hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke[.]98[.]exe

max time kernel
81s
max time network
79s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10-11-2024 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
2860	WinNuke.98.exe
2068	WinNuke.98.exe
3232	WinNuke.98.exe
3400	WinNuke.98.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
70	raw.githubusercontent.com
71	raw.githubusercontent.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\480f59ca-4bfe-440f-9fb7-65e0d036aa2f.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241110100310.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
5032	msedge.exe
5032	msedge.exe
4536	identity_helper.exe
4536	identity_helper.exe
556	msedge.exe
556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 3692	5032	msedge.exe	81
PID 5032 wrote to memory of 3692	5032	msedge.exe	81
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 4948	5032	msedge.exe	82
PID 5032 wrote to memory of 2712	5032	msedge.exe	83
PID 5032 wrote to memory of 2712	5032	msedge.exe	83
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84
PID 5032 wrote to memory of 3920	5032	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7ff8f64f46f8,0x7ff8f64f4708,0x7ff8f64f4718
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2320
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff680185460,0x7ff680185470,0x7ff680185480
    3⤵
    PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:380
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2860
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2690546906287196244,11924376011497438477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:2644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3240

C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
1⤵
- Executes dropped EXE
PID:3400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
63716c70d402b580d244ae24bf099add

SHA1
98a3babcd3a2ba832fe3acb311cd30a029606835

SHA256
464f0f2ca24510abc5b8d6ca8240336c2ed1ddf5018fbadb092e18b5bf209233

SHA512
dfe1a5831df6fa962b2be0a099afba87b1d7f78ce007d5a5f5d1c132104fdb0d4820220eb93267e0511bc61b77502f185f924022a5066f92137a7bb895249db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0f09e1f1a17ea290d00ebb4d78791730

SHA1
5a2e0a3a1d0611cba8c10c1c35ada221c65df720

SHA256
9f4c5a43f0998edeee742671e199555ae77c5bf7e0d4e0eb5f37a93a3122e167

SHA512
3a2a6c612efc21792e519374c989abec467c02e3f4deb2996c840fe14e5b50d997b446ff8311bf1819fbd0be20a3f9843ce7c9a0151a6712003201853638f09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a02878ad105a53f80362b57678589128

SHA1
0f1b38cde7c16b2e95666ef5dcb1fff7c07ac7a9

SHA256
1808715de02fd45e5d76b00199c2ecc4044d46b9d70c50c61791994c8b4f7e82

SHA512
16e34e4a5c1b193a0a9b292fce1e9cae00d6db7d2bb4b04aaba7ffbe976ccf6fe74d22325d7bfa4a118705ddbc949e0df40c7ed9ae023959c0a45557db3cd2ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580356.TMP

Filesize
48B

MD5
c203bf9f3c2d75240aa05bacbbb8fdfa

SHA1
8f45759bb838c4b420df8fd8ff4ce308aba60fba

SHA256
380f6e661963bbe5304512ce3ebacc5f55b9005f0b124e31f38e8e72269cb98a

SHA512
58e8e18bde3a549939d40cd2066005284ca15acaf4b6f42eaa0d09be575f3fe4459ad04d85ecadbeb867f1c81951b40fd90d8c45eee0cf08814f45efb3731856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
ed5f4213c17629776cd75510648fc019

SHA1
ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9

SHA256
e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87

SHA512
71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58c196.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a9fd0c22f147c5ea546fd6330e382b5

SHA1
61121298c672f664ced6f17e1a7448960b054b27

SHA256
a294ccbdf0e527193c618ca1067ae71283fc708e642a435fc66500f255bcdabc

SHA512
c7e2d5f335100facb02497dda2f48149557bab85c4869f74a20bfb25a9d216a7d8510b080aba2d07f3d3baac322cc189f838b781f76f9da4c52a74a3f4fce4ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c511e1d79d7b37cb93e9aca3242a2ed4

SHA1
c1a5a24a2c764ab061220f0b73a65d8ccba86e9e

SHA256
4a6c628a5dce8a226768b2e4a8f216492dcc39b3cf36035708a5d0c0f3ad977e

SHA512
fb6b64780b1d887c9b0f7a19ccff42e97778d5b214b78ae9c6b52ab4841210a1b01944b464bc7b8bd2c9a681956b5a7820de139487b4d02717b71f0ffae22624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3c8015b68920c5ce8a786b46944813e9

SHA1
31fb8bc329635b09eeef5e4c909f0f96c7824eed

SHA256
a5290be23becb12c49c826b379d2bc2e5df49cbc3d7fec7121002574fd3b5c5a

SHA512
6569a79cb5398a212a5aed1e1253dd9508f2cd10922b9394f296b45228aab0421cec1ebfa953411a0b23e0fa7a15b4d2ef990635e07584f63bc04ead2e87efb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8052bee0c17f86d709e5e0da3ad49608

SHA1
239f9ab08dd1fff59562beb294ab6ed8bee01f5e

SHA256
ab69856c9098aef5e9e52c52817f3a4d801771ff17b80dec9818bc8f7bd53881

SHA512
9273e318cee3bf1568db893977d0739f09edca858eab968789fa2db3c754b3822c6a02975e1defdd2ac058e9fdd01dd5e4477a2f366086053110833e708c8339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
aa10f656cc16d036a580048ba0bdac0b

SHA1
52c15a55cc3b56bd1bf5dd0efcd2b66413b7044c

SHA256
166d97573db5472f64c5d066f2b07e6fbff2f1f9d5858fd7757548e334e9220d

SHA512
748fc7d5155285784ecea52d01af8168213210231a698073945b30b4989ae28463a7fee01e24792fd33b17744cd54587f801c5e836c926d700724171bb0000e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ee8e616a03201ab31e032c60a6d81b15

SHA1
4fa72ee1a3ed74f7798b3b58cabe174c675adc12

SHA256
2d77f4c62538359ca9c795a3be97c3817adb7954e004fe4b85cfffbf216f64c7

SHA512
97640f1aec0c917ca0bdda6f0228eff1d4274d2d681c73206be660697d3a7fefbdeeda23d6e3fa853228be633b4988e543a41f84bd027493c7d633089c863151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d55fa5b43f75c4455678b96ebf76a53

SHA1
1fc3bfe0395d52b76cbbbcb80eac11bc94db061a

SHA256
c4bf1f4e41bdc9a19d48db0a33ea0fa2cbc8787e739a6f7359299985e2fc59a8

SHA512
567dd9a95b0e459c7929a315b6548ca2828b313f8e9768a4e4dd60ab7b4da6755d56c9a724062b7dd90e9acab591cc461aefe8a9f362654f170c828eb106de2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8525467d26a77768be6bcfb28c9292b1

SHA1
c5eb95ad570d5fc0a82248a760bb23192201b381

SHA256
61aad47b65409d770c368c5bc94e20c99f48875d691c6ddeccb9841481471584

SHA512
4a365b244338bd601f3b04758291e69100fde1eb0645aa482c67c2bd0d63b763059b1ccab3c344d6007e2770487c65e541782487887f68802f90a25d50a582ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584cf2.TMP

Filesize
874B

MD5
2d87b0e5c018237262f7884c0cbc9dca

SHA1
37becdcbccd7db351e867b636419bee417c6c182

SHA256
3f44833256cd726dc185edff3d9e1ecd4143b7c4d5ba9d59ca355318139addab

SHA512
8c17fd109da04b2f42f6d809c251d5c63aafe17543236cd3949e54f1709a1d4ec00793dcfbc8c1a4b8b860160903d80ea5e606f22ad2790f58a3e2d2dbfa0dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21e2f115354a329827626b507ab842e7

SHA1
c445eb201340ed9d758409577566fb91ad095e55

SHA256
bd43b1d4e7f64162e0024dfcf716947a851a73a865e58b09c763403e93b9a9b5

SHA512
86437ae07f9a3d006b2f62c3a7bcc7af2ed078e99dd2e518f38ae592b9dbf8eca331a98a7af97bf78d65a425b21afbd76ffed804d16b0d44eba85601784278ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
44447729ac4154ccbaf312de8756d7f0

SHA1
a5ceb0a208a72660d2ba88ce471fd05e2387d27c

SHA256
cb0fd0702b7df04974c7c5088b619f8f14a1b0134158d80e03480a6bbf56796a

SHA512
3d67223adfe3c12a8a8aead269bd13907cb22f72a6705c91f0f4069fa4cc367e2a38e84901317162a9d9f64882bbc0ed9b733891675b4ca7d30316cb17ce00d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bf2cd68e725f65329558da0569ad2e01

SHA1
ddee8907759133ad3bc9d5d1a12b1c37bb0f1068

SHA256
634bc21c87298479814d15043dd9311f85f4e57c5b3158e0c2ca09f971075eb8

SHA512
56311fcbf277932203aa28320cca2c5e46eeb41d6ae00f01adf21550fea26e3fcea7a2270b19d7c3276c209d23ff06d368d5b2c1f7fe2c9544b798ce6385ee21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4d3fcb90c8f2b872168bf631c849a0af

SHA1
bfd92e6c6c157e0be0479ea6f0f2076cf6ce5465

SHA256
50a7dd71e87e5cc7583444f434a38e1fe9aed71a5a5a0639ae84ff1e84ba81fc

SHA512
b7507f57e7a876c4e823ee1a1c8eac236ab5091199a78f6ea4aef90c26719d1e5bb49694286f7e62a3cb0799cbc648fad582deee2ee8f6dea6d8938e987a1de6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6d763a7d434c6080f27211bc6b3040be

SHA1
3756aa42ac06964862c497b90d412f9ef8940e33

SHA256
4bc6073093c3cbf0ee36dabe70a418ffda2fb9d6a2c1b9c3f416c2742384def0

SHA512
1a06b22521fcf3a21558116233193769d955ae70e7ed24fb357190ed17dd9e377e2a6a9700fa42ce886e496cbddef48ce743f826240b7c9b45d50326c0b22c95

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 106491.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit