Resubmissions

21/04/2025, 02:19

250421-cryejsywgy 10

20/04/2025, 20:48

250420-zlscnswry2 6

20/04/2025, 19:51

250420-yktcxasxfz 4

Analysis

  • max time kernel
    139s
  • max time network
    131s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/04/2025, 02:19

General

  • Target

    6548553-Melissa-Virus-MR73006.html

  • Size

    26KB

  • MD5

    219b8cdbb5c910d97ba303fc1fb38a5f

  • SHA1

    fafdd244dcc7abb9f6835f4c337abea5fb5f688e

  • SHA256

    033316a58bf3b03c009304a59098d4af10944bb1022a997eb919eec3465959d2

  • SHA512

    f6b8d81c82c1427fb7c496e042dc4b4bc2ac2308dba2a4734c8e27da1b5c978ddfbea01cf0be091622dea02668c315bdb211440bf880f84ab76f7aece2148dfc

  • SSDEEP

    768:SMm5telbx4j7AYRcAdkaOBEqiCUvdGcwCc+z9FCr2odr/zocQMPNBRBT3SR/5ruN:SMm5telbx4j7AYRcAdkaOBEqiCUvgFCy

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 14 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6548553-Melissa-Virus-MR73006.html
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x350,0x7ff91ca9f208,0x7ff91ca9f214,0x7ff91ca9f220
      2⤵
        PID:5276
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1784,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:11
        2⤵
          PID:4436
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2264,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:13
          2⤵
            PID:3740
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2244,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
            2⤵
              PID:4544
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
              2⤵
                PID:4720
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
                2⤵
                  PID:4568
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4696,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:14
                  2⤵
                    PID:2728
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4740,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:14
                    2⤵
                      PID:5740
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:14
                      2⤵
                        PID:3920
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                          cookie_exporter.exe --cookie-json=1136
                          3⤵
                            PID:696
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:14
                          2⤵
                            PID:4424
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:14
                            2⤵
                              PID:5776
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5764 /prefetch:14
                              2⤵
                                PID:6044
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:14
                                2⤵
                                  PID:3680
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:14
                                  2⤵
                                    PID:4800
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5836,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:14
                                    2⤵
                                      PID:4564
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4980,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:14
                                      2⤵
                                        PID:3408
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5804,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:14
                                        2⤵
                                          PID:2140
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:14
                                          2⤵
                                            PID:3124
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4920,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:14
                                            2⤵
                                              PID:804
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5948,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:10
                                              2⤵
                                                PID:2696
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6012,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:14
                                                2⤵
                                                  PID:5580
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                1⤵
                                                  PID:4724
                                                • C:\Windows\system32\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                  1⤵
                                                    PID:1200
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                      2⤵
                                                        PID:1116

                                                    Network

                                                    MITRE ATT&CK Enterprise v16

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      280B

                                                      MD5

                                                      978d790ea9bbd3b3113b1d32773304fa

                                                      SHA1

                                                      61c9b3724e684c2a0507d7c9ae294e668e6c6e58

                                                      SHA256

                                                      36c686a276e904607d2a18c2a2fc54467fb8dc1698607f5d5a6cefb75aa513c8

                                                      SHA512

                                                      d50740255d20d2a5e6abdc78f4fe9ef6e832f2ffe9ecc200916a73db1e0dd37d67d88996b315e128bf5b77bb110e4e8c29905aa5d90b83019be2cc8127d0dfc5

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                      Filesize

                                                      2B

                                                      MD5

                                                      99914b932bd37a50b983c5e7c90ae93b

                                                      SHA1

                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                      SHA256

                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                      SHA512

                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                      Filesize

                                                      107KB

                                                      MD5

                                                      2b66d93c82a06797cdfd9df96a09e74a

                                                      SHA1

                                                      5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

                                                      SHA256

                                                      d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

                                                      SHA512

                                                      95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      d84b2cb54a7644589e503354d11d5cf0

                                                      SHA1

                                                      89d27492bff5d95e26c130d499c7561db6efb607

                                                      SHA256

                                                      35561106b6cf77f20520ae0c81f48c0086f9206011fea30f414b073ddf4ca9f1

                                                      SHA512

                                                      bcfc53801297abff96674f04c5348a5e20cd3bf6c657a68ac2410b87c3b9f41a9e680532851423db4a7621b161ca9065f331abec22e93cfb47d3c600ad0827ba

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                      Filesize

                                                      2B

                                                      MD5

                                                      d751713988987e9331980363e24189ce

                                                      SHA1

                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                      SHA256

                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                      SHA512

                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                      Filesize

                                                      40B

                                                      MD5

                                                      20d4b8fa017a12a108c87f540836e250

                                                      SHA1

                                                      1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                      SHA256

                                                      6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                      SHA512

                                                      507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      15KB

                                                      MD5

                                                      b4d07136863f6cf396ac2f1ca0e506cc

                                                      SHA1

                                                      841cbc9810493a3445683408eb9103e428c32c5d

                                                      SHA256

                                                      efbf229a4e0825eed4efb25633d917cf23b11f45aab7b71f8e9dfd0f05b0b512

                                                      SHA512

                                                      5fc3c0a58c6aef042bd014ae2fbedfaad102bc827b5aed353682ec3dbec36ff47a69b9a9fa4173ab4568373e2dab6866baaaf2275ed94e28ca46ad770e41444e

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      15KB

                                                      MD5

                                                      c5fabb4e319b52c40eaf8ef78fc7332b

                                                      SHA1

                                                      0facb2dd52e4937db4dedd219d3ac3b512eb4211

                                                      SHA256

                                                      e06c1e48e7baad42205aabc246202549290320442dc30f0f9ce727cf0a58a8df

                                                      SHA512

                                                      5c9225d7a68f16e536e3afccfd216857fa3256d1fb57eb80df39426503af3cbad7b57c7645f7a25931ecb37251eb430931135da8f238a03ef910bdbb4d3aa332

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                      Filesize

                                                      37KB

                                                      MD5

                                                      f7fc62178982c16927e4f374f3556792

                                                      SHA1

                                                      d47e23cfedb08f34d5d2c64733a7bdd762937f3a

                                                      SHA256

                                                      43702bb34b575b5e155ee1e94646829d8149450d15451acd679831cf8f2a3a39

                                                      SHA512

                                                      39ad375fe975b5cff56c8ff198b436951ec4b24c643b8ac2bfd03d5305609568642df6aa90e9c51b69a1c6ca14d079566ab2b0205913a62ab8c8ee2c6fcfc351

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                      Filesize

                                                      22KB

                                                      MD5

                                                      21a6a6b93929b9f9fad70833b0190d20

                                                      SHA1

                                                      3c25dfd1068fb0086833934f05da95d35def5af9

                                                      SHA256

                                                      ce9692b712e58f529b7417b37529e9db967aff8433758f6ba877881b1375a26e

                                                      SHA512

                                                      2dfd3e2a3c555130f3ea1eeb368904b50dac8f3b889c0af64261e0cd5a32ff847f1eb40efbfa707797478f95741d74111aef6d8ff8ac5b27431a17feb19bca4f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                      Filesize

                                                      467B

                                                      MD5

                                                      5d2f73605d83517489c415310935fdc2

                                                      SHA1

                                                      610ead0f9385379542e95db3c19c0ce55f377816

                                                      SHA256

                                                      5a3fd34853e2d06b33bfd480290be69bf4939a55e85a98212db753776f74a8f7

                                                      SHA512

                                                      3155b64ff58483edf26b68d2a9f1d00e68335afba4be9f06c9778ef571e112c8434a271cf81d702f6cb728b98cdbc2572a415ce1ad540059be7f698ce446084f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                      Filesize

                                                      20KB

                                                      MD5

                                                      7dcd381e34f2d96bbb5d15c0ebf30820

                                                      SHA1

                                                      a2edb2501d83579d01535a2f6d014a8db412febb

                                                      SHA256

                                                      2957a70027cbc14b4c2bb30eb87a5572a9ead9a5636e4ee5c79bde3f5c7ea489

                                                      SHA512

                                                      a4fbb96b20e6d7f95a0cc1e51d70a4462dbcab3cdb5d278f2e908a310b4360ced730f45d77019c4fdd7d465e797a324aa2aa130ab8159ea58853e729683a3936

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                      Filesize

                                                      900B

                                                      MD5

                                                      aa347df55fc4171b943c497ff3d96c45

                                                      SHA1

                                                      6ab2ecdfd5f5662200961923bd3175f4d73ce705

                                                      SHA256

                                                      b401e3e05c54ab29722a03038286d0289fee803c5d40332bf2972ebcf3d6272f

                                                      SHA512

                                                      34da03243ffd5b1861c6de7c0bafeec09dfc94a6b1893656ecac9d8986e214cc6770a7b7f7cf227ac10bdf049d4238a605425840a4b7b85edc7106b1bcf34e78

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

                                                      Filesize

                                                      22KB

                                                      MD5

                                                      3f8927c365639daa9b2c270898e3cf9d

                                                      SHA1

                                                      c8da31c97c56671c910d28010f754319f1d90fa6

                                                      SHA256

                                                      fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

                                                      SHA512

                                                      d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      54KB

                                                      MD5

                                                      51ab801a780d1c380d2cd779e0a8f835

                                                      SHA1

                                                      b190f46826615d335c057a6fff8c5998bd181863

                                                      SHA256

                                                      b46780534730a8a2ad0532734720a881ee01cdf15fa689020b81e388f81afecb

                                                      SHA512

                                                      9aaa665365dd03efd8c1e5049ca772e99d2adc29a33801b982a6663ba37d0a4853e27bb02005dba168910c26a3ea3138bebab57abd2d8299ca250dba870b9ae0

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      40KB

                                                      MD5

                                                      73db6c5bfcbf52f815a08f275b5efca5

                                                      SHA1

                                                      ab8139c5e002442ab3d8155d6fb3bffe0022bcea

                                                      SHA256

                                                      fe74f7e3eff49188780f1d66a85d50ac08d649fedcbd489f2211ba5c828eb841

                                                      SHA512

                                                      8fc7b4a70732957f419755525c918675aa6cdd004f3a5327d0bd642eac6d7f0752325fce52f2c65460be6d78a629c2fc39511a3e78b94ce940dd401b199e7d4f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      49KB

                                                      MD5

                                                      80f4e9422eac465d0cb839f9ec657423

                                                      SHA1

                                                      7ae7c9c8f71b2246f9db900ba17983c6ff80391a

                                                      SHA256

                                                      6800149cdb9a1eb90c8a1a7c6172200916b9fca5eb5de94332d0c4fd1d91efce

                                                      SHA512

                                                      299f7abba36fb34736f498c16548628f6d416e2d204bcb694a0177385926e7dbb601346b4027ce8c68bc23f0999a1e79ee6a4a72a6f03f87ee4dc269633044e2

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      40KB

                                                      MD5

                                                      b97e70583b04fd9b2f54d537c8c2cd66

                                                      SHA1

                                                      99829a5418053d3962daed98a1fd3b1028b4274d

                                                      SHA256

                                                      a527cd773a0c7f73ed1a001e4c439454784cd9fe56fadf8c57ab5e5c7afd5ba3

                                                      SHA512

                                                      0f50f5074323a1d7170d37d32ca6c0761cde5c4c4b2afc1380c0f7310e3fc1a0fb88b8a0e097576152b459bc1675d5fff7d2ef37b3c686a0cfcf81989990d5da

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.20.1\typosquatting_list.pb

                                                      Filesize

                                                      623KB

                                                      MD5

                                                      488a70b7d4621e059e32d395221223aa

                                                      SHA1

                                                      774b5a2124f5c3d8d210020dc53e5033b04a5f76

                                                      SHA256

                                                      8c87afec8dba2f1a072c3fbecc7fa8fb81e93a64639bf9c00e24b4bb712b57a6

                                                      SHA512

                                                      bab1b4716e5faf0054cc93a969d1a79e6ee9d11d054d102afa0ba564142f444cbe9508aa013f118b701e4ca5283b0ef5a3a4859a67709a441bcbb8b25e78ca09

                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1442292907\manifest.json

                                                      Filesize

                                                      176B

                                                      MD5

                                                      6607494855f7b5c0348eecd49ef7ce46

                                                      SHA1

                                                      2c844dd9ea648efec08776757bc376b5a6f9eb71

                                                      SHA256

                                                      37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

                                                      SHA512

                                                      8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1862864033\manifest.json

                                                      Filesize

                                                      118B

                                                      MD5

                                                      78b473ee6bb38cbb39886624887efe63

                                                      SHA1

                                                      d40fe3eba931ed08c8a68907ba20773a9987b3ce

                                                      SHA256

                                                      3a4a45d0995fcb759016fd1d875e1fc913a14236e8f7d3ae31930ee3f0477329

                                                      SHA512

                                                      92d03db5c60d0a805c896865e245e25ca43675677237e2dc38e82336cd3ac239e0dd878046d5bbfa50ec3206392857ac3305d64da6d1605e22b76a4f3e69ad18

                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_229346093\LICENSE

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      ee002cb9e51bb8dfa89640a406a1090a

                                                      SHA1

                                                      49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                      SHA256

                                                      3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                      SHA512

                                                      d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_229346093\manifest.json

                                                      Filesize

                                                      85B

                                                      MD5

                                                      c3419069a1c30140b77045aba38f12cf

                                                      SHA1

                                                      11920f0c1e55cadc7d2893d1eebb268b3459762a

                                                      SHA256

                                                      db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

                                                      SHA512

                                                      c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1