Resubmissions

02-07-2024 12:52

240702-p36araxcmm 8

02-07-2024 12:43

240702-px6pbssekb 8

02-07-2024 12:35

240702-pssa5sscpa 8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-07-2024 12:52

General

  • Target

    http://lacplesis.delfi.lv/adsAdmin/redir.php?uid=1439888198&cid=c3_26488405&cname=Oli&cimg=http://lacplesis.delfi.lv/adsAdmin/i/preview_610959355.jpeg&u=http://u45399925.ct.sendgrid.net/ls/click?upn=u001.P5twhHPZ8ddWUFr7QzBnFwu49oAc39ZGizb-2Bfon967kbcwRt2sNk6JjfNCZEE-2FTF-2FHoiWdYQrm-2BaC52TuWCJej0YI5kfex8VfzUB1a67WbLiT9ohVcNtosyNi9ytLLEcDQXfRBVAA-2FdpgZtDkHQ8xs4SIoBnJAud0U-2FjpMXqFKFlTd0oPucHMBmsfYbr1W1bFPuqjXwvWKhbYIawiZ-2FwOAwiIppc-2BCo-2F8nqqi4BfLzk-3DMqvb_NbKRw1e3eztFxz5vjavcmdoozMVb-2Fr9DO9Yopnv1-2BLKGiSlXTn5tLJ1E7D2gLcuSGQnw2-2Fq4dCGhuTgI-2FCh5wHXEnMeo0XxpcK4Mkyr-2BEvScg-2FUSbGEX9xfg7lbd7-2BEUQV4vzADZ1KbjvJb-2F3jeIzI8hMEWxcR-2FvoUctYwvxe6s8UPP7JWdl8MT6KpZBxyaUh915FMBuvi2lS6-2F8fnrckX9z1kD9sexnkBHRayLfAlh-2ForEpzapShaXRSzAtUpDX0sBB2LbmnEos21q1NyUL3QsMhMVGxXLqUuSt6pUy07V9B9Sh6jRjnbDb6-2BdhXshHy9AJkauhe2uJY5ocKUdgGbRT-2FLzAmQyl1NT1kteHPrWoZ-2FeMfwWZoaws4bMh8gV6TH9XPlpoVe9KPpNrxZoApxusvvksTCG28qqycpgMXINjNOsje7gNMLZggLxa8d-2FF&c=E,1,5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq&typo=1&sa=D&sntz=1&usg=AOvVaw3M2IK1451r_uQGYiEVyOIF&sa=D&source=editors&ust=1719861584574540&usg=AOvVaw3XnUDNEs0mfujfRThl97w7#Z2V0YXdheUB5b3VyaG91c2UuY29t

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Detected potential entity reuse from brand microsoft.
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://lacplesis.delfi.lv/adsAdmin/redir.php?uid=1439888198&cid=c3_26488405&cname=Oli&cimg=http://lacplesis.delfi.lv/adsAdmin/i/preview_610959355.jpeg&u=http://u45399925.ct.sendgrid.net/ls/click?upn=u001.P5twhHPZ8ddWUFr7QzBnFwu49oAc39ZGizb-2Bfon967kbcwRt2sNk6JjfNCZEE-2FTF-2FHoiWdYQrm-2BaC52TuWCJej0YI5kfex8VfzUB1a67WbLiT9ohVcNtosyNi9ytLLEcDQXfRBVAA-2FdpgZtDkHQ8xs4SIoBnJAud0U-2FjpMXqFKFlTd0oPucHMBmsfYbr1W1bFPuqjXwvWKhbYIawiZ-2FwOAwiIppc-2BCo-2F8nqqi4BfLzk-3DMqvb_NbKRw1e3eztFxz5vjavcmdoozMVb-2Fr9DO9Yopnv1-2BLKGiSlXTn5tLJ1E7D2gLcuSGQnw2-2Fq4dCGhuTgI-2FCh5wHXEnMeo0XxpcK4Mkyr-2BEvScg-2FUSbGEX9xfg7lbd7-2BEUQV4vzADZ1KbjvJb-2F3jeIzI8hMEWxcR-2FvoUctYwvxe6s8UPP7JWdl8MT6KpZBxyaUh915FMBuvi2lS6-2F8fnrckX9z1kD9sexnkBHRayLfAlh-2ForEpzapShaXRSzAtUpDX0sBB2LbmnEos21q1NyUL3QsMhMVGxXLqUuSt6pUy07V9B9Sh6jRjnbDb6-2BdhXshHy9AJkauhe2uJY5ocKUdgGbRT-2FLzAmQyl1NT1kteHPrWoZ-2FeMfwWZoaws4bMh8gV6TH9XPlpoVe9KPpNrxZoApxusvvksTCG28qqycpgMXINjNOsje7gNMLZggLxa8d-2FF&c=E,1,5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq&typo=1&sa=D&sntz=1&usg=AOvVaw3M2IK1451r_uQGYiEVyOIF&sa=D&source=editors&ust=1719861584574540&usg=AOvVaw3XnUDNEs0mfujfRThl97w7#Z2V0YXdheUB5b3VyaG91c2UuY29t
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4960
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae94e46f8,0x7ffae94e4708,0x7ffae94e4718
      2⤵
        PID:2644
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        2⤵
          PID:1760
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4444
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
          2⤵
            PID:4416
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:2784
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:4016
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
                2⤵
                  PID:5076
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
                  2⤵
                    PID:2836
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
                    2⤵
                      PID:2100
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                      2⤵
                        PID:4892
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
                        2⤵
                          PID:2668
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5068
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
                          2⤵
                            PID:4528
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
                            2⤵
                              PID:348
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                              2⤵
                                PID:4228
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                                2⤵
                                  PID:3104
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6230099730496523405,13833188135430295725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2612
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4896
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:5056

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    a8e767fd33edd97d306efb6905f93252

                                    SHA1

                                    a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

                                    SHA256

                                    c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

                                    SHA512

                                    07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    439b5e04ca18c7fb02cf406e6eb24167

                                    SHA1

                                    e0c5bb6216903934726e3570b7d63295b9d28987

                                    SHA256

                                    247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

                                    SHA512

                                    d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    312B

                                    MD5

                                    ad7007bb831e51343ef58cf6608f6464

                                    SHA1

                                    dce3f18fabb9623b769f3e1b9f48aff36ac75679

                                    SHA256

                                    71e6bfca3e2a39644136d02e5237459208660dfcb61b629191fb2a1aec5cb7b6

                                    SHA512

                                    dd2e52fb56410067b9d425ea57f90c763be9ce47f819672ac8e1094312c65aafca4b24199161d3a6d23547f8d613c0faa0f036f01c800d5255f5e2b1c3513ca7

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    264B

                                    MD5

                                    66e355279c2a5ad047cd0b2eac15f8df

                                    SHA1

                                    77bc87c593851a67d0059292bcf5c8c1284044b3

                                    SHA256

                                    18cd224a601cf8e560c6cad1031018de631aee7499f6f1fca0570c6342a46cd2

                                    SHA512

                                    34f4d3ed3fe9a2ccbdeb4005cff96ac99bc431c8e3551fda5346c41b70bb4424d8b79b7877940489a359379cafe09bae59a216261bb9e91c4fed747a111a063e

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    1KB

                                    MD5

                                    603ceb595121b1ee3a389f02c8e9bd73

                                    SHA1

                                    8c5ce3c8527d167083e1485b286c284e06357522

                                    SHA256

                                    bc622fbac7aff3da35aa8aede6ee49d56f4e8427dccc8d241d0b87a98831b1de

                                    SHA512

                                    71e457ed5a3874a117ad20c189f0f80bc4431ac8ff35d5e5103ac4d0f8c0bdd0e1a6c737e6d06028d542154171e3f3daf5a060a8374e5ed7a51509c4c4106342

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    1KB

                                    MD5

                                    2534566ddfd7d77a184fbeff86e4ba36

                                    SHA1

                                    392cbb7271eb9c56aac25ceb84dd4fd917e39926

                                    SHA256

                                    60ae8f5bc54c9906b79dcfe763fd68fba3abaeafd85645afe44e9908662a98da

                                    SHA512

                                    cf3685549b60b26107e0c6b31dd7282e5d5dffba797184a35bdb3dfb6d76fe8b978841caf1a946ac9f22176e4cfbf8b69346a4fb82cce1c9473093ce6678fe04

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    5dfc88fef0bb9bc198c672605ed4ae19

                                    SHA1

                                    ddea03e0db74093a3df8fd67bae4a45899eb5fc6

                                    SHA256

                                    e6cf6be49180227033d7b1e6bf070e63798c60e49fcdf7f96b7867fb68f93040

                                    SHA512

                                    cf5fec5bf9210b76c5d6250cdcf76628c25a40076c7db5448568071a395bd6295cff95c164781b985954abb42b01eb094753ada3083afe4d7a791571688dc10e

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    6a62308a7f1fa731071ab54f756a7dd9

                                    SHA1

                                    be80cb4b13f45dafae76df9ab603c2aa5bdd5592

                                    SHA256

                                    8c0b599011be9aea982505c775781795cfd25788fad1f727f8dda5f62ee39ee5

                                    SHA512

                                    dae9031b9f7b3bdf0c3eb17f76c6337c5f2e0c5f07c7f530d06d44242340275cf4a13c120bfd96b249f2881ea177ac358317b1294265444708e5413e177fee7e

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    7KB

                                    MD5

                                    38ef6a7f717b1647a8452608796f5172

                                    SHA1

                                    8e722c15bb0790e045a6bd64f38ce90010c7b98c

                                    SHA256

                                    ac034465b114efbb8c455b1711c22b03c799785545e0d49bbe9ddc8d8ed6b4e7

                                    SHA512

                                    38b302621261f1ebc83cc94647338ad137a5d7f8cbf8d426f52089b51fc56b99296c396d3e2bc7055a31092c097dbd9d2ef83972e136a52fb3346adf008d1b3f

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    6afdef07e2acfcfb075bb4be69b281bd

                                    SHA1

                                    c5b6141e54b62831f69cb25713d80dde52ecb95f

                                    SHA256

                                    834f2dfd7c8ac842d911be86824c0631282e15f774e3887c71915f8db846b034

                                    SHA512

                                    f99039c30a4a27f451b517cd79eeeab9cc09515d9b75c0bf6269ddd8d0ac592500d27fa7997302e2e55081c7c648811c67a56a276617c0837e4a23b69ad2303c

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813a2.TMP

                                    Filesize

                                    1KB

                                    MD5

                                    1d547a12d1af54de97dce964e3c65358

                                    SHA1

                                    05485fe720f62eaa80f96524d1e53eba465c0a3a

                                    SHA256

                                    2af2f12cb6dca81767c476695c0d9d03447aee9d70d460abfbda0dc747ce4c54

                                    SHA512

                                    27132813c5ee1e820da3f7f460d11c2ccef73ff4fa8664f6406728bcbf66effa517488f091d855c07aa3f5d99d851b3c1c6d117309c7ea0988fcd012996ff902

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    3d3db194e31107f92bb15b2ff4df0505

                                    SHA1

                                    28f63849a4d6690567156fc1fc96459d8becd6c4

                                    SHA256

                                    7a029ba25ccc6e4535c8023f5b3aaeeae5de1f4b8505295477c7df44ba98a2d2

                                    SHA512

                                    bb8147e7af44710e9d3e82e360820603e222973e4e8222eeab8eee0f43b083e9e2765b10b570f2698af1e157a43e45f5b3a13692484919fa49999aa7bb919587

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                    Filesize

                                    2B

                                    MD5

                                    f3b25701fe362ec84616a93a45ce9998

                                    SHA1

                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                    SHA256

                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                    SHA512

                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                  • \??\pipe\LOCAL\crashpad_4960_SHHLIWUGYCGXIZCY

                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e