hxxps://github[.]com/Endermanch/MalwareDatabase

max time kernel
240s
max time network
243s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
03-12-2024 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
17	raw.githubusercontent.com
42	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\DesktopBoom.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
3588	msedge.exe
3588	msedge.exe
4772	identity_helper.exe
4772	identity_helper.exe
912	msedge.exe
912	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1572	[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 4428	3588	msedge.exe	79
PID 3588 wrote to memory of 4428	3588	msedge.exe	79
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 4792	3588	msedge.exe	80
PID 3588 wrote to memory of 3132	3588	msedge.exe	81
PID 3588 wrote to memory of 3132	3588	msedge.exe	81
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82
PID 3588 wrote to memory of 3092	3588	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd65a13cb8,0x7ffd65a13cc8,0x7ffd65a13cd8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,8300417647799379096,16446437499360765281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:800

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Temp1_DesktopBoom.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_DesktopBoom.zip\[email protected]"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
53d95221c7c9a327d48095bf69ddf9e0

SHA1
4de09212151cee3f9c20406c8322305152a4a435

SHA256
1ac88777ea607b7487b0fe77d92d1bca6c3ab2c7d51d0be5f7011f3fd216235b

SHA512
0f2eee2774f260c54f552483afe0e01b62119656244479993b9e8af9c66be11b36213c6702a6736edb6c81bc4f6f3c200e4983582ff6192672c295038d80d97f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
82b1aa369de2f968eb7fd34880861444

SHA1
8f8b722918807d9080cfef2c991494876eaddd36

SHA256
fc9ff545ff4005c466809ac36b55198f23a7d16cb00b63a797ed26607bf6d5a5

SHA512
b34721734fe77d9d3f9deedda64a90d9cb08a7a0f38f999caa845679a434dd3efa0b47da63285e1f6753da0d8b24d3ac784c40d611e1a9c0f8e6563bf80d55ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
595B

MD5
928e2258e29c69b81e75a4f01383f801

SHA1
2a82e187e71e3f66a6937d594081f699f4d71a87

SHA256
181ca621db8e02422b04909f13db787133db0b82787e9a38ed2acf7dfa732a18

SHA512
33af068af00bca8324a0e98c23baf44644e066630bb074865283dc6ea6481885c847f8bc50b2de4910613a5ab1e74e9bac1cf412a5d9847198edd0411164078f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
678B

MD5
1d9bf44973c18a2a639d1ed1eb792d88

SHA1
4ca08303ca556d377ec860d8e8526a257afba41a

SHA256
425622de3fd0a3557af7b98894d3e97dbbb3f0624b64567df01c3097e0383647

SHA512
3a682153587571be751d257cb4aeeea94af2315a138c9836d68a51328863b741707674c9fa879c78edfb6b322648cadc5ecab1eb6025b267d086e23c9e2aa36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
581b92b6a3850a8485d5cae8bd603256

SHA1
a6a5a9232a10bbbd41a3f234ec9616238ebde29d

SHA256
0260afc69f910d6e0261abd6908854f826f1b08b376cb7dc4b656fd2127748cc

SHA512
424ecd14e078034d06512e355ffcf05cfa3abc823d32f57469dbc16ef6624d8247c9e53e362c079b5c8977ccf294e8190827a6773274b58f9a0133dce9a8c5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c44004d9345f86e2a6cfe0f22928480d

SHA1
66ec327dde51d2364f080b84e4ca546c533279d7

SHA256
84351e5d699d87c2976fbf0e7a0c7c0394437560580e16af86ca71b78242e1a3

SHA512
4d2550a2fa9737323bae6ac21bdcca6f1af81e2d677af9f2c08d8b760451acb52a21e45ac8a06257b1ce298893b8c21c99e2c85348b6177b4b8af0be27c0e2bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f4fff241e4fe11f0c73f4740d32527c2

SHA1
fe2fb0c7cfc580c05fb459c19ebd40390b999ff9

SHA256
aca07f521cb79de5d066fd7ad781d3ccb75681dca8559433c1003d2022f2a318

SHA512
aeecdf4df7d187e6476c8013c24602e0dae38be8c2358c825d1015370916e17f13159bbb97dd790caf6bf58123b765b47a8ffe7ab112719c36fed5b7706fae59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c86f61be79341efc51edd60a34b550ff

SHA1
dd81b8c53a24ba4f475a08816a7a3ee194a41a42

SHA256
f1182faba92413720f93ce400dd84fda452bcf07a73839c962b57a26899d8c15

SHA512
2e9ef32921cff0c49bf0719e19492d64b7dbc9ed1acd12dd2cce12846ddc791ae6a813bf9c668966f0c7aa7dd9a46e251adcce30645d5f222076710382827e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0c462edd711947ac9d8506e2286aaab

SHA1
7839aad27e83a3274ce8fc9f0e576ada65f7cea7

SHA256
2ad25b229f4113f83c4c9997c9dc7b94cc778cc6881ced9e987a3e4e7e5f4b4d

SHA512
4ac444ba65b67e5ef343eab3286ba50303c77777e48b1b31dae93940f7c33cf644b48be0fc07f379eee4faf0dbac3f57835cab866930e6a85af876e412fe64f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b5a1687e05f3cfef845f7f66f2d4e84

SHA1
376d7eadd7f73ee66e260ec022c68a7e629916ce

SHA256
5594f5a902c74c17cfe72c64c2b5ab3ea41009c7d7ecb6154908cf093dbaefdf

SHA512
bfd9ab38ada0d797f0d47fe296cb291617ab1c3abceec44aff728623dcaba845432006657d9c593a9403bd676c9854fdb2587046566e9485f22935036792875d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d200a701159318736951f81df2ccb75

SHA1
9cabd4bff315fb765a6b944c0e0640508b2b3587

SHA256
66bfbfb9a04e69e536c1d69142c5dfae767a3178ea58c70ed509ecca9c360651

SHA512
9560c19e5f4979d33506198bb4c557544754e55871aacfcc5bf6fcdc71fd71a88caa6c6d9228d86b18d49eabba0998c3c5d0dffe3b330764ffa7ff438985885d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a44b246b112031f80c1549e305947a0

SHA1
a4cda4df992bedf127ba3ce62f55521f9a32f835

SHA256
e7f05b4129d91d704813ab70cb9585d0b6c610101774da7e07dfd4ffe1616662

SHA512
eeaea8b76b3543c76e26fd7a1b11249738b6188488ac3bde1971051a1fee6d5e9fe214d33f970c41f1fabca20fbbfb43a5c2c50d8e2e0adf03ea0b4b2b11d07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a35f.TMP

Filesize
1KB

MD5
76492379059988bc4d60e4a355579734

SHA1
74a5c9c9aa4eefff80de0e4c8f6b8ed5a09099e2

SHA256
cccbbca3cfdf5fbb09e90517345c76792d05766aeaa9e8dc69f0e1b38a9da87d

SHA512
8b0bd99cee4250e4759bbcf15285a2ea8fc71dd878e6adaa2a27d193e11756e4242dd8b2bb11ba3d29dd4bc99e4878cae22c639babe8736598eca097d64ca7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f095afd09a9e702db0a0d42182acca95

SHA1
5d7109e852a86cd3868e191c0398051beb9604d7

SHA256
ff7e952be8147e51ef8111267911f03e8d7b8a175d47d965b50ff4959685f1b1

SHA512
0f22fb5d98b04a329b666674850bea242d294759b4c89a0e848785cc57d587a8c6441caf583628a8f6a552f2354d91dc983fe865144137ad4ea9c9c25afe815d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f59b38f6d5fec5651821e5412e8d615b

SHA1
a64bd5f9f572b0f9182d12782b54f5eaec651e28

SHA256
6eded0c67c5a9537495acb11ec27819ba3cc2f5b3a60c5bd40f5ab99f01d8690

SHA512
5db4c25b5874f1909249d6fe0cbe88a2d16bf00133e5b27811b97d5a920ffe47c4657d780518f82350d51e5f57259c6883b5890ccf983bad1acdaaa59760d04d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
952e32c76a7d8af602dc0cea9c6931c6

SHA1
a51d1cb9f2fd81126a7ea82852b651e3c70c7d9e

SHA256
0d0db1e76712f3e3c8c00b8ca809104c215b0718e40a91988ff89a5ef440a487

SHA512
7d82fa2752d2a85ffbecb4ed99abfba1b9ff2fed8e76ebcc13545a4fed554724e19ce05ccd03198472f9ef5b6f0b09277bf89a2fbaa721029bc4c62dd247a52c

Download Submit
C:\Users\Admin\Downloads\DesktopBoom.zip:Zone.Identifier

Filesize
229B

MD5
fca9c33d19af724f0debbecce1699343

SHA1
f12672068e4023b9ca29fb9e2163ad53f6e0648a

SHA256
02e985c62e141337eb71e7dfa63771ae2c97504dcc58fba11ec529139d1b01cb

SHA512
7bfcd6cf768d85f0502ed9777b1a75d63e859ff157a88df50f3e81db21b3d63dd98b99dbb777b32a305624900482ea1d8547e2645c07f001a6ef7b58171a63e7

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 493564.crdownload

Filesize
513KB

MD5
14e716c9e9a4e370ccafbfbba4c657ca

SHA1
0aef4c04766d1a39925917e46fc011ddf36786fb

SHA256
666bdf8c339fc5f924f4d31e1ed57e6ce3f63c487cfb218a9b4d7a087938d5d7

SHA512
3ab23f8dc84b39e8444d3b85ecf0e1b882786dd17578e0fed34d43994506101e6034f5e95f6e88b494c989f40ecb3052ec695adbb457662c1864d97c9255eace

Download Submit