Analysis Overview
Threat Level: Likely malicious
The file https://tria.ge/submit/file was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
ASPack v2.12-2.42
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 09:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 09:15
Reported
2024-05-09 09:20
Platform
win10v2004-20240426-en
Max time kernel
319s
Max time network
316s
Command Line
Signatures
Downloads MZ/PE file
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Avoid.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Avoid.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Avoid.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{255EFC5E-4C2C-4383-BC55-864902132A92} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{D7CE27B8-D872-4700-825E-BEA3E3EF9FEB} | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 880604.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 499674.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/submit/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0d246f8,0x7ffed0d24708,0x7ffed0d24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6672 /prefetch:2
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,3271364704162865178,11796117602987046317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8
C:\Users\Admin\Downloads\ChilledWindows.exe
"C:\Users\Admin\Downloads\ChilledWindows.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x300
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tria.ge | udp |
| NL | 154.61.71.12:443 | tria.ge | tcp |
| US | 8.8.8.8:53 | 12.71.61.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 234.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| BE | 2.17.107.112:443 | www.bing.com | tcp |
| BE | 2.17.107.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 112.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| BE | 88.221.83.193:443 | r.bing.com | tcp |
| BE | 88.221.83.193:443 | r.bing.com | tcp |
| BE | 88.221.83.235:443 | th.bing.com | tcp |
| BE | 88.221.83.235:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 235.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.75:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
\??\pipe\LOCAL\crashpad_1352_GRRGDDSTTRWLABFU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca669d29d03a9fc2c06e5ecf9a876c87 |
| SHA1 | 9f5ef205651b25aa739fe08f6da3b74f7437fae2 |
| SHA256 | 7599bbb64986245491bce8bbabac303c9520a2bf7852560f8807048e01c81ecb |
| SHA512 | 6a1d7178ee4a49d793d9b120a17db823e7396c020619e226ccb562db55a3e067f200bd88df8073b48a537812e580046699aa71b8ab8ff18d0819fec070992ce2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7d8a6226-b3c8-4260-9a5f-d9f2b18bc498.tmp
| MD5 | 774cf99c819b5fe1bda0e2901f8c83e7 |
| SHA1 | 94d9bf8e00c756c53dd940d22afe216c67f88bfb |
| SHA256 | 91502110df07c3f32cc08d61ee73904b03a640d11f6ffd25e3ce67778171fd2a |
| SHA512 | bb5355fba914c85f728a63408cc6328c468ad5acd743327617fd6ffc88cbccf7dd0f962412aa083a886523e862b81ca6bea86de1ae7babdc3bea92a0e6abb352 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11d97cf376de5cd607e8aa10136f1685 |
| SHA1 | ea0e8f6daeceb122ae1e40bc904b5039a9b9be2f |
| SHA256 | a7ce4c7bb266e0606ada8a6b1e811dd6fe103fcff06e18793d9212a0c7fe6678 |
| SHA512 | ac22038e6e0c100648100ccff116bc17fa0ba9de002c6e58dec1d4026d17938ae79f5093d32841c00dd129c974e582bf120a0c71acae7de69b298ecdbf60e3f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e75c765a572fce09fb2d10215e6c9845 |
| SHA1 | 8d1d78bd54bda85ddd710fbde75ea85cb4eb5acd |
| SHA256 | 1a0316556e71feb454def5e8bd3cb50cb8080b82d36fd7d76da3a202bfe4f7c5 |
| SHA512 | dac2636a69b9f0740c667b4c83543a82e1c6cf544accc858aa9fd9be66047e9ca9ad8a64b31cd4715a14dd67138fea6904d72303adba28ca6ea7f914db32e4be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 403e3dabd58457f69b03037aaf8529ea |
| SHA1 | 8fd2d7f305fc511b84c89a216d03e56a113f3b87 |
| SHA256 | 1dcb88b7c8d2ddcfe0a02d7444c768be3d597101e3810c0114c4fccef753a5d7 |
| SHA512 | 84ede23278cdec5faea320859a2a416ec35d4604210221525ca5bf9bed9aba4d6cbd71a127e4dd3608f60f4d9fb817326be8790f23aa3cfc9fd434e4428e68ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf46.TMP
| MD5 | 3547e2e6f128475ae4a5610bf96a0d01 |
| SHA1 | 8476751265a281a1a9fa9ac267cac2a9a2bb846d |
| SHA256 | 7d4b88417dac9a8bf8b2621b29860d230426b29b5081a848bfff34168a41da95 |
| SHA512 | 21dde1a5bb3f1e4155ffb8873da2d6b9eae4a7803bb1f0ade1b1ff0490ab8267af1f40c8db603a49a1189021b2d175ed5d817de4998649bd62681975d01fe52b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c2bf90b634f7f3fd24b17f198648769e |
| SHA1 | 8cf89930279e564981dbfb559774a31f08c9b553 |
| SHA256 | f6c56b4d9d15e78bbbb7c5bcf14983653969c7abe173c243b7df51d0576773da |
| SHA512 | 831fd8933123047c0ea03afabc73734535aabf9c73c6976c40cc329ca001b63280540ca43f000721ae1f4d999da46174706dbc4efb70a1d7b9f81f7b3e010845 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 169c97fe0bb29657a682810dec4e2db2 |
| SHA1 | 6f3fa0d0f3757fe2c6ade45ca59925af93f2d178 |
| SHA256 | 2e71751ba267ba63aaab8eaa72061a6fda3a827e2ff73a5f6fe713da45927265 |
| SHA512 | 5e1a49c9bdb9c680e0fe8699e0c229de3d926a139e05ae2f3fb4ae028787e167ba200a8e2406fc7263b479b1a8c701d1d14dcd38c9d11338c26b94710188f1b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 312d12b63f78a920e6ec76786ccaf26d |
| SHA1 | a38d4c0d1c9c74fb9f4fd7c040e885ab877eaec9 |
| SHA256 | 691dfa62afa71ab17bb7968ec2ce1cdc7ec8244cced475a2d3d563dd92e6d490 |
| SHA512 | f1634cea2cbdaddf1f637ac78d75f7d0bfdf9d9a07aab66e5ce94c20b6d103c78edab208169c526cfdc5310ebbe380ce9cd3a43b3095a110b0c3285ab5e07ad0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7059718ab9bf1d6b6955ee041f59543f |
| SHA1 | c040d1815788396be603f9659e4cf9bfaf83f6aa |
| SHA256 | 9bb8f280ff6fbfaf52e04e8500da682db83cb1d79729e328ff63bc0f0162c884 |
| SHA512 | 062fa0e1b13dcf61b08b3bf688a74dbd4c0af9015b4f5554b0695a692a5557c8b8b2775c43d9b508d22b0300cf31653520aa97c07d0f58a49357c21a480d71dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a584498a86f716786c4c931671c21b28 |
| SHA1 | e8a8c7a14c49de47971420ba01419a3c49921be9 |
| SHA256 | 4ef96ec5357ccc8faa95a7b1c94c220ca8c532fd6ca968f757d7ddeb308ffaf0 |
| SHA512 | 8906cddb15ba82c1d85eff53f730607e7b74117223012b600c87f957311b000cf31980b3f9357ba2ac0846e05e010aa05ed5fd314035362438d897d8ffcb64c4 |
C:\Users\Admin\Downloads\Unconfirmed 880604.crdownload
| MD5 | 20d2c71d6d9daf4499ffc4a5d164f1c3 |
| SHA1 | 38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8 |
| SHA256 | 3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d |
| SHA512 | 8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5efb5e5101789a8882d88f581081d675 |
| SHA1 | ff4e2e7cfb18e0f83ab98c16ab6b08e4937e7ff3 |
| SHA256 | e889613971b186b3bdded55b9f3d9314ef3f145e964af9734126f9d11467225b |
| SHA512 | 5f660c8ab3f08b6b04def250901360f8102c1055da1f06d98e7e32127225b5b5943e54b6dbeaf4c7ccf17c05046f8523e5d79560c623f0f0e68372d68fafd4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4c5de02cc0423f6c1b28da5fc99f1fb1 |
| SHA1 | 011e0381f73f605fbe0f9229dc0be821179291e0 |
| SHA256 | 1eb54932e76e94422c2f8478f6bf07d93ef618cdfd5440740932437ebc152105 |
| SHA512 | 70c363bd2ad75f9de580ffe37ac2d26f1ad18ab0838b77bd169964107d6a1972b9b05e5f494be221058aec508d8247bdf89189a1cad721f27daaa2870ce9b589 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d4b0e7d8803b2a91cf35ce8781a87a2 |
| SHA1 | 61fbdfe0c1c1a7784d65897094db8d9e95543986 |
| SHA256 | 9d3f88bb3cf8d617e84eeacaa25b43cf566c8578d00fe5ae88bea032fd00cd46 |
| SHA512 | 073d5e45c29238384b7c22bd1e536633a01cdd9e1f2b300cc800eb61295fb6959e972eb89cea24a1a6a4755441e9961d0e770581baf4627e37697b54ffc2559d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a287b2027ebf903254c9558b80c84ca |
| SHA1 | 19995414b0afe47b5bda2d50ee60986bfe51ea00 |
| SHA256 | fd55dbea814dd3a92826a8bea3cb4ac1d44356dfe7675fda5b8139ac081eec55 |
| SHA512 | 7596f79f77831cf343383f5c7d22b32d5ae41369823cf34647d8517c5765248ea12c689ab542bb1c9af4c43d6efd3d2da0dc1842324b2bc6a308918729144042 |
memory/6012-558-0x000001DB57380000-0x000001DB57381000-memory.dmp
memory/6012-559-0x000001DB57380000-0x000001DB57381000-memory.dmp
memory/6012-560-0x000001DB57380000-0x000001DB57381000-memory.dmp
memory/6012-565-0x000001DB57380000-0x000001DB57381000-memory.dmp
memory/6012-564-0x000001DB57380000-0x000001DB57381000-memory.dmp
memory/6012-570-0x000001DB57380000-0x000001DB57381000-memory.dmp
memory/6012-569-0x000001DB57380000-0x000001DB57381000-memory.dmp
memory/6012-568-0x000001DB57380000-0x000001DB57381000-memory.dmp
memory/6012-567-0x000001DB57380000-0x000001DB57381000-memory.dmp
memory/6012-566-0x000001DB57380000-0x000001DB57381000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a52614499e48324d32c60f8bef2462f3 |
| SHA1 | e7214fecd1064ae7e0a0504dcb6a11ed59c4dfe4 |
| SHA256 | 3ac4f7f08df9d5ebc683cc6475212db9ea932018881586f2e840d899f179ca20 |
| SHA512 | 4e303117041a48add1bc878e258839b426624de7e64070bcc47dea9d7434d508098a7c073deaf464f294fc25977248d1ad5331cea95fcf0cdefaa97e5e1fdf35 |
memory/4876-604-0x0000000000400000-0x00000000004A6000-memory.dmp
memory/2936-608-0x0000000000400000-0x00000000004A6000-memory.dmp
memory/5324-612-0x0000000000400000-0x00000000004A6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c20fa4d9dff15a3e24ec538111da427e |
| SHA1 | 7dcfb2d250486f68072f0397f868095f3f7fd828 |
| SHA256 | f6779d1ddf4ed2ef9710a048cc66e9b35dc1d9b76164aa89607c0c1b7d8c507e |
| SHA512 | 03b59295c9fc8d81cacac58491e5e20afb9b48da03ce36eb6b810d43221d366c0c3345a9dc56d6867c6967c0d94d0f7db04fb4acb36ef518b8587fb5e001c3f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f91f5adbda28256ec57c1a0cb3cc8c8f |
| SHA1 | 7c135c36d26038bf74064cdc5622cb1d65574bab |
| SHA256 | 9412564358919d34e7d9d8a98afc05523127630b64ec28e43c2d608540c6cdad |
| SHA512 | f7ae6e45431564c1b2553b71306eb4989d3bde093581cc9f7ae65ed8850e7c6ba7d049a102d06308bbc766dea3382522c6393e9f3ebb4bb66a5404a246603870 |
C:\Users\Admin\Downloads\Unconfirmed 499674.crdownload
| MD5 | 6a4853cd0584dc90067e15afb43c4962 |
| SHA1 | ae59bbb123e98dc8379d08887f83d7e52b1b47fc |
| SHA256 | ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec |
| SHA512 | feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8894ba91656fefa8499b35cd194a56ae |
| SHA1 | 11b0eb7e9517c4e462ac7741feb9baab7bd43d5d |
| SHA256 | 777a06bd8c7bdba5d97d37ae340ff0b72c3e93d7172d4e50ecb82d5f0d466947 |
| SHA512 | 5e14faf763ab69af95ccdb6b3d1bccdefcedaee78059e0911fb5bf36018307efec3d065965a1f38641bad4a7331ba90e564e8f8a78b342f7b99f17e00777a76c |
memory/4888-701-0x0000000000DC0000-0x0000000001224000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/4888-715-0x0000000021B10000-0x0000000021B18000-memory.dmp
memory/4888-716-0x0000000021BD0000-0x0000000021C08000-memory.dmp
memory/4888-717-0x0000000021B90000-0x0000000021B9E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 563088ad0f20fabf9dd62c6ba8ae1636 |
| SHA1 | f9cd2fd153afa1a12ff990cf27c32b8c9c44e878 |
| SHA256 | eb897bf202d32f067728f1b666eb16e9926557efa8676b72db11411013030184 |
| SHA512 | 8229dfb1d96b6a34b91b1e5c463833e7859331be880f585c48af1ba0ace0465ac755c7f22a9e6f30284266165f850e8f85af76157eea8136b2d6f79db02d3092 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9401724bfc0adc42fc19dffe681469c9 |
| SHA1 | 8e8394999fee9aea3fb750bc6d6622a999de3848 |
| SHA256 | 9bd524ce90a37f344b1de81ecf8c96af22cd9860a0047269aedb922e725227b2 |
| SHA512 | f0caccd279cd171bc9f001e9e0a2be4c0ae98c966cc3f931be09f5bb11d6bd3f33fb8452524f29f356fbbc27eaccd925911d0bd32932686fed9e2a4b92e3be66 |
C:\Users\Admin\Downloads\chilledwindows.mp4
| MD5 | 698ddcaec1edcf1245807627884edf9c |
| SHA1 | c7fcbeaa2aadffaf807c096c51fb14c47003ac20 |
| SHA256 | cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b |
| SHA512 | a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 84afea6d3742c077435f0eb15651015c |
| SHA1 | 1b62fb75d437c12757505af101767d574c76f447 |
| SHA256 | 49f8cebf3d2fc14d80d85eceb853841a2919f57a8847e7a939deae06c0ed65ba |
| SHA512 | 9081c008499b030bccfbf2056da8f7dc1cc08b26a75cce84d7a5bd29bb158d9a5a78eef2a7ceb094c2e91ed58b8d090ea8eb78e7a3fb8186c0e20472a228f486 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64a2b90a4177eca2011ad9f3b4c3ea8a |
| SHA1 | 03365aecbecb1dd85dc1865f4f138e1ec68a2a4e |
| SHA256 | c589a501e799ba59fcb488898104a774d07eda4e9782776568b5bdbfe20c58d5 |
| SHA512 | 71e98b1f4f5ec5092fee3c9cf35204624a4c8b19a9e044d9283aa2b8eeee6bcdf09582e8b193375a06e6beab87390409ea0c54341e8153b295e309deb8c5c89e |