5e015f82f3c2470502ca0b71f977f489 |
| SHA1 | 51a91365ee5f15db88f92a96e8246851c9bab7c8 |
| SHA256 | 10616b1977f0139a1514d75ea429a46ce0172178c5c6ce765d81cbd58cf077de |
| SHA512 | d2b5458a3a175f65793102868e766ad65c8d74d9809ca6f29dc195d90acaf3784984b69d1ce6f88579c7727bb54c6e0338710be9e708ce8ad87cd1e4ebdf0694 |