hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

13-01-2025 20:24

250113-y6snhawqew 6

13-01-2025 19:46

250113-yg4z8svrey 7

13-01-2025 19:26

250113-x5jhrsxjdr 10

13-01-2025 19:19

250113-x1vegawqer 10

Analysis

max time kernel
960s
max time network
964s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2025 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
79	raw.githubusercontent.com
80	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
4240	msedge.exe
4240	msedge.exe
3840	identity_helper.exe
3840	identity_helper.exe
3856	msedge.exe
3856	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3268	msedge.exe
3268	msedge.exe
4732	msedge.exe
4732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 1224	4240	msedge.exe	82
PID 4240 wrote to memory of 1224	4240	msedge.exe	82
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 4868	4240	msedge.exe	83
PID 4240 wrote to memory of 1156	4240	msedge.exe	84
PID 4240 wrote to memory of 1156	4240	msedge.exe	84
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85
PID 4240 wrote to memory of 1988	4240	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe008a46f8,0x7ffe008a4708,0x7ffe008a4718
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,10127962841198389274,6376987812663708735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b96a24fde12e090717836def0058120f

SHA1
c120e5d556301ad63cb7393211bfb9dd9074116d

SHA256
b6e191e8dc0f51d0c84ecb6b13cc7b6fd187323b8956dc0c986b55dea37b1cb3

SHA512
6717fd0e2683577dd85cc05d41dffdb9e0aab02246662f3304dbcd6115dee2b20e10a6678662349058a880cdda4dd795b59803a5fb1abe8d429c80bc30bee524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0f461ce7e0ba29becd0b282e79f9eb7c

SHA1
482f03af2c2c7504b4b85bd9a662e4152a799626

SHA256
453c49d4ed96d67a4284f9b5f1dd157793860eda7c6b061be37137ae5b14e3c8

SHA512
e20898757bc3dc8ef6e039c5d6bdc20030daf84fd138a400243766f1b83d5818c8faec50a95d51e39b794bd778e4b2a59b0b0e9a4762b36a2311538c43abf782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
595B

MD5
e5d99b2435342470088880ca6dc26e6e

SHA1
fc95c2bc3f53ae68753caa597534f126158d05fc

SHA256
947b18257c62504e48d61bfa2ad6d9cbc5fee941d5a06781675cb95ed2a542c0

SHA512
9b732069e3a73fca7f74988461934087483a84be845a8ba28da6cbd149e2b1e0a676678ecbc24c8bf79e4aa8392f48887c0bdb10c51cf6dce8235aed9eda6c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
678B

MD5
598891de636892ff135ebf29df593f06

SHA1
18dbb270764ac75db1fba1d2ff3fa4fa22151a03

SHA256
14b5351a32987ee2f23006fcfa1a2fe9e8289287b97c347d5b5743f5f8417947

SHA512
c6f5bca4fb69cf1fe2864a2714265c163958292a3d23fabcd07728e135d1a50e7b86403146792bb56ed6278fb61b7282172636384977116758617bfad1fcfcd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a1d1147049541fecdbefc0f30d76b8f

SHA1
6853e130fc62e3e568be605b0dfce9de5697ccd6

SHA256
a9b8810ffb728b48909fd7e17a604783bfdb75b477ec840df16985ed900817a2

SHA512
3e299be21a7b6a6170bd348a9e1a2d72171abe09f8b1275a97aed59dee2804f5483246ce96d6e000537f8e1232f2f82d1d2ba377cbf83cddb3dc4e80e539402f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
018256ed90628b705f464c74d03c9109

SHA1
df7a9f4f590c37eccbc3ade48e26a9ddbb393bce

SHA256
7b09ef6c8d89d63a06f84399b87149623cf0d76cd9af931b3273449979d1ce03

SHA512
a94c2875bab9408cd266ad191f6ed1e78dc596da10bf86c348963a39dcb1ad8d32ba7fedbe507c13bfe83c4986a1ded63a647d9b731bc61276c30aef22ef215a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b50d0a229ec324f7bf4d8a35e217a42c

SHA1
7cdc0b39f2286ffff2216814b64aa501a7cfca29

SHA256
a007a0a91a884b227d9283932b6559e523faa2e2daffa5f2b04ede95ef41de21

SHA512
bc2849c9d43f7878444c3057f9963843545b8db4cca3c60658b0f957d26b00bbee9cbe69a4511ed8dea668e9d1dc63077723fc4c1e04e32e701e45109801dea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
148727b4a1db87751faff461f3347f71

SHA1
ea429690141d8c933731b3944f4c76adec3edf3c

SHA256
5359a70e0224ba897af7e0ada391bb9203276056249b1051988cfc11c05fe192

SHA512
59e4267bf02a38bd5c261c3208d8aa8ce52b47ea778acb00a626697a4d169a2d83ca410f7cb75485d23e70e56ddaa995ee5d54e450418e3eb0c3de5a298a64e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8a08f0aff65958c8d355fdb6bde9ba2

SHA1
4ca3b463dba06fb233ccd4c891305cccb543b0e1

SHA256
fe2856055ff0297dc3a7b96084188e995dc67ab3116bc43c3ba12b9f7da4adff

SHA512
1c743896fc007295098bafdac8d17a29b5bf8a18accf81bdf9a9d5a50308903676ac080119d400dd5c74ce755f6590b246b85bd0de301cc57e462a7f246df1d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e45ccd311a7a1df80a42fd1f69b55516

SHA1
5b50f8a6f58b534dbd3fc0e410241a502a995f57

SHA256
8cd2ed792e9f6377a103c80b64a7a1feb56b369074be4aa0280b8b5805ee6b8c

SHA512
f6e209cd204c827db5ca1ed8dbc98957e9ccea4b7ca07ae27ad099811fb13a53bedb55f51acacd35ec52474ffe0b80c8a1c2ba7db3936852231f291f84e893eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25e6a7bf3d44aa48d99a928ffc73e20f

SHA1
19b5b3a72834cb1b5b08e293a4ef25814d0f83d8

SHA256
a2b8e03164e970d6f8f0044c8434b9ffa6d3aa7f19ac41e34893eed9c0614435

SHA512
98889b010530c8995e67bcd0664d38efc3ecc69083a34d8cb955ad92f3628516e8b107a009aee05d6e39987995252d02afb400999ae0b4567596e339b0a083a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a544eff4c0538ac712384000b93bb344

SHA1
6b9fff34e9322e1bd147de9ae18969cd46bfdb0d

SHA256
3c2980bcc1a8d60db746e409e2659846f32c29f93a81519fa1aa0a82a375f46e

SHA512
9a9f5c193cc421f6ed81b08905687eaf2e4fb1345ee56e52af8f84ede60b818ac419fce65579e2850f3271dacea114ef71c3e934cae10849ee416cd73f6ba3f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02afd3ca3bbf05a7a87d507593c04adc

SHA1
d9fb53d67201a7114d0acc5c35d3d33b8f92eaf6

SHA256
d0ae59df0ad50fab546aa13650e1fcce09b9ea785fe53acd51615a9141c2b98a

SHA512
6efc2479405280aecad246ddb29716d58f86af3e4b4f01324404b12e8459772b76817f526b551e9cfd7f0c8f12976bccee76c4e099ff560545982b00daf2afea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e02aef7e78ac6ea2e9b6a12d8727086e

SHA1
d5602b15ca8ed74f6787ca27329f0c328369f28b

SHA256
eb96398f2314c9b3b5d1556e193a6719d345cefcb58deabb4b9a1cab0cd43aa5

SHA512
7b0f53956f36fd58681d612b62b709259362d49ba0eb5c262b2bf798e6de2e2621a7862071d58862d4ec9ae411d1861665e9c0daf5e1028da751fd1af69b6a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7cbbf09c1b4138f8128a1cd42ded911f

SHA1
811ce8cb67f85ee3d26fd8070f7c06af43edc807

SHA256
60f398169d444d3f467519c21f888e20b48f7903d63c963c8b9d3153e608e250

SHA512
957588fe97c37052c852ae2b8db0c746471182dc34bb84994b91d3971275d7f2d195f08d8081439296317c18c5e339740f25985b87ebe597f292d8d53d67e1cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
916d533315425ba6d500d42ec5348b25

SHA1
5b20e7ea22eda803fae205dce2d85fe212c8c4c0

SHA256
fe71cde0354d771e73f9a9e0dc0e32ee8d9274a73eadc52b000684c656e4e5fe

SHA512
2bbcc06deda188a6461bd8c92cf79fa26bea309ce56c3f05f53412dec7da91b129a6ea321b7ad5b65a48f7f92b5fb824adec48b1cf61e4017d343bdd227812f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9207f56db0fc9c1a25911abe0fdb92d0

SHA1
f1e0da3078d6dd4195d19e1baab60a060f467bd4

SHA256
f573c3dff31165b80eab88a9f54fd0097a9b0073cb7ed3d04e02de0081490db3

SHA512
c0efc912eca71bdcc61990aa266717dd109459448ed94c536f2a60343f98a13e5876273a3624a3a99e8123a4a9435f610079c06ff2e55269d1deecbcae4c76f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d9df34cdaa9058b61ee6d26625770ac

SHA1
5cd4fe11cb8877b0de0eb39e221f1019556e3201

SHA256
7f7bddfadec0ea4d12c4f1bb8b5bdc3a559394174ce8f7c0868d9c08bd8d61a8

SHA512
8b311c7048c3d8adda20215c3ace405abcbe38186931d121b7091e9e71a9c3a684ad49f3c61c175fcec219bbbb7025feb106d5a0952280ed7b1c0833f7c8f319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cddb5c2043324b04870ec46570f10477

SHA1
9b02177fbdf68509181d781920ec458b0cb70f53

SHA256
dee38d29cfd1517c40460d3ec065867aeef54f8d776a88aa8e7369e081487125

SHA512
3e28046f9fca01210ccb9c4e3bd6410bcdc96f725aedc9b98753e9beab06babb1a7401a89d50f7597a77f6ee85935d8c59696a66d1e33dd3560508fad2330907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584215.TMP

Filesize
1KB

MD5
dc89bb2a5064cd0385cbc53bc1936ad1

SHA1
9727cbc020c5d5b3e3e67e2bda07c80a59349cac

SHA256
95ea9e3f40cca0589d459a7681bd6d6e0873972fb94b8c098aaf5baf9d795b5a

SHA512
50f3aced30ea7268795d39c33dac8197c6324f42aca3cf16566a3abd6b6c39e20187ff0a9f5beb29cfbcc8751ecea26b4add0a70b54557a50578104bc21cf02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
caa89f62c8ed2c2f82fe58ec21d9b45d

SHA1
9a64cd6ef538f42e21ae8b7c621b7200e6818ef0

SHA256
68107ef0a877376eb8214d559d9df892a873317e3bbd94651b4e632e559dcdbe

SHA512
540404da2c3f67f668d26c18d5731859d172d9fcb7f684678f18face6ebeee2251a3b8e7a7d73a7dec41570f06511668c86e6c1ff4e03f20bc856917ca1a34d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4061053ae68bbc4832cf0a5df22f13bc

SHA1
bf927a5e58d6f3a55256429b09ab9cd40284479e

SHA256
c7495cc80a3de4d45a572b0bc263c1275b88c590d6b3d8877f37cbd1cbe9bbff

SHA512
a19663991c9735b9f7743efda372a07949f57e1201679ba511058e38dfd6f4d774f5fb1c1ac7a4935e0d0ceb5f887f8207684f23d913d16f8395f833a88abaf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a9f485cb726573df6577e6298b9feef3

SHA1
b834ae78243238ee587d6f1180414a9c1e96091a

SHA256
f403926a984450537073bf4e1a678857a1ff4bc3d8ef6bce6dc57c3bcc021f0d

SHA512
bc623f838589836d34a0f8deeb0a3c507d45c873bb572b9a6d00c845ac5b8c43610f5a74773d7722e8979821a50539237ec0f873a911a67b8e6ed8b2806ac12e

Download Submit
C:\Users\Admin\Downloads\Ana.zip

Filesize
1.8MB

MD5
cb6e4f6660706c29035189f8aacfe3f8

SHA1
7dd1e37a50d4bd7488a3966b8c7c2b99bba2c037

SHA256
3341abf6dbefb8aec171f3766a4a23f323ff207e1b031946ee4dbe6dbb2d45a4

SHA512
66c3351ce069a85c9a1b648d64883176983acd34c0d5ca78b5138b7edc2890b34408e8e6fa235258d98c105113d1978a68a15262d6523a82abb004f78b06de38

Download Submit
C:\Users\Admin\Downloads\Downloadly.zip

Filesize
15.4MB

MD5
fa4f62062e0cec23b5c1d8fe67f4be2f

SHA1
0735531f6e37a9807a1951d0d03b066b3949484b

SHA256
a88edca3b030046fe82e7add6da06311229c5c4f9396c30c04ab3f0b433eac6e

SHA512
0ffd333dc84ab8e4905fb76b3be69c7b9edba7f4eb72cc10efc82f6ae62d06c36227f4e8ada4f896e359e5ffc664d08caf76e15a40bd17e9384e73842e845995

Download Submit
C:\Users\Admin\Downloads\NoEscape.zip

Filesize
616KB

MD5
ef4fdf65fc90bfda8d1d2ae6d20aff60

SHA1
9431227836440c78f12bfb2cb3247d59f4d4640b

SHA256
47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

SHA512
6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

Download Submit