Analysis

  • max time kernel
    132s
  • max time network
    133s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-12-2024 11:27

General

  • Target

    https://spoo.me/MQbNA7

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://spoo.me/MQbNA7
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1d1f3cb8,0x7ffe1d1f3cc8,0x7ffe1d1f3cd8
      2⤵
        PID:2712
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
        2⤵
          PID:1860
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:420
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
          2⤵
            PID:2336
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:2828
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:3960
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
                2⤵
                  PID:3260
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
                  2⤵
                    PID:3372
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
                    2⤵
                      PID:2564
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2524
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                      2⤵
                        PID:4240
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:764
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6600 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2684
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
                        2⤵
                          PID:244
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
                          2⤵
                            PID:1896
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5876 /prefetch:8
                            2⤵
                              PID:3556
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5208 /prefetch:8
                              2⤵
                              • Modifies registry class
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1916
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
                              2⤵
                                PID:4320
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
                                2⤵
                                  PID:2016
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1756 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1320
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4792
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4904
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:1856

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                      Filesize

                                      328B

                                      MD5

                                      bc920f289d5e3316096e70588d38c6f7

                                      SHA1

                                      4c5bdbd97e93f4c965688284a0c112d6720cb1a9

                                      SHA256

                                      31d36eda814ed45231307548a288df9243c418c7e75ec158028a20a1ac65f2bc

                                      SHA512

                                      edb11a20393297225a21c5780b350569415ff381d7c310748ddde91c75e4bfb00e1a378382f4273c148c08feba102f78649a3660d6a25c8d702c70d2949d1ce5

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      fdee96b970080ef7f5bfa5964075575e

                                      SHA1

                                      2c821998dc2674d291bfa83a4df46814f0c29ab4

                                      SHA256

                                      a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

                                      SHA512

                                      20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      46e6ad711a84b5dc7b30b75297d64875

                                      SHA1

                                      8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

                                      SHA256

                                      77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

                                      SHA512

                                      8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\73f81a71-43f0-4b2f-8319-b3d8ce6a8dcc.tmp

                                      Filesize

                                      1KB

                                      MD5

                                      a20ea601aa147e0b5398fd1bdbf04459

                                      SHA1

                                      2153521225c003097028f15380e3e2bf6e1aaa65

                                      SHA256

                                      7519ab9c6fa2735b8a4158cd6c311f9d95cc524c4a93a8f6e2085dbb429f23e1

                                      SHA512

                                      8002f40e8c0fefccd5bc515f1c61fc2a864d585ed1a1493dcdbc2e5c49ff5a21ccd8a42a048a51bdb73ce6942b780a60fef1787bf87604491b81460060872c58

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

                                      Filesize

                                      51KB

                                      MD5

                                      588ee33c26fe83cb97ca65e3c66b2e87

                                      SHA1

                                      842429b803132c3e7827af42fe4dc7a66e736b37

                                      SHA256

                                      bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

                                      SHA512

                                      6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      4KB

                                      MD5

                                      a0b8cbd5dda3b6adabcd832588d4c1c1

                                      SHA1

                                      d2ce69eaa0442fcbe6cf8dd0a8c81d15a0549d1b

                                      SHA256

                                      4420a2a5086d4d076168930654a81e356411bb13cf3c627e98ef3c35759fbaaa

                                      SHA512

                                      b62b7bf390c332a7a356b4604fc3d881d0046b843f1f6cf999082fbf97bc922d0fd0fe6f1ebd4ca0928c21350874b5bf59f60a219fa1d87d0f6353badc0588fe

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.et_0.indexeddb.leveldb\LOG.old

                                      Filesize

                                      741B

                                      MD5

                                      a099c1a86dff29311702b5cb96712630

                                      SHA1

                                      9ca4b28828c17dcd45e4d12ae93405a02af69dce

                                      SHA256

                                      f29fdc0a445b469e519ee730540e728491818b35c9e4551ed9b78650191d40d5

                                      SHA512

                                      49b9f9e26d8568b35e8113457daad54fde1c16cf6e2624f76157f82f951f216a3f4c4dd63237f6448ff7bdb17e55eb3d89a0aebfde9989c85afb182f9cd0cb0f

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.et_0.indexeddb.leveldb\LOG.old~RFe595569.TMP

                                      Filesize

                                      770B

                                      MD5

                                      b716c42ec739f7cf375faacc04b63027

                                      SHA1

                                      9090f01e41a28f823d562ef4a91c848127b3aed0

                                      SHA256

                                      1ce22f4db1d0205d5fffa8f38acd175d1fd5fcda1435628838d25e181502fdd4

                                      SHA512

                                      1dd8fe234ddae2653bb637e828003c1ef6867ab942cd40999daae57192c908c3a5bf4215d93646d5b4e92951533cd15059097484d9a5c133c3050b5c3eb77c7f

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      3KB

                                      MD5

                                      0aed313c520752341310dfeb78822652

                                      SHA1

                                      1eb7b4807560310202f7c1bb3406702e4ac4ca07

                                      SHA256

                                      5b3c8dc7f7efd45bbf418e5abbfd75c49e6a58f32551ff3680ca387cdccce54d

                                      SHA512

                                      e9e9ef6687b5a2f161546c572fbc00f79d67ef9cab5936c5e53803f899185eec39f440c34ec839c45bf495efa9dd7cdcf378902e66ef1b5cf47fb2c401c9989d

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      62ef3431432eb41f3d3afef080a8b2bd

                                      SHA1

                                      38574d15099d011f0f1e1810f5abf946c8838d64

                                      SHA256

                                      78bb6703969d0289bfa4feddd80b121cd24b3e5b09f467c1b88a58dcbee88bf7

                                      SHA512

                                      f5464556b0a153d5340ae67ceb0466cce61f7f8dff1167d10809b48e94828813ddc2e8d020721460d6778673a29c75e1d031c1a6be437ee540ea53bf88e9b0bd

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      ebbd3933537273689a98ec9ff83b1b15

                                      SHA1

                                      e9cfbd45e0c2f4afad65c3e1118df430f1ce334f

                                      SHA256

                                      b29ccb73e6572693f3f8fdb5577b1efea034822c2da2b1585e8f4d0fc1d72c04

                                      SHA512

                                      75fccc873eb23078ddf2d6e53a2579b3223c39aa2a650797d69e38a6f2c075a715e47fdd2e6dd643130790c74fcf8bd13a9d67d98bd0706a9e3919f44e24b67e

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      05903545662cd3fa6584d4d212f2ecce

                                      SHA1

                                      6892e2d1fe6d355c5d7db2be54d77138749fc5a7

                                      SHA256

                                      553921827c49878b4ef020b90cdefdf553dbcbb1f0a25ddb4003270a8cd7dd23

                                      SHA512

                                      35b32ed108cfd732d827f271b67f0385068a090fb7405bad7053aad94517cafeece1ed743b73c803a2ba15407ab4327337bcf45111dd85c57c6ab122fc30d470

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                      Filesize

                                      72B

                                      MD5

                                      3b07de3b409f7ad747ccc9bbeb850d2c

                                      SHA1

                                      d3b120d7cd59894e0e67af3e53c5c384fb1217d6

                                      SHA256

                                      405796468f067e7721c3bbec06a33e3dfb50a528812a368d17820d56e68cdc68

                                      SHA512

                                      bac19259ed8847934f2db014768688211e806987210b932a43d87bc83762abce00fbf91c0d0d5280c373c4562369f3f3f50f2f6b45134b86493ec2b4cb5b3b89

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cec9.TMP

                                      Filesize

                                      48B

                                      MD5

                                      7aac63e78b6ad12c63221346fe3d43f6

                                      SHA1

                                      1740bb673537792529ed4d57e05ec09f4688b7be

                                      SHA256

                                      d579c46301a44aef57395ad82d2263f4ea7166fd5ecae32867c0517d9da0e8d5

                                      SHA512

                                      5cbe9ce16aed5be6d67b121cd11aa9e928473f18886ecbfb053536369e664902d2ba6cca1e28f26e382863b9b5b7f455d0ca86593b217e1a03adf8680ee196d8

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      12120014ce15d8360617ee3ee4e828b2

                                      SHA1

                                      657168670b940755cc04949db3ca45057e058401

                                      SHA256

                                      3ced2ed45df65bf9097b05676f4f1d403918bcccd20acf7804ead3decefeacc2

                                      SHA512

                                      29d0cb6fc86c92063e5ab607fe8d8d2318115b55211f938fc70e931cae8a587da5d12c1350452e2d33935db3a3b42bb509b8735a07ce947a99a67cd36c2815af

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      e75f3a7015df508cf3dabca98bd6af3b

                                      SHA1

                                      4c450f843893bb0743b50c9c9a2da1f53deb7db3

                                      SHA256

                                      6af1aae62e141e207f636ebd71d8c122969aba49e42ef966e50e7ff7a0ea20c5

                                      SHA512

                                      b8d9c3131a665505a0c10361f0bfb5fc4a3b7ab7c216a20792f309f1fb2a27662472d66cd8d3e58f34fc180b2111624740bb414606c491f4a50e0832486f4454

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      b9720aef9a69c1509f05605b69ccff2f

                                      SHA1

                                      5d4614580f70c2f45f964d8e2bfb9795134b8874

                                      SHA256

                                      93d631e7edfea2a68b446a09b8dea4b000ba04830075c6933077e06bb355ea28

                                      SHA512

                                      23e3c79cf75da7125b894fe0b363a35334ddee3563b7aa9a39dfc986e160238108fc59877d1449865f3075b72c539f8d64dbfa2c19ee4f21685c2b8534e14153

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      641a74e59ba4f732d30578e847395dd4

                                      SHA1

                                      21dd4cbcdfa0a7193d7618f666d799338166384d

                                      SHA256

                                      b21f55f76e9ddecf539c025e20c90a7eefc84d538afb755bdff121b59a8aa6f7

                                      SHA512

                                      981fde5b5748fce72c904e23e019903041d2608ecb67a0654d9e4d2a25cb9d90a7e7538350e70e90ae990eabfbb94d7d1fbc3e5afbd52ad37c5b4603bcfb876c

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      e79b157789990f77d97d75033238aebf

                                      SHA1

                                      34b016c4fbf1e30d85a66ef9babc6037cc3b7321

                                      SHA256

                                      0c0d53f3203f69c1a8865eeba68793c1922d0c63c0e4ca2ffbf74998c9fbbe25

                                      SHA512

                                      28d2997a3e96523409e8675b4c2fa9bc5fdad83982dafbb740e599ee217037f3944eccd8712e7094c00c4461f118e2ebc9ca76d920efdd282304cab682815c3f

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c63e.TMP

                                      Filesize

                                      1KB

                                      MD5

                                      567bd27b0e05476f6f6a176665198337

                                      SHA1

                                      dea2b868e91d2fd165e69c2515149350259d487d

                                      SHA256

                                      7febd526350491bac3398a9b5f868f5cfa83af4578be62d1d2da526a20d82593

                                      SHA512

                                      da411bd1bb52b4249e09de66176289a06dbe5e4244415fdfcb58d5da6d4ff6bbcbec95855352d9be1dc942a9c8bebbac56abd9c702fd15ffdea4a3ddc47f9f91

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      10KB

                                      MD5

                                      9f9fb0d75d90b4878f509b23f7ddf832

                                      SHA1

                                      f5ee9067c3b062c1b4656a729f089cb6d797b819

                                      SHA256

                                      c06f97404b4f8afbbd49c2598b7e43ca2d4922b172728edcabb624ac1fa37506

                                      SHA512

                                      bd9bc3c85b92e96041ac73057861846b0012fad67e06e0b0516c64cc0b8e0cc990ddcdb8dc5df6a8e01031a481e74cf8af9aea2f95b2aa6b549ccaba9597b474

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      10KB

                                      MD5

                                      8c06c004623d2002add7d78aeb0d841d

                                      SHA1

                                      56829c533ca3a7b100bee6f0cb0626665f753fb0

                                      SHA256

                                      97529b7a1cc60e1ecdbff19509291248a006c183dfc9d550949d4483aac28116

                                      SHA512

                                      80aba7772dc0f033973ef50825f8eaf924306a89c529674c871c6c1b4e031fa76ee76b8557cf9b22170f25a43084d518efa248052f62100e6e3021fe61aa5322

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                      Filesize

                                      2B

                                      MD5

                                      f3b25701fe362ec84616a93a45ce9998

                                      SHA1

                                      d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                      SHA256

                                      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                      SHA512

                                      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84