hxxps://github[.]com/limiteci/WannaCry

Resubmissions

29/01/2025, 05:52

250129-gk27davrhn 6

28/01/2025, 20:00

250128-yqyjtazmey 6

28/01/2025, 19:57

250128-ypnm8asqcl 6

28/01/2025, 19:52

250128-yltp3aspdj 10

Analysis

max time kernel
83s
max time network
83s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28/01/2025, 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/limiteci/WannaCry

Score

6^/10

defense_evasion discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
41	raw.githubusercontent.com
4	raw.githubusercontent.com
13	camo.githubusercontent.com
22	camo.githubusercontent.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Adwind.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 534995.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Adwind.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4996	msedge.exe
4996	msedge.exe
936	msedge.exe
936	msedge.exe
2888	identity_helper.exe
2888	identity_helper.exe
4056	msedge.exe
4056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 3428	4996	msedge.exe	78
PID 4996 wrote to memory of 3428	4996	msedge.exe	78
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 1036	4996	msedge.exe	79
PID 4996 wrote to memory of 4964	4996	msedge.exe	80
PID 4996 wrote to memory of 4964	4996	msedge.exe	80
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81
PID 4996 wrote to memory of 4296	4996	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/limiteci/WannaCry
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff16c53cb8,0x7fff16c53cc8,0x7fff16c53cd8
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,5298334112821015817,1106763815709629857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
5873d4dc68262e39277991d929fa0226

SHA1
182eb3a0a6ee99ed84d7228e353705fd2605659a

SHA256
722960c9394405f7d8d0f48b91b49370e4880321c9d5445883aec7a2ca842ab4

SHA512
1ec06c216bfe254afbae0b16905d36adc31e666564f337eb260335ef2985b8c36f02999f93ab379293048226624a59832bfb1f2fa69d94a36c3ca2fdeebcdc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
edff034579e7216cec4f17c4a25dc896

SHA1
ceb81b5abec4f8c57082a3ae7662a73edf40259f

SHA256
5da4c64f6c1ff595779a560e215cd2511e21823b4e35d88f3ba90270d9244882

SHA512
ab2dcd1628a0d0cadf82eebd123526979e8cf0a2a62f08f1169d4c03b567eca705bd05a36e5ffa4f6c3df393753b03e3daa18122955dde08fd8e5b248694e810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
99c59b603e12ae38a2bbc5d4d70c673e

SHA1
50ed7bb3e9644989681562a48b68797c247c3c14

SHA256
0b68cf3fd9c7c7f0f42405091daa1dda71da4a1e92ba17dad29feb00b63ef45f

SHA512
70973ea531ed385b64a3d4cb5b42a9b1145ec884400da1d27f31f79b4597f611dc5d1e32281003132dd22bf74882a937fc504441e5280d055520bfca737cf157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
26KB

MD5
525579bebb76f28a5731e8606e80014c

SHA1
73b822370d96e8420a4cdeef1c40ed78a847d8b4

SHA256
f38998984e6b19271846322441f439e231836622e746a2f6577a8848e5eed503

SHA512
18219147fca7306220b6e8231ff85ebeb409c5cc512adff65c04437d0f99582751ccb24b531bbedf21f981c6955c044074a4405702c3a4fae3b9bf435018cc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
58KB

MD5
661a834198bda03e78cc41a9a314a01e

SHA1
57d2f99d873dc69774b4aa8c9752167f812404ec

SHA256
b24d78c41342048ba6f3f91220e871140c411bb42a49e51a6856bd7ec7d58766

SHA512
fae1634cfcf5b63cfd527e2cc3849b59307dafcd03cd70568cb10ffecaad721acf21c0565c5fa22083f6d4d3e94c7602f3d05b014478ad9b1da203f326504e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
40KB

MD5
e3dc3c316e8826470d225951a41c188b

SHA1
a749640d293a7efed1b476bf70b7c25a4020173d

SHA256
a5bafb8903e256542d752287d77fd6970fb6674329978587f58bebcfff8cefb8

SHA512
5e12bf68dadf4cad0a1cf7ac7578bd794d4e62f2742889fbb8bea71aeca61c6d0a9e7fb23a866cce6a5480f31876b345a5bb168e6beb2fab9aef135cda503aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
18KB

MD5
0346ebe73b21667ad74c6e0583a40ac7

SHA1
4c75eafd2ac666700a1e7a36845ef859b1e8131d

SHA256
9df525b3192d1c859c90a82abbab4b5de63662e1374de09fbc381b55729a8d3d

SHA512
e27348c6f0f91f8f06d7bf9d3c5cb4b15d2cd7a0f8badc4822288bb63b740985798c96fbbbf1c30d67c59c58f08bcab5316f85a0d4876b67c27172db1a2c4e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
107KB

MD5
299ca95cc038a95290e1110e037c96fa

SHA1
cb9cbfd904623ab7287bb019c0eb0c48bfe5a4e2

SHA256
9847c0208b4c74a399438b062467820f9023534a5358fa5d6b28a4b0c18d033d

SHA512
6b61806258b2a02aa968c0ce55429adf5727af4420547532c9db10ae832f1e3abbf70d08f6c69e590d1823b6699685b0c153314ce113bf85d346f4dba0c97cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
16KB

MD5
cd4e82b46e4da434142a43b103c70d82

SHA1
c90880a374cca87c8db41b629e803cba3412f14b

SHA256
7fac6df5eda28d747100a7de800f01581d46fc81adfb53e5f6597e81ced06613

SHA512
89d38702ed8b7eef95f287012b3de691cca0c191c673ecb7be8aff9481f38e6669ff9b3b422b4e92b1d4bebac4d4e67811cde421b422728930c75962f989a6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
67KB

MD5
13801b5cec192dbc16e01ada10e00cfc

SHA1
95f0ddf3941e63494a8d2af5b83f49db4174792a

SHA256
9a980e9153607ca7e3c20d814117b9edc0eed11132f9311e785159f21336b6bb

SHA512
81a9ae07f4376011f8f7c59d391eb8e2e6cdc268ef907f33ed73c00777a6d176123ccc494185b677cfd8e086df7de14ada462b35fe4b00c010fd950284d562c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b7a88ed5c0832cd45828599407119515

SHA1
50bbe309eaa395779504f0493c6ab197923f7adc

SHA256
a855b4934b019442c261c4b5c66cf96ceedb6c8f52e47b19f8c5848d581dd48e

SHA512
c373fa1891e644bed445fc0fa292d579424af055ffe4c0e784a0141c1d701758c8a1ef8cac1dcf0945b89b43abce6f6e359053003261e2fe1533e5204902920e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
941B

MD5
52386d7c0134227ac2b719a571d81493

SHA1
fc3b23ec88eb44886674030e798de76f343cd93d

SHA256
6d50c6a345af8dca345024f10f2918689c1c13f4228b37c4f1ec2833bb7b881e

SHA512
8925d007b3e76975ae509388840ec97bdbb8f33eb3b7dc72f0e47d03f3c89b33381832682b2af7cead6cda319894c64692745a5d27e23b6854667a0271e91ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7373605e835fbbd609c03c2f690e724

SHA1
c9976d180b24ba631714291cf8fb9dc2264965e7

SHA256
01bb2c285e2d1038a05de4b917b6e310c37c0e648a41ef6b44f05809d61dc6eb

SHA512
9a5359c5d92f4f9a943422d71b57f71704fa8e790a250ab82ad77a6ead51fe5487877ca466916e641c46409a62d2dabfd1f83f934ac4d8ca65c3095ad59ae1e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
170b5c828856e4c5bd73d58c191865f3

SHA1
c8fee6a8fab68afe6dcea7e8a4c6e5a0942634ca

SHA256
a3be060a1cd16361ddff25cd74afd645cc141a73cf1dbb8dd67b7abe22115aff

SHA512
96544d692186f9cd84269d2dfe763f9a568b3516d1ef8ed8585aa0ab056cca460848d3163709a241aa6db8900f1433f8c0397a0e947e1a873ac187ee24196eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0fdd26f5afe91c9c0e1f1a0b463b45e3

SHA1
70be457f617d64ca02500662fc559edf92d96769

SHA256
f3c0428ab38fbdc90d13fae2aebbbecfc51f1f51bbf42a95414c6c68b205ab7b

SHA512
fdf7e6e34e64ab3abab25bdc3879ed779409f7a0141d748ca39c87c37d8666622f0c5630a956ad0a493285f93bce3c7322794fa915202eace9a43818b5d441f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e07f700056fc678e34e2e9f2d1511da9

SHA1
68f46a06ed1595e29df8526bdf112ec7cdc9c155

SHA256
e648309e2e94d3bb60878059998ad41c70884e3ca202a98f75cc7dedc86317b5

SHA512
f224ff0b17e06afb95371a54f931aee3ffc93e4cd54b9523c9cdd3256927f26c41a99418a409c2f94bbf0d1ffa950358ea999d7d7d316a0ea64d7b4929119b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6358b15a98eaa3027ad46e98285c37f8

SHA1
e25d0d023a30d383d550cadfe5262a545b3e6eb5

SHA256
4d68c26105a3a7fa6d7b1cd98d1ee70fe6e089966f2f4ef2ce2720a568119046

SHA512
0fb85b9223d8f2f9657145326ce8b9e9ea42aae3d6ee99e86a18a4e3b472fa1eba619b728b002742110c01e95a97a09a82c2092c51528392604b970ce091cab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3dc4f9cae7fba2d6f450411b0a3bca86

SHA1
3fcad5e22cfa27887f6e5f3822ac146653bbab24

SHA256
d24a8129459503ce61aee75bff65874da1a0bcae57016323d97fadfa4153b9a8

SHA512
2b6fcf0ce730c16efa6485c08026f1b8a72e4764ab377840a4b4544498fadf1f35d548761a33d99388e3ffee6480f8a883a1f0a2c0cfe6383deb5e1956d2ef5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b96c4faa794d3fd12169e6e59d7ff267

SHA1
6559b8b11404fb1cc3d80b51c0eea712e67e543c

SHA256
7987306e08615fc56b4635a3df2af005073c57b013f653d0d10718e1fd980dea

SHA512
062c7f12c8c621dc84212b6919d3952230d47b082cdff1aaea0f19f709e5f58a0da0c24583c6ca4d8c4b18cc093b74835c88fb20978d0bd68c97f69c414686d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8b0b9b8be8cd0424b9fb03a96ffe79f

SHA1
9147bffafcb5b354baf25aebfe29c29b52b31661

SHA256
177d256d241f4f79c635738ce01653d993abf17c470abd45335f52df182764a2

SHA512
06d31709bb0e9e2fafc6994b1a0c544b575d5488e038e8331bb2d0d542c4c69330ba6d7fa1958d89b30cec2f20c535c02c94682a60c25e5aeb0a23e1fe912840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f138190bd67b4e8268a3cd70fcb222f

SHA1
3d60d6e7cf0b200e575d6e3fd7f0272189473f28

SHA256
1e2eba3987fe5a6b9c9995d7e34683c589b31d6d6ee0d525615fd4791e3b0536

SHA512
d3ded0b752f60c65c07951e4cbb60c2c5efa943ab50ee9721d9a65a805725a21a6e4d55bb254d7de5b149c1fb89112d4644cdd155c888cc2378c53eb5f38d3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ccc6.TMP

Filesize
1KB

MD5
11c06dd80007ca30ec61bef1ba77c1fa

SHA1
c07d153560d8329ec40a9d7aa35551ebb7ef02f4

SHA256
1efb3bea83e640dbe06e9b575268871bea451ef6cbb54503f465a18ba3cb44e3

SHA512
bf6adcfe3e26e994ecb012c3635f401c162ea09ef9279797243effdc1f6806f6d5f8f678677503cdbb9ea895adbbb729a0c69ba217ab207a788b993d2ff38d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f3287561ea56f4c3cac22a4a69fabca4

SHA1
b2e2d3511963688b8c97f9486fd96b1502a45b2d

SHA256
6ee8ef627e585d1a1e8e209d055cc952b0b591957f469561065854d32c37bd58

SHA512
0858c9c785a6ec2ded6b51cf67f6c0803de55a0fa89394629d48503f235a64a7d4d761572e498033c1a25eb0d7e21d15922a9a67769d12365767eea600e010ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d75bd9e1df370ae6a1d32e33b4165d1a

SHA1
5f117302fd4f53869ea0d87d7064f4864a1827ab

SHA256
81b8f57003b795b260dba784c25d25a479c56643863a93702acb8176d80000e5

SHA512
1c5b99bab5ad2a1fd3b6af0b9776ff9f7c5ef761e0ea881009f5dbcc4cfbe22ebfaaa73ac65396d1fafa6b454f42aa8f93aeee3730bc31c520b0a1504acb6283

Download Submit
C:\Users\Admin\Downloads\Adwind.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 534995.crdownload

Filesize
5KB

MD5
fe537a3346590c04d81d357e3c4be6e8

SHA1
b1285f1d8618292e17e490857d1bdf0a79104837

SHA256
bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a

SHA512
50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce

Download Submit