Resubmissions

02/08/2024, 17:59

240802-wkxn8atflk 10

02/08/2024, 17:56

240802-wjas3atepl 3

Analysis

  • max time kernel
    141s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 17:56

General

  • Target

    https://itorrents-igruha.org/2368-raft.html

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://itorrents-igruha.org/2368-raft.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce4a646f8,0x7ffce4a64708,0x7ffce4a64718
      2⤵
        PID:880
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:2464
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3292
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
          2⤵
            PID:752
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
            2⤵
              PID:1436
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
              2⤵
                PID:1228
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
                2⤵
                  PID:2212
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4144
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
                  2⤵
                    PID:4420
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
                    2⤵
                      PID:4172
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                      2⤵
                        PID:3252
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
                        2⤵
                          PID:4852
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2788 /prefetch:8
                          2⤵
                            PID:468
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2356 /prefetch:8
                            2⤵
                              PID:1992
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
                              2⤵
                                PID:1516
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3224
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
                                2⤵
                                  PID:2456
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
                                  2⤵
                                    PID:3144
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
                                    2⤵
                                      PID:2912
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:764
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6868 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:700
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2328
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:4072

                                      Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                              Filesize

                                              152B

                                              MD5

                                              ecf7ca53c80b5245e35839009d12f866

                                              SHA1

                                              a7af77cf31d410708ebd35a232a80bddfb0615bb

                                              SHA256

                                              882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

                                              SHA512

                                              706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                              Filesize

                                              152B

                                              MD5

                                              4dd2754d1bea40445984d65abee82b21

                                              SHA1

                                              4b6a5658bae9a784a370a115fbb4a12e92bd3390

                                              SHA256

                                              183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

                                              SHA512

                                              92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                              Filesize

                                              81KB

                                              MD5

                                              bf40de408d3cd4dca282d7318a95b7a4

                                              SHA1

                                              9ca2d3702bec0ae8b9c206e3a61bc0bc0dccbb0d

                                              SHA256

                                              da50a41b2c4a853e1a49652d54db59a939064b4cd7cc24a82d7701717a91e79c

                                              SHA512

                                              3ef1ba9b9573a001d4c772a214e8213d45b2690251d9c71ce390ab8a45c17bcd80e38fa0a6cc91cabbefbe48c140ced57ee7299a80f37125fcc930d01fd48923

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              216B

                                              MD5

                                              5aac62e881d40799d13bb6b998a931b3

                                              SHA1

                                              5a9aea2ac837430443d30ebf3d3460f0a2396961

                                              SHA256

                                              aee5c0be38563cb4ceb79849e285d372e7a43142aff5b39aab139cbab3c0d368

                                              SHA512

                                              2f8863b525c64517e3c33af61a7528a30e6c1bbf9255564bb9243fa8acd966c4aa9099e06519754d6c6a9174982f451c2e65d024001af4127130124bd2beaa38

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              240B

                                              MD5

                                              1daebe1f4601a8e271e9309fcf5360ed

                                              SHA1

                                              44f9c2ad53e2b212567dc99182e4c08397bb4d36

                                              SHA256

                                              1b94c51cb3347d93162d1892070a51b225521b78481fe597129cf2e9e2107bfc

                                              SHA512

                                              984b058136fc53ac6c8e3d1f6b6304c8427b28ae6b897937ca2c3362192750c971b970c1095b481fbeb49b19880a33d485dac8b7af8ab0ce8cda7adaf85f01a2

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              240B

                                              MD5

                                              de55c7283d31df3f78f7e70e5b9b11a9

                                              SHA1

                                              bec00bb516297d6ed96aee785c511990e8d5fea1

                                              SHA256

                                              3947a0d4b233ca973aee551d260931b667a67e2cef11c274a34da0e3732bb20f

                                              SHA512

                                              cd8762642a514f5c40b48b4055f21499a4abb4dea9d4cc018598ba4b2e7c61f1667b7c3c1e2b292cdbbc5741ea841f27bf75f2798b1a3e2e57c5be7c766f6765

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

                                              Filesize

                                              16B

                                              MD5

                                              46295cac801e5d4857d09837238a6394

                                              SHA1

                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                              SHA256

                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                              SHA512

                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                              Filesize

                                              1KB

                                              MD5

                                              9730eb99b3ea8dd63c80a06f9f8588dc

                                              SHA1

                                              36a35f133a9c829072bf4371754041d1ad3afec3

                                              SHA256

                                              0594b140d13086c1685d83bb78b2bc56c15694d39998d68f39f7f88d9203d53f

                                              SHA512

                                              3d770de525f828ef87c63f798286a4a945f1d110673ef03a7b7e0534f838a6fdd76ed8bdeb0fb2392d632383b8e88c922e0ca5a6454f34d2b9bd4794c7fd4bc9

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              80bc9a63f1753bfd36cea91e901ac644

                                              SHA1

                                              6c6351cdb2bb0b578a845e55ac4dfb6dea4516c6

                                              SHA256

                                              f4779ea40929a1f9c9617a4dc704792d21e665d01df17afd7573fcb7a40513b6

                                              SHA512

                                              8576fdea119f5fecdf9c1b0f8ea277a7ace0023e718238c3047e0ff196fb21e63d04834da2db1ae5f92b8539d8c4c22a530be72f1620a44b9eb475cb2dbf5cbe

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              3eadbe006a738c81b07c05d7ff8a09e8

                                              SHA1

                                              ab8b729f186167c2a18cbfd462b4d2ae68af83ab

                                              SHA256

                                              b2059f36212646a0e5933bed6d4ed74c043d0505e8001989ef715d80204725e7

                                              SHA512

                                              9f9cb67fc6be894d7b984873765d79819a1633dafc068c72e6924dfca823ca2af287a98559c21955d20a718603bdc9e5882eccb626e0326c5f3f921e3c2e7753

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              8d3c8e45f86577f099d1e46e84540660

                                              SHA1

                                              89fe71abd626d79a02af5ad3d060293e35d7052e

                                              SHA256

                                              3451ec76e9ef1ac9f097b8f940ebbbbccd1798e45cc93203f18ac72d8055594e

                                              SHA512

                                              71bc442a5bf4a99bf5209f56dac9a9e811721e2d3a0e3ba3f95551caef93b5f37ab44af859524e43f9a92806cb65cfa4778c4e650284fdde37745e72bb9d1488

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              7KB

                                              MD5

                                              fe0144f6ac5ee87adcc53c97487f01e2

                                              SHA1

                                              907bd6040508f48a7122ffae2645ce96ec5f2e30

                                              SHA256

                                              8b3bc1ea6dc345b6e2f68e3fbf82e54a528899d4a1cc7aaf1128c1865f7af210

                                              SHA512

                                              af058a5bd0b642e53494d029c783a518678d1c7839f41f932a97ea441bee9545977320e257722b3e29fcb5e64797073b9c7f986c237b31f8a4de186c76d18cd7

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                              Filesize

                                              539B

                                              MD5

                                              c1f0fff5adbefaa52e0d26b502265f30

                                              SHA1

                                              062e8849c2de66ad184e0531b2b0fb8b0520cf93

                                              SHA256

                                              ed0286cd753766b2535f30d1edebc29b8d23d78d024e5c9061d4f677ad1c07d2

                                              SHA512

                                              f626c20fe777beb06e5e692560dab28eeab50dba640eff1b4843daf096f2aa663d257be02e4218fb7d9dc7a67bccb4f99e459b7560bb277ada635660aace0513

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                              Filesize

                                              1KB

                                              MD5

                                              575467001d468b63887c27ad95b8617e

                                              SHA1

                                              721c25ef2804e58c2e1489fb455fd5fb9af7d98d

                                              SHA256

                                              0df8768a8bab2ec48099e703349e23cc56ac6d00e8d4d109d87be8cc4056cb4a

                                              SHA512

                                              5892ae4328f1ab6140e5079ebb02c00b1860f72c08d79ff5064326d0e2ef9fdca4c2a91ccc4b233c476791d75def8e9104c22974044a7701c4734eaab1054c99

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                              Filesize

                                              1KB

                                              MD5

                                              4c8076a7b9dd97e448984ac2c6a36f35

                                              SHA1

                                              6ec7960c26b8eafca0873c4942f64994769cf923

                                              SHA256

                                              48a57d95f254e6456ef9268522db6b2d74ce2d9edd793e61103d00fd51f14d21

                                              SHA512

                                              77604bfc18e2c0830a7544787cfafb0f755e1a2718ad7ee48c6055e7b80c55766cf6bc1ec84f91de254f01a68723540e379af24ee1fa1e43c1cca6da3c88c34f

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                              Filesize

                                              539B

                                              MD5

                                              6e449eb2ca7855c71402fb4ab238abe5

                                              SHA1

                                              daba2023303fcb182f123651156fd3d0c868aa66

                                              SHA256

                                              0278d8dd19c7767533475986f046219ac1859886a4eab4b8be57fbcbc771c89b

                                              SHA512

                                              dba391f682239fdbf30e2f58fe55ccb638511c9345e43ee42664611e640f4c235a149a649eae9a749c8f7d78c83c4de6e207e8f1be7c373fb8afe4d7ec7b918e

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d532.TMP

                                              Filesize

                                              539B

                                              MD5

                                              326c5a35a388ba04e5f41389ad2c2eb1

                                              SHA1

                                              72d34dbc5669a0aa7e9c8a6d7944eefe6b77d1b9

                                              SHA256

                                              a00ba38075ff3f5e2fdc558487ce000bdfc4c443ec7f925527831e9c57e5c8ff

                                              SHA512

                                              8b41f5f13b933430df9e6cd6c09fd3c584e4cbf4a3d6122af2a0673ca6d18b1a4b2e6d86ea9234fc3f0c0bd3be29b56c52382be3bc8e3d2f2b101e9efd2f1113

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                              Filesize

                                              16B

                                              MD5

                                              206702161f94c5cd39fadd03f4014d98

                                              SHA1

                                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                              SHA256

                                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                              SHA512

                                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

                                              Filesize

                                              41B

                                              MD5

                                              5af87dfd673ba2115e2fcf5cfdb727ab

                                              SHA1

                                              d5b5bbf396dc291274584ef71f444f420b6056f1

                                              SHA256

                                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                              SHA512

                                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f17959a1-c881-4c76-a668-4c0e6da5dbab.tmp

                                              Filesize

                                              6KB

                                              MD5

                                              ea72a232e0c899b359598c80d1280a6c

                                              SHA1

                                              84174a142a73952cf0ae233f4de2b30cce846f18

                                              SHA256

                                              50ef58b9bea96f43bda396ecb6aba4c9696794506c49609859f69afd22bb0e91

                                              SHA512

                                              c4f24dacbfd1667f62a8807e17cd12a30b468cf9f25760032e936c6dcc50d98145ed82cb08d7febd3f4be98471026d5c889c9a304bd244c86e52301b4a4a0029

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                              Filesize

                                              10KB

                                              MD5

                                              b4637c2f2306d8116096e6ab09bcb3f1

                                              SHA1

                                              48a5f1b9b72b462e5e859665a11ee49e1bacb94a

                                              SHA256

                                              8540861bb2f102f238fad91ebf22134878b2bd76b40c00c589749772b99bc9cb

                                              SHA512

                                              635c18baea270aaa2448a7c8393b219c575054f3466f172d7469f933ceb0bba9e7f697ace67d520c5f56e45ae43ac4e4900973f15290f3f7e747d294bcf187a6

                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                              Filesize

                                              2B

                                              MD5

                                              f3b25701fe362ec84616a93a45ce9998

                                              SHA1

                                              d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                              SHA256

                                              b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                              SHA512

                                              98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                            • C:\Users\Admin\Downloads\Library-Of-Ruina-v1.1.0.6a6.zip.torrent

                                              Filesize

                                              72KB

                                              MD5

                                              c78ece9d1f2a3b0234ec3b04db87d19e

                                              SHA1

                                              be2b55da3d1c315c583865fd46bbb007226fc7fb

                                              SHA256

                                              aabfdec173f041c9314b7953acda609b6eb3b2226c88537d5c93ff92f6cbf51f

                                              SHA512

                                              4c172fc2029f076f7992c4d0df0d09519120e6a8c3c57106bb32d55bfb5fbcb297994428bd3438e251901d30df4361de229ff16ca012d087e00b31233668f3a3