Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows11-21h2-x64

10

Resubmissions

09-09-2024 23:54

240909-3xtxesycqh 8

09-09-2024 23:50

240909-3v4c3sycje 10

Analysis

  • max time kernel
    106s
  • max time network
    103s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-09-2024 23:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
10/10
dharmacredential_accessdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Signatures

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma
  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (562) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Downloads MZ/PE file
  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 5 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops desktop.ini file(s) 64 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Interacts with shadow copies 3 TTPs 2 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3852
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef9733cb8,0x7ffef9733cc8,0x7ffef9733cd8
      2⤵
        PID:4824
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        2⤵
          PID:1612
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4788
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:2364
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
            2⤵
              PID:3872
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:340
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4620
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:888
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
                2⤵
                  PID:1940
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
                  2⤵
                    PID:3412
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                    2⤵
                      PID:4048
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
                      2⤵
                        PID:4828
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
                        2⤵
                          PID:3492
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6000 /prefetch:8
                          2⤵
                            PID:4808
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,9321797998400636890,3429048848909085862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
                            2⤵
                            • Subvert Trust Controls: Mark-of-the-Web Bypass
                            • NTFS ADS
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1180
                          • C:\Users\Admin\Downloads\CoronaVirus.exe
                            "C:\Users\Admin\Downloads\CoronaVirus.exe"
                            2⤵
                            • Drops startup file
                            • Executes dropped EXE
                            • Adds Run key to start application
                            • Drops desktop.ini file(s)
                            • Drops file in System32 directory
                            • Drops file in Program Files directory
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3892
                            • C:\Windows\system32\cmd.exe
                              "C:\Windows\system32\cmd.exe"
                              3⤵
                                PID:2200
                                • C:\Windows\system32\mode.com
                                  mode con cp select=1251
                                  4⤵
                                    PID:27020
                                  • C:\Windows\system32\vssadmin.exe
                                    vssadmin delete shadows /all /quiet
                                    4⤵
                                    • Interacts with shadow copies
                                    PID:15512
                                • C:\Windows\system32\cmd.exe
                                  "C:\Windows\system32\cmd.exe"
                                  3⤵
                                    PID:30924
                                    • C:\Windows\system32\mode.com
                                      mode con cp select=1251
                                      4⤵
                                        PID:31152
                                      • C:\Windows\system32\vssadmin.exe
                                        vssadmin delete shadows /all /quiet
                                        4⤵
                                        • Interacts with shadow copies
                                        PID:31252
                                    • C:\Windows\System32\mshta.exe
                                      "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                      3⤵
                                        PID:31024
                                      • C:\Windows\System32\mshta.exe
                                        "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                        3⤵
                                          PID:31040
                                      • C:\Users\Admin\Downloads\CoronaVirus.exe
                                        "C:\Users\Admin\Downloads\CoronaVirus.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:39152
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:5108
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:4904
                                        • C:\Windows\system32\vssvc.exe
                                          C:\Windows\system32\vssvc.exe
                                          1⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:31076

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Reconnaissance

                                        Resource Development

                                        Initial Access

                                        Execution

                                        Windows Management Instrumentation

                                        1
                                        T1047

                                        Persistence

                                        Boot or Logon Autostart Execution

                                        1
                                        T1547

                                        Registry Run Keys / Startup Folder

                                        1
                                        T1547.001

                                        Privilege Escalation

                                        Boot or Logon Autostart Execution

                                        1
                                        T1547

                                        Registry Run Keys / Startup Folder

                                        1
                                        T1547.001

                                        Defense Evasion

                                        Direct Volume Access

                                        1
                                        T1006

                                        Indicator Removal

                                        2
                                        T1070

                                        File Deletion

                                        2
                                        T1070.004

                                        Modify Registry

                                        1
                                        T1112

                                        Subvert Trust Controls

                                        1
                                        T1553

                                        SIP and Trust Provider Hijacking

                                        1
                                        T1553.003

                                        Credential Access

                                        Credentials from Password Stores

                                        2
                                        T1555

                                        Credentials from Web Browsers

                                        1
                                        T1555.003

                                        Windows Credential Manager

                                        1
                                        T1555.004

                                        Unsecured Credentials

                                        1
                                        T1552

                                        Credentials In Files

                                        1
                                        T1552.001

                                        Discovery

                                        Browser Information Discovery

                                        1
                                        T1217

                                        Query Registry

                                        1
                                        T1012

                                        System Information Discovery

                                        2
                                        T1082

                                        System Location Discovery

                                        1
                                        T1614

                                        System Language Discovery

                                        1
                                        T1614.001

                                        Lateral Movement

                                        Collection

                                        Data from Local System

                                        1
                                        T1005

                                        Command and Control

                                        Web Service

                                        1
                                        T1102

                                        Exfiltration

                                        Impact

                                        Inhibit System Recovery

                                        2
                                        T1490

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id-0864ABD1.[[email protected]].ncov
                                          Filesize

                                          2.7MB

                                          MD5

                                          b8ddc758c0f51217c1c9673d8cf8cc15

                                          SHA1

                                          3c72779a7693941ab9e67254afe9698f07dabbef

                                          SHA256

                                          37a99fe8e625cbbd850489bf51f0cca810321bc71144b55721acd923da3e1c6a

                                          SHA512

                                          3481d64a03196b15e0ce608b9106dbb401b6e1f7d86e1785d6118cd5e117d3c9f21d9cf2ae5878e66e67021277abc1773deb2be535eea493034317be8850479e

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          9af507866fb23dace6259791c377531f

                                          SHA1

                                          5a5914fc48341ac112bfcd71b946fc0b2619f933

                                          SHA256

                                          5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

                                          SHA512

                                          c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          b0177afa818e013394b36a04cb111278

                                          SHA1

                                          dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

                                          SHA256

                                          ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

                                          SHA512

                                          d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          2KB

                                          MD5

                                          4428f48f381cf349e1bc87aded6a9165

                                          SHA1

                                          964fbebb0daa3dcb94fa144841886f9044032074

                                          SHA256

                                          0f1744b8a6273a36a3d690af96e849ea6c088a7c5b7575e5d6f470cf6fcbda53

                                          SHA512

                                          ed6ed61111e8239c90f4b1c92da393db79328cbcc7872048f994f7b4328585368dd39f323db5e8f039cb32c008d45ebb46c75da9a7107a26d12662eadb268d2a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          111B

                                          MD5

                                          285252a2f6327d41eab203dc2f402c67

                                          SHA1

                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                          SHA256

                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                          SHA512

                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          579B

                                          MD5

                                          75237b876e4ebf0cf587313ae92b7952

                                          SHA1

                                          ef712d6b1e678d091b39cd593b8d4a2a5520f139

                                          SHA256

                                          d7abd571a35eaba20a7c57d7ac93cbb59b8d4b417f4b67590ee1c29ff561442b

                                          SHA512

                                          0c96b1f590a69141018c2112e36de65fb30ab57320b4b76da3a672b23c716197fc06e0f381491975319a8ad4ae138660469d3149cfbb69be96a2cfdfcaf802b1

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          9b78d80922ac3a61f8f8f43d7f08acb2

                                          SHA1

                                          dc5358b74243d9b93db35b51cb0eacca84192cff

                                          SHA256

                                          ff09d6f468076c8f9a58c5ce7e73f75ff36942ddac5de235e70929eb6408f3d0

                                          SHA512

                                          1dea51a1fbbd47a26aab880fe611c823c9adb6eb3335957198a73da1ed6b3ff71f519770cb96bf1f2dbb45dc77e9b8fb2555ba508edba6754e8fe2f4724c382b

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          30a1dae5b36a50c6cc2500516ab6b045

                                          SHA1

                                          4a29a02428d9f09d2426b3539428ce82302b32f2

                                          SHA256

                                          f1811f91c98ab285514ba4ae9fba7ae1ab1fa2c767deddcbb4edfcc9412f2787

                                          SHA512

                                          f322d8264d805d85bec976d198436e45bff62b36b9efaaa9af33fc3c7d4ea0899f6d9f77ee3c3df2f092d7262388d8992ca63d844b1920ac194842abe5067548

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          c2beccef83ac05a7e5e1d1aa39aa74c7

                                          SHA1

                                          f7d38e1e553cb256192e88d36ece61de0072e158

                                          SHA256

                                          3f473626746c4c66d5458c51c4ffb5d5ef54c051489cd1fe984f12dd2a92c0ee

                                          SHA512

                                          9ecc54aa3d4877ce2f95e861218728e488a7750261dad54e00c2693fc269a53921dd4566a1d14cd76546d55a0fa30bf90c5b82e3a369658ccb2ceb6a3844c4a2

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          874B

                                          MD5

                                          47982b06944a8c27bbb103555718a43e

                                          SHA1

                                          9a1421299bcee7e8e2dcb9c4530e64238b3747be

                                          SHA256

                                          faf7a3a8983c5698856b0789d760a0e8ee6c593d68f9257d43f6019e81535113

                                          SHA512

                                          73e08d9f53728017951a548163c3caf7a2fb8a66b3ac3acc65924be75ee46eb3006bb8ff5ddd9f151dd5bc699552b2ea01182ba7d469a51bb51b7d9d04316db7

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          874B

                                          MD5

                                          0bc2f4065018cf008d53949b2e2ba3e9

                                          SHA1

                                          11fd6e5db287a87dcbe5360d4142f88fc72789cb

                                          SHA256

                                          94cc2ed3671dcb76454010c5e851727934647340b44f5c3394b399db6b6372e3

                                          SHA512

                                          d924b796b6683b079a8c1efb01361b7bee5ae0a1a2682f3da4458192e8638beccd0edbec9bcdf4a9aa5159f90a6de0b91f843290b584470cce5ae696ecb0a9f8

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          1KB

                                          MD5

                                          19c0ff84cb700ea15ca7e718cf364276

                                          SHA1

                                          2a7a81f2861efb9bbdc5ab586598195acdaee73e

                                          SHA256

                                          ce8f69da97f022e6f5247417444961106796d271033cd0139eb619f6b503f78b

                                          SHA512

                                          6fc126efe5718c63b3f26b54de02df96eeed8111f27ea9384904cb107d1017297aa41dd1898d65b4ef79fb9f1863dca40183170db6a1e2514bdbc8579abfb3f7

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806d1.TMP
                                          Filesize

                                          874B

                                          MD5

                                          558250342a737e38729fe5b19b694240

                                          SHA1

                                          7491cadfb8ccd8d15d88aeb8d1df7547833819ca

                                          SHA256

                                          ec3f8448d11106022865d3491ff9ba4bd3ca17e8a231478bb103fe9b3c09e323

                                          SHA512

                                          8c7031b32f808ad03c39615744a86142726903b723ebbe598e6bd8e53127b2f8aa26efb8992a16b6415f96e8eb20a271db8f66a49ddefd29fed0f284c3613fbe

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          46295cac801e5d4857d09837238a6394

                                          SHA1

                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                          SHA256

                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                          SHA512

                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          206702161f94c5cd39fadd03f4014d98

                                          SHA1

                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                          SHA256

                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                          SHA512

                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
                                          Filesize

                                          16KB

                                          MD5

                                          9a8e0fb6cf4941534771c38bb54a76be

                                          SHA1

                                          92d45ac2cc921f6733e68b454dc171426ec43c1c

                                          SHA256

                                          9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be

                                          SHA512

                                          12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db
                                          Filesize

                                          16KB

                                          MD5

                                          d926f072b41774f50da6b28384e0fed1

                                          SHA1

                                          237dfa5fa72af61f8c38a1e46618a4de59bd6f10

                                          SHA256

                                          4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249

                                          SHA512

                                          a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          10KB

                                          MD5

                                          2ec3b937cf2295c6675198b9f1e2248f

                                          SHA1

                                          3f1c8fdaddf3bf2d24a7e439177eeebecafd4acd

                                          SHA256

                                          c6d2ab805a9c4521916d10935d45d044251d83a977b345745273946e788f573f

                                          SHA512

                                          706d91f80bacfa5b1aa42c8cc8c5e08120e536b854d7b52080aaf30e427a294701a88b061b76b5c30a0e3791b5d5b2127026e401f6f12c47d6c889c6beafc61a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          11KB

                                          MD5

                                          2f186a887e6e5f6acfe672e50a7d8c43

                                          SHA1

                                          1f87ad14534d434def5bd4d5f0ae6f1c444e6180

                                          SHA256

                                          8768f59e8a7ae5f950e4b76135920adceb17926749601bc2eee83eacaec6b4ab

                                          SHA512

                                          df5abb134eedfe8cb370f3f586f0e1449feba38e6d6cd5060b04cdb4a2e9bdaa0ad09cf8911e4a10594be69aae372205726c1829d9d1f91777206158d2285fb9

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          10KB

                                          MD5

                                          150177dd8d60f7a5e3a831a704ab5904

                                          SHA1

                                          18276f814903b397225aa8c8272a9530b9f247bf

                                          SHA256

                                          fce79c4da94fb9abd223ac879522fd9eac72d5e3c5e436749ec00a7286e5e35d

                                          SHA512

                                          a2e35051860b8fcdc92cda983ed3e0439b4a5f81cffa05c139f1b019d2df97ed73bb349cdb843d13daaaddff1e72dd77290191307825658b870e8ffc3578e5c0

                                          Download Submit

                                        • C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier
                                          Filesize

                                          26B

                                          MD5

                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                          SHA1

                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                          SHA256

                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                          SHA512

                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                          Download Submit

                                        • C:\Users\Admin\Downloads\Unconfirmed 515073.crdownload
                                          Filesize

                                          1.0MB

                                          MD5

                                          055d1462f66a350d9886542d4d79bc2b

                                          SHA1

                                          f1086d2f667d807dbb1aa362a7a809ea119f2565

                                          SHA256

                                          dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

                                          SHA512

                                          2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

                                          Download Submit

                                        • memory/3892-6269-0x0000000000400000-0x000000000056F000-memory.dmp

                                          Filesize

                                          1.4MB

                                          Download

                                        • memory/3892-353-0x0000000000400000-0x000000000056F000-memory.dmp

                                          Filesize

                                          1.4MB

                                          Download

                                        • memory/3892-337-0x0000000000400000-0x000000000056F000-memory.dmp

                                          Filesize

                                          1.4MB

                                          Download

                                        • memory/39152-18727-0x0000000000400000-0x000000000056F000-memory.dmp

                                          Filesize

                                          1.4MB

                                          Download

                                        • memory/39152-25149-0x0000000000400000-0x000000000056F000-memory.dmp

                                          Filesize

                                          1.4MB

                                          Download

                                        • memory/39152-25153-0x0000000000400000-0x000000000056F000-memory.dmp

                                          Filesize

                                          1.4MB

                                          Download