Analysis Overview
Threat Level: Likely malicious
The file https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 13:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 13:49
Reported
2024-11-09 13:50
Platform
win10v2004-20241007-en
Max time kernel
65s
Max time network
64s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 480866.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7fd646f8,0x7fff7fd64708,0x7fff7fd64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,18144856058688480504,17154105614594908848,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5884 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
\??\pipe\LOCAL\crashpad_3320_SAZOHXSMWPEHERSU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47de2b0d68ddfde2c14f97bf0475e65c |
| SHA1 | d9aafa169d0630a62b831736b2be638657e034d9 |
| SHA256 | f199df9f21419c8be57c5503a420bb850bbf516c04d24b10f4192980f0502a48 |
| SHA512 | 236b751de977139c9d8d9c64b0389bd33303fe59e8daf3f9e12efce5f5bee9e1a067445c67038b10a8806651ce02dcaa48adca496021e4c61b58366bd64f7eb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 177316f1e6369ffbe74ae790befb13ba |
| SHA1 | 3fce8214ffc8c51fe95cea1fc9289be05134ee33 |
| SHA256 | 7c2d20bc7a83bb2b8b273097d460e3461fc5238eac6a4aadb7d9032a5c9be42a |
| SHA512 | 2d0d61b5fe9c8474705496bc2cf5358da00af7cc2a5f06cf4471eeb219cecc8fa55c2405514ba8b8e0b0649796ca0ad79d4b1866c76c7daaa064fc40e529ff70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 982b47ce98ac372a924d21fd9b3ca8c4 |
| SHA1 | e49f8657844aa50b646fba2bc9392bb0875dc102 |
| SHA256 | 688d533a192e165bf095e11d1a4d4c3d15ce3b7846f1124f75031deaadafd469 |
| SHA512 | ef8f8324128ca69a3e638c05fce3e01119c880c110cce807731c08b42345d07c1cc451a41194a1d12191ff961e6c3553ca4f1cb61e0a3f0ab365dd36fb02e067 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 480866.crdownload
| MD5 | eb9324121994e5e41f1738b5af8944b1 |
| SHA1 | aa63c521b64602fa9c3a73dadd412fdaf181b690 |
| SHA256 | 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a |
| SHA512 | 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc591730542111a34b56fe21552d95a6 |
| SHA1 | e53e0e40a1b4222d49f6b60788526812faa04bb2 |
| SHA256 | d9d1099a60de748be90bb0f6a4d1a2b0e9d1874f59854db992670dc406732113 |
| SHA512 | 2eab9c73884cbe7a23084277decdc8357ab6e725d3f6bc467899514b4c6a243ca23b5c8068a80c1e57ed368c7b8d9475d86dd7b221daef4ffe9b1ceef7ae0eeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 76eede885b4ab1e73df71a0584a4e747 |
| SHA1 | ae5f60ba2fc6a397469167303b8a26f4b6425b2d |
| SHA256 | 85470c35b3d88b8d7b5367ca6ef4eaa24eccce155616583283157e84bc9a86d1 |
| SHA512 | f7bb32440995ad4009a8e84edada746250f32cb475a61ba35fac47f5b8178bf1d38f661b53a71dc04c9c44ae5af228dc9770742f7992872eeb14915614066900 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e167.TMP
| MD5 | fa6b8e4c09649c2ec5337a72be9d7067 |
| SHA1 | 027bac4f37681206ec78f39ee64d4688070dc242 |
| SHA256 | 24c62d0b1e322a73cd97e9ad8440cf44c7f3cf450cc217826d13b4f7822d426b |
| SHA512 | 782b5d629d5992d581efd55eafa0145a425c7bec220efc5a7b91b9e47c33f527979f23e161414da48f5be7a922b39896af85f91b02d724bff09e97175a385da1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8ea618b8600308ce04790cdc8e1116a3 |
| SHA1 | 5a5bd47a3861b7d3e29a9b41b0a4e0adfbeea1b8 |
| SHA256 | 371af84eff1fce0c4662a5319aa2e28f352db2653db02e2bbe2328651816c9eb |
| SHA512 | 8f1f6682705f4dba5e69ebe0ddf65a81a30c55c16fd08ad3778128c5306c1fac25328e259747da80c7ca58e58f720a8d6b5d9eeeffcf9c91f2e1f5f1489e174b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e023d6fcea9642d8698e2315348ab6ce |
| SHA1 | d970f3da04eeeb501fe111115d12e8b5d9514d21 |
| SHA256 | 344a3d0df7b6e8154828d871ad92083fc61086916fc9cb15e1c22e4d2fed30f2 |
| SHA512 | d65f33439cf78cf16f81c1f6d36b3843fdcf63f4c497f6466071f45fc015fb6609de15b39dc2aaebc1136551d54c2961d83e8850a8a633ab6bb5f782e059f5d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4642fd50cd02dacf787b99d65d31ad5c |
| SHA1 | e5c7f093b09a76188cc7f360801d31256446288a |
| SHA256 | 79c381dd0eb17f20ea9ff6c112d44029d82008397ddea58f64e3c280085692b2 |
| SHA512 | 988e74337370a72d9bfd22ae958e980f734558cc91536cfa5c814fc91ccfde49bb2d4714345324180a1a988135a64bc184529682824cbf818398af541b58b7b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 644216e574817ff4c8288950d6fe49e0 |
| SHA1 | e059b93f88314c0e846aec06969091a8f75a034f |
| SHA256 | f9abe985862d116af466d1da7cb0a17b131a93e1274be56e1c0f2fdd8c8b0b0c |
| SHA512 | d5ddfe8592ead57df2bd82ecf9e1972a4482bc68b92f385602c411e23cbcd7d09f047dd86b479f845e31fdea8e6e7fe0ac0979f90aaf0d4904c63d1915f89a46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d518308314040f3673bf5b16891bdc92 |
| SHA1 | 22f4e1f36543fb16c71f63579dc0dae26e5cbdca |
| SHA256 | 823b3031cb1b6f0184f3d432ee1147487cc9e2d4e046e1d5e02a2986db20c873 |
| SHA512 | 4842a00e088a055f64b0cb4cecc7d0ab00e2c467a0cb8de686e9b78d587614397b80e164489bfa3a98da94f72d3dd4f66182591b6d9f26776f9987e8dcdaca06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 163a4b9552a5e0451fdd91bd42b38cf0 |
| SHA1 | f28f10a9ffcb80e46f78b0458048ad410bee428b |
| SHA256 | 23381f9cabbf90eb8010965c241fffc21dd368e8af3de8fd6d5ce7b1b0658b06 |
| SHA512 | fa02bb26bfaaa11d544caf437f16ad7e3187d0835c8002e1b64816565849038874d611e230044919333ea902dee7fe8dbd539fcd630900a4f285ca43f8ec6070 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 63eb9a9c07ab90021ebb88c44ecd4f81 |
| SHA1 | 532eaa917ca5ba27e0f48174a9206b8bdd3543b8 |
| SHA256 | 40a3bcefa4dfe7992e81046711ee7872dfa082c8a33b4131e1a2c8dc76695ee4 |
| SHA512 | 60afc2c92c04030b86d10c2016c234664c14daa8ffd2b677fc23aab8a1d2792141126ce388d146cdfb95b1ec02afe70d2bc0fa2fa7d8b036070aa4ca5b7170ee |