hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

max time kernel
102s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
01/03/2025, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
69	4060	msedge.exe

Executes dropped EXE 1 IoCs

pid	Process
5240	CookieClickerHack.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
68	raw.githubusercontent.com
69	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 73637.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 700256.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
3684	msedge.exe
3684	msedge.exe
3952	identity_helper.exe
3952	identity_helper.exe
3644	msedge.exe
3644	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 3148	3684	msedge.exe	85
PID 3684 wrote to memory of 3148	3684	msedge.exe	85
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 2380	3684	msedge.exe	86
PID 3684 wrote to memory of 4060	3684	msedge.exe	87
PID 3684 wrote to memory of 4060	3684	msedge.exe	87
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88
PID 3684 wrote to memory of 2632	3684	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ba2246f8,0x7ff8ba224708,0x7ff8ba224718
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1980 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2304,5077935424693412929,17971435855741794603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1680

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
1⤵
- Executes dropped EXE
PID:5240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5da507c2059b715761792e7106405f0

SHA1
a277fd608467c5a666cf4a4a3e16823b93c6777f

SHA256
8c1d99de087ac5f2e7b2afce66eff36a646bef46800c0c1d7737d6f0df74b7e8

SHA512
01c92729dd8061aa122b116a674c73bb78016f66d2cb8f7fb64907352758a825e87a1e345334386440699d2a6d1e17baccb400c5aee151eb64e64019cbebb870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c6e13dc1762aa873320bed152204f3c

SHA1
38df427d38ca5ce6ce203490a9fb8461c7444e12

SHA256
5c441148843b7c8dbff4c4a72962a532aaf0bdd484d07a03dd9a32fd461b1371

SHA512
133054cb042e11013bfdad1bd11e3407d08cf26a66d0743bea9708d261aa904a1047bb0097b187ecf8436cb6cff3bec28c89e435862cad0e0fa264799556b70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
21KB

MD5
129b8f911d37c967012f421cca576dfd

SHA1
024ba8955d15a12248906daa0bc0b460545bf7e3

SHA256
71facf58bfabe7fdab9a319f549e4acc1ddc69b9faaf4bc5dc4cb9a4a361ea66

SHA512
531732fbd9f7846af064131d00c3c233a7d06a3676b10836529e6c1b768c0684cc88202f69bf37b0deef245052e5c448acfcbbe5127a3c034eafb6af89fea899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
740768a1b8001995089b1d5c90e00245

SHA1
746edf3fffe9b9c901d3afde1d2ed8e62bd85b10

SHA256
a1463a24351343bc0451681589c104a4e50d60fa12313424243fb06366a76178

SHA512
c4e5338c5d7f6a1392c30e96288e859da04ca30cc921e26c2b51c3af8e536a4d1058588ab681f2336ee24a8e6a0086b3a1208d75a1037ed48249b788a2110d9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
f6b24ad07edab42c88540a87562c81de

SHA1
dd8691937a6a089fd58b9db56b6f599022b48168

SHA256
ab8d2b9c88df9ac33fbf60ee72a5d8c84d0dbb28ebc1de08a4bae02a8af8071f

SHA512
5fa8a1df39ee12048ba5817c1962cb897a3454d69d78ad4c40e0f72fe04c4ccfca674a2d629dba8376f2862ca587163435318d4cd7b5ab5c64ec03703322ae1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d57f9c521eac704d24923018c1eac9d9

SHA1
9bb8d65871d71e6c6ac83e4db3c0c1793259bebe

SHA256
b094bda4199fd4e03b4fb9dac1f452c2c9c7a4f4fe178f1c9ea2c53591996a57

SHA512
0ca55d5ca846cb170cdb4ce9f78edcf78f129837913436b5f777f659423e543b90d6f3702f9211944cd30bcab390d58d46a915018b0f180e19584c8df1e2cf0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a392b53c8fd94284a24994636578be39

SHA1
8bab186577c55ced96d6361d0be797009c874744

SHA256
b0f38561679da1a25b4670f04e2824894c02ce90fef0c6ce8e3aedf4efe31d93

SHA512
d368cb2882f1fea9e3133e217855b3667345236e2f6f52ec7b8f01843fc8fd4b9c5b2727d19b8aa809f0c30b3a600b0c38d32e5b13221c76b445941c1e208413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34103fbeb740f0661e8787ea84136cc6

SHA1
22c9cdfb3357e710a8a94c0ff89b29b2a016be29

SHA256
d721b00dc31c492fca9c87b89ebf49fbac928784614275567d92a95e532129be

SHA512
7ae926213636082d277ea86df1a9e849470a992c199658a6c7f537344ef5ddcb46aa6130187469e280d5383d6ebc434a36876d700d59045d333b32a5f77d785a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
03180683ed5cfa116a8c6f1c3222d6c4

SHA1
57dbce94c2ccfc72484edf462253d11087f5f566

SHA256
62dd39225538a2965fe21229e5d2fa5752eacf1b9ecf45c5eb8ef8576c517e5b

SHA512
0bf6332d20737e5e0388310746d3b1d6c670003f86f608044e39754fe7abc5483c29cbf71c9123aa8fb1245af1715186e0a0c2cef32ce6d491b817d24cac50b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
118d2961b7389dae193b17d004fe691e

SHA1
24dad41195c4fdb04ac4422d2cc7abf5e5d1b971

SHA256
4787a81d54c4087824522dce23705cbe3a953fa54c0a9294b94ca8d31403860f

SHA512
389b9c78d6613ebcd8df286f6466b8537b960f4f686fd00aa4191ea1d4df92fa6bc9607e8ec14582f5dcc3d85e78430c84b920b184ecd061b6f76ca1bce61989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
961c6d2fa9a446e4c557fe1372417b98

SHA1
0a507e57176d0950ef27802fac45cde7c9f44e38

SHA256
fe46d22d20460af24362df518917ed2ab0c86725e03f0cb7a390c228520e83f4

SHA512
d6cfc989cbe98727bcaec507fd758eb7ec3f4ad4477577a45f834e0bb6335f0dabcb08e7fdf1ec738d6ed952f51abe7e55c4b2d1da18c3abfaf214cffa456fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da62.TMP

Filesize
864B

MD5
5fced684204e679b931816900d3d9adf

SHA1
c2e0d2b87f4031b1337b8280b0740246e8c107a7

SHA256
1b2ea3bd17ded1f2d78667677d3bfed0a5b2d2c3625a8948d2b1a54e785c74fa

SHA512
0927ccb048dd7107f568b516c0b4d874c08283a4b8885d05f6b637712c433fac9ac55472ef374153ac492952b72ad71c8abcbd53a452c6c6b5f6eed34678203f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
188d20577a0976ddc34a5c3a82349c82

SHA1
80a2e3391d0e195a7b330f5c75d138ca5674ba26

SHA256
f1369b03b7524840e12cfa5b01885af7c1f7e4e1dd7fd51e0a156b8fba38fb4e

SHA512
07df2fb0a2d3775896f38a736dad6c078c2b75791b478d505599353b2df5501bef447ecc8ca616a57f09b37d10e741fe099ab8948ab26752728743d8f5d11705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a8cb51d015a048245a5d7c5b50b333f1

SHA1
3bd758715f5b5d962bfaf45313b9ab8b97f48f2b

SHA256
353fa48d597873cc9374245dc7dc15e08003c37bc34b8907db2d8c1a1a2f84e4

SHA512
0ffcc8ce6d68bbfd6b334e97ec543ec7d22a685de6fd1b05d3bbfaca4bbd34bab3f9532f224470207926732f04c359621a248cfda603da22a52a48b67e667582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3e353ed54e0eb1247a3188c693e096e7

SHA1
47fc59862b29b8cd1966360be046c661df0e8a3e

SHA256
2a0da13ce980abef4344c7fa80770e664c34df8138c64b98ea3c553402158f41

SHA512
8bef0fda02cf33a38e83c8fac3928aa1c7135415810994169e5fea739c6e882805287243d2d7013630345191a4d3f2beea118d2477721de00435193ad6e372a4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 700256.crdownload

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 73637.crdownload

Filesize
3KB

MD5
6f5767ec5a9cc6f7d195dde3c3939120

SHA1
4605a2d0aae8fa5ec0b72973bea928762cc6d002

SHA256
59fe169797953f2046b283235fe80158ebf02ba586eabfea306402fba8473dae

SHA512
c0fbba6ecaef82d04157c5fcf458817bf11ce29cdaf3af6cac56724efcf4305565c6e665cdcf2106c675ba0574c60606be81d9baafe804fc7d2d3a50fed0baf6

Download Submit
memory/5240-323-0x000000001B7B0000-0x000000001B856000-memory.dmp

Filesize
664KB

Download
memory/5240-324-0x000000001BD30000-0x000000001C1FE000-memory.dmp

Filesize
4.8MB

Download
memory/5240-325-0x000000001C2A0000-0x000000001C33C000-memory.dmp

Filesize
624KB

Download
memory/5240-326-0x0000000000EE0000-0x0000000000EE8000-memory.dmp

Filesize
32KB

Download
memory/5240-327-0x000000001C490000-0x000000001C4DC000-memory.dmp

Filesize
304KB

Download