hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke[.]98[.]exe

max time kernel
65s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-11-2024 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
5188	WinNuke.98.exe
5464	WinNuke.98.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
54	raw.githubusercontent.com
55	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 480866.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
3320	msedge.exe
3320	msedge.exe
3352	identity_helper.exe
3352	identity_helper.exe
2060	msedge.exe
2060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 3568	3320	msedge.exe	83
PID 3320 wrote to memory of 3568	3320	msedge.exe	83
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4596	3320	msedge.exe	85
PID 3320 wrote to memory of 4604	3320	msedge.exe	86
PID 3320 wrote to memory of 4604	3320	msedge.exe	86
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87
PID 3320 wrote to memory of 1772	3320	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7fd646f8,0x7fff7fd64708,0x7fff7fd64718
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5188
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:5940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8ea618b8600308ce04790cdc8e1116a3

SHA1
5a5bd47a3861b7d3e29a9b41b0a4e0adfbeea1b8

SHA256
371af84eff1fce0c4662a5319aa2e28f352db2653db02e2bbe2328651816c9eb

SHA512
8f1f6682705f4dba5e69ebe0ddf65a81a30c55c16fd08ad3778128c5306c1fac25328e259747da80c7ca58e58f720a8d6b5d9eeeffcf9c91f2e1f5f1489e174b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
163a4b9552a5e0451fdd91bd42b38cf0

SHA1
f28f10a9ffcb80e46f78b0458048ad410bee428b

SHA256
23381f9cabbf90eb8010965c241fffc21dd368e8af3de8fd6d5ce7b1b0658b06

SHA512
fa02bb26bfaaa11d544caf437f16ad7e3187d0835c8002e1b64816565849038874d611e230044919333ea902dee7fe8dbd539fcd630900a4f285ca43f8ec6070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc591730542111a34b56fe21552d95a6

SHA1
e53e0e40a1b4222d49f6b60788526812faa04bb2

SHA256
d9d1099a60de748be90bb0f6a4d1a2b0e9d1874f59854db992670dc406732113

SHA512
2eab9c73884cbe7a23084277decdc8357ab6e725d3f6bc467899514b4c6a243ca23b5c8068a80c1e57ed368c7b8d9475d86dd7b221daef4ffe9b1ceef7ae0eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
644216e574817ff4c8288950d6fe49e0

SHA1
e059b93f88314c0e846aec06969091a8f75a034f

SHA256
f9abe985862d116af466d1da7cb0a17b131a93e1274be56e1c0f2fdd8c8b0b0c

SHA512
d5ddfe8592ead57df2bd82ecf9e1972a4482bc68b92f385602c411e23cbcd7d09f047dd86b479f845e31fdea8e6e7fe0ac0979f90aaf0d4904c63d1915f89a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
982b47ce98ac372a924d21fd9b3ca8c4

SHA1
e49f8657844aa50b646fba2bc9392bb0875dc102

SHA256
688d533a192e165bf095e11d1a4d4c3d15ce3b7846f1124f75031deaadafd469

SHA512
ef8f8324128ca69a3e638c05fce3e01119c880c110cce807731c08b42345d07c1cc451a41194a1d12191ff961e6c3553ca4f1cb61e0a3f0ab365dd36fb02e067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
47de2b0d68ddfde2c14f97bf0475e65c

SHA1
d9aafa169d0630a62b831736b2be638657e034d9

SHA256
f199df9f21419c8be57c5503a420bb850bbf516c04d24b10f4192980f0502a48

SHA512
236b751de977139c9d8d9c64b0389bd33303fe59e8daf3f9e12efce5f5bee9e1a067445c67038b10a8806651ce02dcaa48adca496021e4c61b58366bd64f7eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63eb9a9c07ab90021ebb88c44ecd4f81

SHA1
532eaa917ca5ba27e0f48174a9206b8bdd3543b8

SHA256
40a3bcefa4dfe7992e81046711ee7872dfa082c8a33b4131e1a2c8dc76695ee4

SHA512
60afc2c92c04030b86d10c2016c234664c14daa8ffd2b677fc23aab8a1d2792141126ce388d146cdfb95b1ec02afe70d2bc0fa2fa7d8b036070aa4ca5b7170ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
76eede885b4ab1e73df71a0584a4e747

SHA1
ae5f60ba2fc6a397469167303b8a26f4b6425b2d

SHA256
85470c35b3d88b8d7b5367ca6ef4eaa24eccce155616583283157e84bc9a86d1

SHA512
f7bb32440995ad4009a8e84edada746250f32cb475a61ba35fac47f5b8178bf1d38f661b53a71dc04c9c44ae5af228dc9770742f7992872eeb14915614066900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d518308314040f3673bf5b16891bdc92

SHA1
22f4e1f36543fb16c71f63579dc0dae26e5cbdca

SHA256
823b3031cb1b6f0184f3d432ee1147487cc9e2d4e046e1d5e02a2986db20c873

SHA512
4842a00e088a055f64b0cb4cecc7d0ab00e2c467a0cb8de686e9b78d587614397b80e164489bfa3a98da94f72d3dd4f66182591b6d9f26776f9987e8dcdaca06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e167.TMP

Filesize
874B

MD5
fa6b8e4c09649c2ec5337a72be9d7067

SHA1
027bac4f37681206ec78f39ee64d4688070dc242

SHA256
24c62d0b1e322a73cd97e9ad8440cf44c7f3cf450cc217826d13b4f7822d426b

SHA512
782b5d629d5992d581efd55eafa0145a425c7bec220efc5a7b91b9e47c33f527979f23e161414da48f5be7a922b39896af85f91b02d724bff09e97175a385da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
177316f1e6369ffbe74ae790befb13ba

SHA1
3fce8214ffc8c51fe95cea1fc9289be05134ee33

SHA256
7c2d20bc7a83bb2b8b273097d460e3461fc5238eac6a4aadb7d9032a5c9be42a

SHA512
2d0d61b5fe9c8474705496bc2cf5358da00af7cc2a5f06cf4471eeb219cecc8fa55c2405514ba8b8e0b0649796ca0ad79d4b1866c76c7daaa064fc40e529ff70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e023d6fcea9642d8698e2315348ab6ce

SHA1
d970f3da04eeeb501fe111115d12e8b5d9514d21

SHA256
344a3d0df7b6e8154828d871ad92083fc61086916fc9cb15e1c22e4d2fed30f2

SHA512
d65f33439cf78cf16f81c1f6d36b3843fdcf63f4c497f6466071f45fc015fb6609de15b39dc2aaebc1136551d54c2961d83e8850a8a633ab6bb5f782e059f5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4642fd50cd02dacf787b99d65d31ad5c

SHA1
e5c7f093b09a76188cc7f360801d31256446288a

SHA256
79c381dd0eb17f20ea9ff6c112d44029d82008397ddea58f64e3c280085692b2

SHA512
988e74337370a72d9bfd22ae958e980f734558cc91536cfa5c814fc91ccfde49bb2d4714345324180a1a988135a64bc184529682824cbf818398af541b58b7b2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 480866.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit