Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

Electron V...V3.exe

windows10-2004-x64

9

Stub.pyc

windows10-2004-x64

3

Resubmissions

24/04/2024, 15:17

240424-spbqrscc51 9

24/04/2024, 15:15

240424-snd5hacb99 7

24/04/2024, 12:22

240424-pkdg1shg6z 7

Analysis

  • max time kernel
    501s
  • max time network
    511s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2024, 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stub.pyc

  • Size

    875KB

  • MD5

    a5b02766ae84fd672f81f12723a7ed37

  • SHA1

    51011996256eafcb2fb0b949616d60ba2c1062d7

  • SHA256

    6f017cabf36994090d0d9e29fd846dbefaf5bc9722b1b295d93efee08002b23b

  • SHA512

    1be3e3d56e4d513ac55055b9cbe006790b618f6778c1b8dd4f93cc217a0adfd7ad4528e0b11dc1c03362ddc12bb767573cb1e26580f0049f044494d9e1374726

  • SSDEEP

    12288:VO6ql8Lop/9qUSDPqm/Irh3WppefRmRG6ZVpC1AylV3VBLc7PEDO4eKaK:VSeLqlk6h3m1Q71AidDcKL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 35 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Stub.pyc
    1⤵
      PID:2612
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4700
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Stub.pyc
        2⤵
        • Modifies registry class
        • Opens file in notepad (likely ransom note)
        • Suspicious use of SetWindowsHookEx
        PID:3564
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3740
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda53046f8,0x7ffda5304708,0x7ffda5304718
        2⤵
          PID:3660
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
          2⤵
            PID:5076
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1932
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
            2⤵
              PID:4244
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
              2⤵
                PID:4168
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
                2⤵
                  PID:4044
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                  2⤵
                    PID:3172
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
                    2⤵
                      PID:4424
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 /prefetch:8
                      2⤵
                        PID:4456
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3136
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
                        2⤵
                          PID:5200
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                          2⤵
                            PID:5208
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                            2⤵
                              PID:5452
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
                              2⤵
                                PID:6008
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                                2⤵
                                  PID:1740
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                                  2⤵
                                    PID:2164
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                                    2⤵
                                      PID:5688
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5540 /prefetch:8
                                      2⤵
                                        PID:5824
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5532 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:5840
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                                        2⤵
                                          PID:5324
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
                                          2⤵
                                          • Modifies registry class
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of SetWindowsHookEx
                                          PID:5680
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3234004111540187221,18445165892951898675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6540 /prefetch:2
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:456
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:4700
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:2596

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            cff358b013d6f9f633bc1587f6f54ffa

                                            SHA1

                                            6cb7852e096be24695ff1bc213abde42d35bb376

                                            SHA256

                                            39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

                                            SHA512

                                            8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            dc629a750e345390344524fe0ea7dcd7

                                            SHA1

                                            5f9f00a358caaef0321707c4f6f38d52bd7e0399

                                            SHA256

                                            38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

                                            SHA512

                                            2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            2KB

                                            MD5

                                            26be641fed22ed422ce4029082768b49

                                            SHA1

                                            f3d1afe45656493c2d600c6c94e15f52180b8a5d

                                            SHA256

                                            4954bf616e5844a770e9e0ac3d8a142f9631169d096a6792d6897e3aca1028af

                                            SHA512

                                            79bd369c80e393188bcedc9a1a7acb5a85313452a08caa7569a904c12f6211824d3e15d3c2bcb29188d7b57e13aa44043e251e469443fcdaa8da115f56582ba4

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            2KB

                                            MD5

                                            bcee2dc0bb15cb1829ecdce517f61e8e

                                            SHA1

                                            af398546cace8c648ef79e4c2403bd71f7928d5f

                                            SHA256

                                            d5888a6e34869e01071509cca19ba69a211812b206ce155e56504078249f6232

                                            SHA512

                                            e54a4aab57951cd707e7845a496cd518ad91ad13822c0a40519d0e402691d018c9fcc12a23dec6242a4e2d9b8008a9025e91686404a2c75a0d778a23307bcdfc

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            1KB

                                            MD5

                                            d22a094d4961fea6798a036de3564c58

                                            SHA1

                                            1b92e53d353e2e9fe7d0149cd494bbebe2e3df7b

                                            SHA256

                                            22312cc85c69f0123eb48d975398d8d6415da09844bd3e1342513b6a69e2cc96

                                            SHA512

                                            b1835f8831588bb1df95551a9d1ff29fe0dac8c8e1c16335edb2c5c683df61c6bb45cf2a67d51556c5f6f111721d2c50417e3401e8aec38a5693c88b4dbe4d37

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            111B

                                            MD5

                                            807419ca9a4734feaf8d8563a003b048

                                            SHA1

                                            a723c7d60a65886ffa068711f1e900ccc85922a6

                                            SHA256

                                            aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                            SHA512

                                            f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            111B

                                            MD5

                                            285252a2f6327d41eab203dc2f402c67

                                            SHA1

                                            acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                            SHA256

                                            5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                            SHA512

                                            11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            1KB

                                            MD5

                                            594ba19e0b08974386c2298d8a9dad16

                                            SHA1

                                            8a13603e84fc9f8cbe58475a7759489b7bd92101

                                            SHA256

                                            17b6789d0159561164aec1648730efee7963af9b7947d528ca48e97245160e13

                                            SHA512

                                            2a25b046cb97a089d44474f69cdcfd16ebbe2aa78af327b01c485e65f494f33283371540eaead1619439789689ac134ebc612462fe50f16d2fcf665450df55a1

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            7KB

                                            MD5

                                            5e73d28e21be021e5c340c14f53bc3d0

                                            SHA1

                                            addcda0b0bb8f8bfd6a9814486d82a5408570295

                                            SHA256

                                            3b60910e84b7a70098349bc2d8a675fb7137afc974396a5fa64fffe5dc27413a

                                            SHA512

                                            da6f188b02744c1afc6741b6ead87589fe5425e1aba80dda70dc490fb8ba989c5209930f7d25b196623fc661c2e95e862d99c4edd370818845a8d445799975f2

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            adf09c3dbc3fdb1ae5d0e9b3be79b3a8

                                            SHA1

                                            6a46ed94c1d2c0ec537b76e8b8959bb9d082a7a7

                                            SHA256

                                            3e0058ab5f3ecdd8a7eee5c44b1dc1e6e994b2ca12bbda2e99b2829ba2d31676

                                            SHA512

                                            83213ec6bdd59c107f51ce7bdf92b447357c88c32d06683964f7033171060e9c4f32ec5b5256c15cfb46c1e0aa260b2f8caf07a6a85fcafabdf9d5bdbdb76b0e

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            d65f6b01fafb929bc67432c5d75fe7a6

                                            SHA1

                                            17a931830c68c420600cb684ed47ddf3a34c1a4b

                                            SHA256

                                            c1a6547e1fb44ae35f93300bd8b3a6dec8107f63e486fb5bea1e0196f8785a00

                                            SHA512

                                            24d691bc377be868803102a9ded5708fd51250ea067e4a0d35766397b546a60cf864578d3cda21fdd3ec867826fa4af62e7924121adf28b8491cdf01e0f76523

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            125d5514dcbc96da5d108828b7b1304b

                                            SHA1

                                            6d43aa538e5b346bce05bebbdba37d621ac47a57

                                            SHA256

                                            7fd33efed9d9587a81a08f9fa01e8dfcf0df21d8c98719fdf56ba4de717fc647

                                            SHA512

                                            546fdca014d12b04edb9887a62890b2769da19209da8b95adb3a4b1ce1c18d82bcde8d0b0cabaef6e3cdc1e7b2bb8ed89f03f3af4f60a963cf0edda2b1de1d2a

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            7KB

                                            MD5

                                            71dcaa8e57da13868fd9392ce4141ae8

                                            SHA1

                                            988d3d628bb02d759bd7e821ec86003574bffd6e

                                            SHA256

                                            f513d03ba973ac150a96ac0f760e292dc6723afe9171595bbbf195ce977d22ff

                                            SHA512

                                            21e653bd4b2e49c4be6de3b326d187f6be0fc81e1a9c0ac479c1e68384dce8977ab07e4eea47d8a536a4fef52573f9f53cf41a8e4ea2fa845e5db12f30be34f9

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                            Filesize

                                            704B

                                            MD5

                                            feeb0fd9a4e03800cf2305902d632adb

                                            SHA1

                                            594c335a36f5784453d7a07c24a6b5653d8cec44

                                            SHA256

                                            1652762ea4a902ac5055ce414a5e43264eefb36c86bd6124dbab3a6f11c616fc

                                            SHA512

                                            f2d0ecc32d1cc1663fddee044e1df5b9293ccbd2fb7ccabbeef5d1078c30144ac1c1737d129aaf9e7bf1186c29d86c5082968d94a33563ddaf3f21b0a3bde3ec

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582805.TMP
                                            Filesize

                                            368B

                                            MD5

                                            cbfa2c1b6367f78b8134e436ea33af39

                                            SHA1

                                            0cd1b527c6f011e1082e4e11ede6b7ab9a40590f

                                            SHA256

                                            41f1e459f9eeb6c136659074b68701565219dae6b33efb56137b43188e82e1cd

                                            SHA512

                                            d7f3e03074fa81f5f3dfec9fa99c147fc1888e8fbfcf7d6829e2c1df9c9c95ad8b72053950a872e6e159d8175a3ba813fb2a4ec6fbfd66672d837666225382f7

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            6752a1d65b201c13b62ea44016eb221f

                                            SHA1

                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                            SHA256

                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                            SHA512

                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            11KB

                                            MD5

                                            f398733e55c02ad26c8faa71ceb6f0f3

                                            SHA1

                                            0d9e35263e6321ba5f7edd7ac66ad9aa2e56546b

                                            SHA256

                                            725744591481709e949f211243cb2c79c8c4695476e20cbc644dbe6dec64095b

                                            SHA512

                                            c4b1831821f2931c6aa118c0c4bc710a6f13e81c640016b5ec62a14bc7a59491760ede64701faeb1660c98c08e38c4abf36864765e63090519d40b0fd7c71e46

                                            Download Submit

                                          • C:\Users\Admin\Downloads\Stub.pyc.txt
                                            Filesize

                                            875KB

                                            MD5

                                            887d11f50b6bf32e1a11f6f76f1c2d00

                                            SHA1

                                            6fb2983b70a6f9e2c2058f0106a8ebd182b43b9c

                                            SHA256

                                            72ed15611d87efe07cc2124052251724596661479356f3aacab51e24311e6d29

                                            SHA512

                                            abdff82b7494144efd61482927288a57972ff555b1275e246118f2f00c346e98dc3fa2b2bd3bc3cdfa416d4279f0317e9c9fbfb257c6da0effda6d9b9e8eddbe

                                            Download Submit