Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

URLScan

urlscan

1

http://veiligheids-c...

windows10-2004-x64

5

Resubmissions

30/06/2023, 14:51

230630-r8fy6aee6s 4

30/06/2023, 14:38

230630-rzs75ade32 4

30/06/2023, 14:32

230630-rwfsmadd99 5

Analysis

  • max time kernel
    208s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/06/2023, 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://veiligheids-centrum.dynv6.net

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 8 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://veiligheids-centrum.dynv6.net
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4428
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4272
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffad32146f8,0x7ffad3214708,0x7ffad3214718
      2⤵
        PID:3508
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:4300
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4548
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
          2⤵
            PID:5004
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
            2⤵
              PID:3632
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
              2⤵
                PID:1388
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
                2⤵
                  PID:1060
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                  2⤵
                    PID:4400
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
                    2⤵
                      PID:2224
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
                      2⤵
                        PID:2236
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
                        2⤵
                          PID:5060
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                          2⤵
                          • Drops file in Program Files directory
                          PID:1940
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff713d65460,0x7ff713d65470,0x7ff713d65480
                            3⤵
                              PID:680
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1540
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
                            2⤵
                              PID:3632
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                              2⤵
                                PID:5212
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                                2⤵
                                  PID:5220
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
                                  2⤵
                                    PID:5400
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
                                    2⤵
                                      PID:5392
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
                                      2⤵
                                        PID:5988
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
                                        2⤵
                                          PID:6116
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2808 /prefetch:8
                                          2⤵
                                            PID:5304
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
                                            2⤵
                                              PID:5408
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
                                              2⤵
                                                PID:5388
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
                                                2⤵
                                                  PID:4708
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6978414693078341199,765594040514711556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6148 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:924
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:3004
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k netsvcs -p
                                                  1⤵
                                                  • Drops file in System32 directory
                                                  PID:4608

                                                Network

                                                MITRE ATT&CK Enterprise v6

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
                                                  Filesize

                                                  717B

                                                  MD5

                                                  60fe01df86be2e5331b0cdbe86165686

                                                  SHA1

                                                  2a79f9713c3f192862ff80508062e64e8e0b29bd

                                                  SHA256

                                                  c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

                                                  SHA512

                                                  ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

                                                  Download Submit

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6E3BE2E7273DD3339272753F02B8806D
                                                  Filesize

                                                  503B

                                                  MD5

                                                  f51cbbcfabf41c45d03fce98c51d9efa

                                                  SHA1

                                                  45a3f1dba7907f4104510e6e076a01580b06eb9c

                                                  SHA256

                                                  f1a04d6bde992fd9b3441001feff609d1d862fef62e71765a475b3fb26844e54

                                                  SHA512

                                                  01993c460ce291c0433c0556d9ef2a6e27e8349dd4fcdfff668f97f294148f127bf64c92c1ae8679fe32c1e3963c43565b90cf868d90f4620efebc843c3e9079

                                                  Download Submit

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
                                                  Filesize

                                                  192B

                                                  MD5

                                                  29d41d3099cada88d08ec367884a6749

                                                  SHA1

                                                  ddaef8a537abc0da31d448cec7bf45a6e4a45f4c

                                                  SHA256

                                                  c9d8291d65631e6d001c1b00a17edd13e0033c62ea8eb26c0dab61ffb2fa4b89

                                                  SHA512

                                                  32faeb2c5cc7683ffd43f46b3deb2ffde5f291d3527f659f007a872ccba4d3363d03b1f3788da5438290c93ced0c425c5bbc0aff8bd393519d3a1bd6adbc7b34

                                                  Download Submit

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6E3BE2E7273DD3339272753F02B8806D
                                                  Filesize

                                                  552B

                                                  MD5

                                                  c49c4b23cbdb8f09d9ceeabe3a34787d

                                                  SHA1

                                                  61c0c07576a98ece4b45faa9e140b6f2e98cfb87

                                                  SHA256

                                                  80d94692e1a14cc4917c6201ebcc0dfcef37cf149c8060d75541aa45a59c4229

                                                  SHA512

                                                  661051346d8efa3ef6dd58fd4fbfb2bfc6a32e9715c2bd9f7142b2f14809b8868ae0a3f1ca64ede873e67c93d39016b18e4e08ca2976cd618cf51a1be9bccaf5

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  5a9f76dde5876d055fc0a4a821de6d02

                                                  SHA1

                                                  3cb30f2ff875cff6a4e4be0c7506254e076ad4df

                                                  SHA256

                                                  323204c96cf3ed35bb893c2f20a444cd0c7aa0b44749174b7b22ab351b2edf1a

                                                  SHA512

                                                  b805309fbbc622f2e47c9d4397662713b37879d0ea0602675c0894e655b9dcd34d483a02c6bdb73b5c6ce084ca7523e038104bce428a5bc7be3569c0d18b9091

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  48B

                                                  MD5

                                                  23c2f2842df48973eb2e2efaaefddf96

                                                  SHA1

                                                  1b5b1977798287dd951aa5ddc908ed834963688b

                                                  SHA256

                                                  dc29c9d26ac9a37e8eb0a4ea4766fdf8b717e6ba62098280d8a56ed445559186

                                                  SHA512

                                                  70f1bfe49cd69632e454fcbf59aaa701c06bfcdf9315d00d2444986d7c304d3eb5b7854e26b0399ef3342b28b5f4b7fb16d13d3486ea9f7188fe38c5630ba3f5

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  600B

                                                  MD5

                                                  f3dc615d6097e9b2e2446550f089a717

                                                  SHA1

                                                  49c22d62b1abd003f00cbebdb6449ef706247edd

                                                  SHA256

                                                  ca0415b7adee3e529224c44dd06c358cb1c6393be705df3879bff250846c281b

                                                  SHA512

                                                  8444e20b6908e1a2f309ba77b68e082eecc068cb72bfb8576f36e1938e2d3d225dc17c413518d7c8aee5f08596d5f984f2acfd18950be6108b1f563886d09d35

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  87a8cace9bceeef3547a98992db83a9a

                                                  SHA1

                                                  94c692f4082635e9a6f4bd2ac3795279526ec232

                                                  SHA256

                                                  02fbbaf8fb796b4af592523dcec1529e220f5802021794bbcd856b34a51be74d

                                                  SHA512

                                                  7736380c557059b918ec29f07f141258ba3a7033a343273052fa6b2bee255047a72d6d010baaedd101809b31b3adbabb7ea4b0bbfbdd321f43e73cd408d45c18

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  111B

                                                  MD5

                                                  285252a2f6327d41eab203dc2f402c67

                                                  SHA1

                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                  SHA256

                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                  SHA512

                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  972B

                                                  MD5

                                                  f0d7e4de5db8c0d27ea7c1d6b50e76de

                                                  SHA1

                                                  9379290554d98298909a5b3c6a31f385d9e9c287

                                                  SHA256

                                                  cf89181ad5bfe566ffe768e12c8efed8695113e8271dae464a2d94827fe8fb20

                                                  SHA512

                                                  b3d0946394b5aa12138ab322dee3fa846312712a830209ec3c306fcc49a250a834572ca058d2e24a7a4e000336690470d3399a26c9cfd2424ae8f94bb85d64b4

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  0c63c0cc58041980711d58121ed76a9f

                                                  SHA1

                                                  82a9100e4467fc71e1f1ee3f354fea50e63f3300

                                                  SHA256

                                                  22592a506aa2d749d93818aacb25dc580144ac6fc888cf03eab62060c1a2038e

                                                  SHA512

                                                  c71483d0d75ead5100f4cd9af64741e4cb8c75ee45931eaa916ef9f1799e2aed400320aeb76dedc85d468a2bdfbba0f556d8ce2741838c424f68361d43745e26

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  6e8a050474c70ad380217920a150e568

                                                  SHA1

                                                  dbd863562335132fcc75c295f3a90e4b0609e742

                                                  SHA256

                                                  212f006091e55f87e6a83ce8cff4686e24aa7ab3f91bb9c0a6c2688439d0866c

                                                  SHA512

                                                  43817981eb8fecc3249888e277a8f54e9ed638f5872eb1b9c8c8964e16ff12a5cb34dc4b61c292ad08ca56514cbee383fb82c6a79cf802c4e9109d2a9827a4b2

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  74918d3c3727a3325ed8fe63ce236694

                                                  SHA1

                                                  da8fdb7752721fb47768532ef052ba26decbe4e4

                                                  SHA256

                                                  c33c30912c99224149212acbccab2bd0f189f365d516461861847cd5736233db

                                                  SHA512

                                                  f0ebd0248982f3d17d6eda3d918887d1dfb5728e738b62afbf032f219f666385c85b7c6ca834c2e3ad71f4b2954943ea77b96fa7b250e65f12ffcd476eda9f3d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  09b3e2335981e822c6275b137abbdc7c

                                                  SHA1

                                                  36e9b92612be78793077c825aab5c08e66aeac3a

                                                  SHA256

                                                  6a98071bcceda766eae9c98d591c42af7b9f8430668a6414a088cbec8afd0524

                                                  SHA512

                                                  2f3f37f2d192f0ecd7643c8333efd1054fff1fda115ae2cce628436ff787c60192774c06dcf1c0a5652bfcf8c299f6013a25e30189ac8809d808da0a6d028cb8

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                  Filesize

                                                  24KB

                                                  MD5

                                                  3922931a21a66290ecb769f2d79cc417

                                                  SHA1

                                                  d72bc5af3b2da078125ce71512249f67765624c3

                                                  SHA256

                                                  0eb33cdbc3b30f2dd68d3e4de912b61c6f29f3ddbf17b8e83948e9243763b8d4

                                                  SHA512

                                                  e4b1c22b64afa2120c2ae1385374747b04ea4b509fef1a27384755d57cfd4a86008cbf9af7095a1955c9934148b38cf7aa32b036d08702cbaa0ec9f5f59c3987

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                  Filesize

                                                  24KB

                                                  MD5

                                                  b359167b3568d1b4953adefdef0deb24

                                                  SHA1

                                                  98405d3ec52edeed62f8a42bfe766ecf395a95b6

                                                  SHA256

                                                  177289a899357233597b059fde47b7e54aba35ca95e2a2201fd8d3ca68273578

                                                  SHA512

                                                  28efc3e9bb0350c2229ffdfc0578c0ebc8276405849480c1762c75d616998f6ff654f7ffde3cf0676b62b583b5ec207e514040de1a809b465bb9e734e29c96b9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  206702161f94c5cd39fadd03f4014d98

                                                  SHA1

                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                  SHA256

                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                  SHA512

                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f56ab7f1-3109-4cce-836e-b62fed94a38d.tmp
                                                  Filesize

                                                  70KB

                                                  MD5

                                                  e5e3377341056643b0494b6842c0b544

                                                  SHA1

                                                  d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                  SHA256

                                                  e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                  SHA512

                                                  83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  46295cac801e5d4857d09837238a6394

                                                  SHA1

                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                  SHA256

                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                  SHA512

                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
                                                  Filesize

                                                  41B

                                                  MD5

                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                  SHA1

                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                  SHA256

                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                  SHA512

                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  13KB

                                                  MD5

                                                  60faa9876ed4397a4ccc605d5848d49a

                                                  SHA1

                                                  eebbec199642b61a674986aec35bba9127b5a658

                                                  SHA256

                                                  a0c05f840e2cbba976104912e7cbccd1354e0218965dc54f656cab49d3d4b99f

                                                  SHA512

                                                  c3edbeba0c9f6dc66b7304cb5d39e311db53aee952bbf79832cbd62e8b62463db970479cf3eef2d297c8287b4e0714cd57d627f8250617f0ee6ac06e509379d8

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  13KB

                                                  MD5

                                                  bca7e630e797c80e5c9bafd150a09272

                                                  SHA1

                                                  624de44cd44873ab85aa955f241b55e16ad7c846

                                                  SHA256

                                                  a19a491c29ee755c7b30b1f97438a7f042bc94c088cb529e67bbea32467c7393

                                                  SHA512

                                                  36c74c7e80b84a5d4003f2ece94609b387ad2f20cabb63ee2ef716e0df52976c10dc534421f6eac59ed2c1ad43f339a02ce01c28b7decc020e8413bc2da4abf4

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  9KB

                                                  MD5

                                                  9c2723af1558d6da5809430dbc45b88e

                                                  SHA1

                                                  3492a204c46d49ee0b8fdc96535ece34c58ac4e0

                                                  SHA256

                                                  2c2c11c9b8ccf9db44075a06ad57755293802f1fa05316cb2f7dc2243d1de32b

                                                  SHA512

                                                  800f48183eb98f3811a799eb4b246d1ce0cb1149b66c89643119147fd0980e7077779ecbec18d774f62242bb31cf66b6d5e7340388c9f6ac4ee8e3c333af7c17

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  13KB

                                                  MD5

                                                  17b7ea14ef43b39bf08438efeaddde3d

                                                  SHA1

                                                  2ef6135cf6ff9333bd19a6bf7133a1ef84975b31

                                                  SHA256

                                                  d4d4fa259ef36447037c3fd7c37c6a5cef4071bac00ee5aa863f9df323da28b1

                                                  SHA512

                                                  f1b33522b69f25da5a01f0fee8b966a9e820d61afe60af579fc7418332a83e9c022bf333021e3965e8cfad045573c70ce83f949731b88c0d7b96a2c77442cce1

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  13KB

                                                  MD5

                                                  2d5d248ae410eba493641c9d43d061c9

                                                  SHA1

                                                  3a25168368d1742c638e2b162e64ea40d20998c8

                                                  SHA256

                                                  2634a87790804b57c7638a0ddb1e6d9f6ec8a3c574525dc51176d59b40ce5c5a

                                                  SHA512

                                                  1210a150514874c1700e902d9f3611b8e672141c35a7d3ef5b1a61a9b9b0977aa38771d6436e188cdd918454ffd5b0ef2f332c2e48a4df996e66feaf8c88af4e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DNCPX4JR\suggestions[1].en-US
                                                  Filesize

                                                  17KB

                                                  MD5

                                                  5a34cb996293fde2cb7a4ac89587393a

                                                  SHA1

                                                  3c96c993500690d1a77873cd62bc639b3a10653f

                                                  SHA256

                                                  c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                                  SHA512

                                                  e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                  Filesize

                                                  3KB

                                                  MD5

                                                  35bec79f0672de1c81cddd9f0eebff4b

                                                  SHA1

                                                  3f8ab8b4d0d5204cd254cd347f9b453a12d414f7

                                                  SHA256

                                                  3958cbc04a644bfd3fd553a141f0f807453906c81c058e6f7f38b0d7d486855e

                                                  SHA512

                                                  0012e51ad202d871dede0abc8190871838de65730b5c4bfa8ac67cfeec64097c0c429a6af11f21b6eb19a82fbd56373294aebc6c37d4d251f7f5d59d2bc99e5a

                                                  Download Submit