Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://tria.ge/subm...

windows10-2004-x64

8

Resubmissions

09/05/2024, 09:15

240509-k72qxadc27 8

09/05/2024, 09:06

240509-k27d7saa7v 10

09/05/2024, 08:59

240509-kx4grahg7w 8

Analysis

  • max time kernel
    391s
  • max time network
    392s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://tria.ge/submit/file

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/submit/file
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddd8146f8,0x7ffddd814708,0x7ffddd814718
      2⤵
        PID:1760
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:4520
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1928
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:3036
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:2376
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:3384
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
                2⤵
                  PID:3932
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
                  2⤵
                    PID:3272
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2428
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                    2⤵
                      PID:432
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                      2⤵
                        PID:1756
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
                        2⤵
                          PID:4180
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
                          2⤵
                            PID:4388
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                            2⤵
                              PID:3272
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                              2⤵
                                PID:4312
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                                2⤵
                                  PID:3136
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
                                  2⤵
                                    PID:3844
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
                                    2⤵
                                      PID:2964
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3544 /prefetch:8
                                      2⤵
                                        PID:4348
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5572 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4044
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                                        2⤵
                                          PID:4040
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
                                          2⤵
                                            PID:5600
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
                                            2⤵
                                              PID:5680
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:972
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1076 /prefetch:8
                                              2⤵
                                                PID:3372
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
                                                2⤵
                                                  PID:4080
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 /prefetch:8
                                                  2⤵
                                                    PID:2568
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,2133600206707820550,12368829392056303084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:972
                                                  • C:\Users\Admin\Downloads\ChilledWindows.exe
                                                    "C:\Users\Admin\Downloads\ChilledWindows.exe"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Enumerates connected drives
                                                    • Modifies registry class
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of FindShellTrayWindow
                                                    PID:5972
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:4952
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:1884
                                                    • C:\Windows\system32\AUDIODG.EXE
                                                      C:\Windows\system32\AUDIODG.EXE 0x518 0x50c
                                                      1⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:2000

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      2daa93382bba07cbc40af372d30ec576

                                                      SHA1

                                                      c5e709dc3e2e4df2ff841fbde3e30170e7428a94

                                                      SHA256

                                                      1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

                                                      SHA512

                                                      65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      ecdc2754d7d2ae862272153aa9b9ca6e

                                                      SHA1

                                                      c19bed1c6e1c998b9fa93298639ad7961339147d

                                                      SHA256

                                                      a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

                                                      SHA512

                                                      cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      42adc735c34a437e71579deed2bfbf11

                                                      SHA1

                                                      594b4414c5176f179874731e9d174890cdf25cf5

                                                      SHA256

                                                      7c16985f7e6f9d5c81dab51734b57d4bc737a15d6800d8af2acd7e9c4718afe9

                                                      SHA512

                                                      6c73a1972a8332e55fab18467ad0746f9d6238c19b6b99504e43ead15a2bcddfe88d92ce0489db4a5887b4f3ab1af476e2bc70e69ea6013aa8fadafda70716b4

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      8583b6a682eb791ea510a9d13eca6374

                                                      SHA1

                                                      6061af9937d0fa0d6776a54d519849178204ae24

                                                      SHA256

                                                      ed2c9400b2e0de4421da3816a9780ae30b98b4714d69c952aa03de643b1aed92

                                                      SHA512

                                                      9f4a4d0e9038a084797c67ac5adf282ab18acfc73bada7ac91efc5b65687a91195676635e077df8e7d69b57e9fd4ebfcfb37bb9e64916ca849f3c8b51ad492af

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      856b0152e8b9d12f98921e217344389f

                                                      SHA1

                                                      0938eeeff76871052e29e9756e8dadbceaffde87

                                                      SHA256

                                                      58f48cde024e3ea57becfb67a5fc62bc229d723b7c6f974e091569c4873212fa

                                                      SHA512

                                                      4393d856743fba04ee419a6261af05dc1891d02b12465df48cf4ec6d426351bdc592eea1ead1354fa8bf94e6ed64af6874bf625dcee6b7a73875cf97538342a6

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                      Filesize

                                                      216B

                                                      MD5

                                                      428acec401d59ca5e72c6edf0241f78d

                                                      SHA1

                                                      37697b57a146c10362c5cf465ee04ff766ee3c1b

                                                      SHA256

                                                      c31b424c323152ef3e34b7cdd1ee8d287d952b832d483bb48a6cfb7781e95510

                                                      SHA512

                                                      d0d171512934b159db2f92abf11a7c84f74e0db5fb1a2277c7b00d2b7292b84f90a50354aa3757f15cbee0c1a613e0139204d6e38fbeed0e49630f3dfda84fb1

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      b62b874ac0760f3e0402cc33cdd91c70

                                                      SHA1

                                                      7dddba487c4c69174fbd7daac93cf998bf9bfe32

                                                      SHA256

                                                      67c5270c0c74d852cb086450e7d9ce309e6e8b373d0c0576d9b73e5782b82ebf

                                                      SHA512

                                                      3642fbb7a878fadac442435c262f273f6d4daba493d354450cf676b0945b27c4fd74bc472722402b346b2c659957250c5333776ca2221fc880853512fe1ada48

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      303467b397e0a2221bf8275d775a2782

                                                      SHA1

                                                      4df79dce0393b3b0c74efabbaff01f132c0719d7

                                                      SHA256

                                                      eac7a055d0e8a1f3421f90b6eb6bb621c5f915688261a7370e4c4ec20045243b

                                                      SHA512

                                                      86284eb5c0d94fc2fbe696f76529450fb127fec39121e121135972a5c9e1892337f8625b341d839560fdfb4be68229b88b0bb3cecabb5fd9619641cad8070b8a

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      6KB

                                                      MD5

                                                      f4a5851b730426ae9c14646e7a5f9a05

                                                      SHA1

                                                      65d759dd7023622e416546c1d8d8253778e746e2

                                                      SHA256

                                                      254e1355c44fba4a11264a6bca9fe5d22d0599d6f92b08f71d1f2baeda91b2eb

                                                      SHA512

                                                      047a7d202b01b0314c4c4f6d3499312820abbb56890d2ac9d88c4c568ef607089b6bc0860e18d0f4ce9b06e0bc016cb25dc294d23363f89106c650090d5127c6

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      7KB

                                                      MD5

                                                      4dd8671e5aaceeadfb859c73e8ca43a3

                                                      SHA1

                                                      376ce43d174db94a36746bbc5b1bc0da5fd6af92

                                                      SHA256

                                                      cf4209ebd588351c44eec7a14f4f17a0f9c11144b1f4d64b4aaa923bc6d8d834

                                                      SHA512

                                                      28fdfc1f2c93abc96d6efedc5c5afdd160d4b9a800fe074bd87500d0d8107993fbe518ad80bd7f35b5e69a3bb89cde548a7ad95b6b85b0ee7a26db83b9894768

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      d156d935dd06ae9e220fb4cecae30f98

                                                      SHA1

                                                      1ef613840d14c7bfc1f1a17df6836f08e11a1abc

                                                      SHA256

                                                      b2b266e579e2796eadfe5f07d13b22cdcf860d59a885cb293f986c3a94ac35b7

                                                      SHA512

                                                      38f00db1cf002366c6859f5dc2d647b4a98f8d0aef0a7087db61084992d7ee78ec4ebddf11231edeaa25da6f6529b162298d171fd133d115fce8bd1d11b275e3

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      7KB

                                                      MD5

                                                      62f598a94abbdd090ae591bed77f990f

                                                      SHA1

                                                      8abd577952b45c8c498a678a95e95f0b145db96a

                                                      SHA256

                                                      665f7b5c753d36bb53eb1e0decbd542340a52ff31b254127b9b0c626283e43c9

                                                      SHA512

                                                      fe523176502895c02384f555c679c2f6a8d404dfdf80ea5aa31f7cb8adbfd9776f9f5d0af0365f6ee2cde2e8f7bb7e82184aad8607daa7a8f0b087745f40c4ac

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      6KB

                                                      MD5

                                                      772a26d63f39a3b36871792596f0d3ec

                                                      SHA1

                                                      d2f0fe9723a12221922e6ba3daba137498b8d673

                                                      SHA256

                                                      487d221e4e92999197a030e1d269ee739a3a47f2334230952e14d44ffc84f2d6

                                                      SHA512

                                                      83aca147c99e98aba71ee714b3ace1ddc63f6ee71e2d8ca9de3c58d07299b29dbce332791f626bacb5020ccc15bb3350113db88875a716a0372ec29ce4060de9

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      7KB

                                                      MD5

                                                      09daa99ea40d5f4b3e9d86efb874439b

                                                      SHA1

                                                      badb5dfb073967f34888598736bd229e6eaef36a

                                                      SHA256

                                                      28bfcd63ed473f751361453839ab25d9a78be6d13b01a409f38c8fd3aeb8bb98

                                                      SHA512

                                                      8fa7c171fe6098e81c98af1fae9aaed085bd2b546129be46eb73d9af2fd4d07b13563e36eae9f018787bcec079e660c2aa2e62a80873381a6c2fe3f90ebdfa7e

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                      Filesize

                                                      706B

                                                      MD5

                                                      4472385c33944e21b7b9c57212293fca

                                                      SHA1

                                                      cff4646227013dd5ab56a2c77a2a8581e559579a

                                                      SHA256

                                                      6b9c4f8d850c43dc17e19d48bbd57c84d1c5105714b7ff549679404357417b96

                                                      SHA512

                                                      29f47659e95136c25b49deae015f42af26c3f70886677f061ac172949c296c3021f28254c73034808c1e2213de37b651736d462bd471e6586847d31bf5e0ea7b

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      efc62b457b1e900563ed0442c873e7c1

                                                      SHA1

                                                      9d671fbde177d5677488b0c95884bc31c30c0cc0

                                                      SHA256

                                                      73e863170ee254fe873bfec1c3cc54a8da533f92cb1badb7d818fc161ab5f465

                                                      SHA512

                                                      945ca3ab4341295f927be10e0d174c2e0d32a304b56e4d24b4b43c28be55aa5ffd74389d01cebe481def6a83a828c9110b59c6dddd808ffb0087b0e9d0b73af6

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      1564fb8ddf021fb9ec43de5ba30e34aa

                                                      SHA1

                                                      89f104bc4c4e54e9382ee156d69e5ece7d383d9c

                                                      SHA256

                                                      46b7f818448019f6a013971e0f71cc8546a1cf84d39b2bb63dad65e647ae0c47

                                                      SHA512

                                                      53a0e84a5e17f34b56e058a490a35fb458a8df0baaa9ecfea6e473514b5e4d1fb79b514b4abaac6e305d523e5e9fef4a13ccafc427265c1decf8d8f12d25ddab

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      0fba6c4ae9243639d09a2c8f61c4dc9a

                                                      SHA1

                                                      dd3f1e1fea1682da925b306a4f12d342260937cb

                                                      SHA256

                                                      c41d00ab68b2073a871dc647da82e15af9f333728b413df361dfafbc532c0524

                                                      SHA512

                                                      1c572ab51ac5461c00a14e28604a88f14e7c3b56e8085f91e26b478f2f643fbfa00baf6c2711676f4bbbba3710160a1cd0c2a7848409fc6cc3cfabf0a109e49b

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      cc26c2c6fdcf1d5183334be1583c4cf8

                                                      SHA1

                                                      0ab03d3691f6de88d615e50f8d61321e438c4720

                                                      SHA256

                                                      219500dc26b046b3ec96cf20bd10e500daeac8d60110f22e06ae3f12fc1735d6

                                                      SHA512

                                                      c6ae6cad290553103955ab23bf4e3c69ffa39816116768a35ddfffdd5fba58d0f86d85e4db471e84da2fed0f15b3ebe16a669e147a64d3b0bdea310bef69539f

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c95b.TMP
                                                      Filesize

                                                      204B

                                                      MD5

                                                      2deef420a21d9e5e6a7ac9855827b184

                                                      SHA1

                                                      0171131963d707fb2aab67f8731620cc8f45cc87

                                                      SHA256

                                                      c61ba9e70c8c98d9f2ad486be42565683bd19995611c297525d0fdc9e554afb6

                                                      SHA512

                                                      75212d904838465d7b6d8afe534ac208c041cc060e175b400f23ec6268abdf5f6eb3a22cc42565646686de3a17a4bd3cf73758d4003f0aa45ddabc629a9683f0

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a644f214-02a0-4713-a708-9cc60d627a35.tmp
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      6baec8ebc4dccfac457b4dd2d1f7102a

                                                      SHA1

                                                      e19a2c6ef83d4451a85f2751ac4202edb994f578

                                                      SHA256

                                                      d4aa23935bf7c81f035b3db4276be2c9a64cdb7e64f07abddb22e6a3c33815b0

                                                      SHA512

                                                      a5fafc05565f4ec4745b30aa8fadc9e5afc955e321bcfc8d8dfb1f5a80c03d11bf2ecfcb419723d3449b359e813b8aea693698c5281989249ed097ff75f33e55

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                      Filesize

                                                      16B

                                                      MD5

                                                      6752a1d65b201c13b62ea44016eb221f

                                                      SHA1

                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                      SHA256

                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                      SHA512

                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      11KB

                                                      MD5

                                                      aee0960611a329ada6f95c5092f560be

                                                      SHA1

                                                      6c3099ba2addd0f0cd550533627df3a847d7200d

                                                      SHA256

                                                      324b4dfa907aa7338a9ccad43be69cf3fcaf9b05566e2313bdad4b36cb8c2375

                                                      SHA512

                                                      a08eba0a0c3d106bce56fce87d54c9f55b322aa46645c9c1c5d08bf5c5fbce492bac1f16541c866e49bee89a28b6f033d7eb02c38ce1b65bad9d4ea138f03818

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      12KB

                                                      MD5

                                                      9b65e5f119bb0a486c6db4d6950d044a

                                                      SHA1

                                                      ba34a957513ce42d438e570de36bd59bb3f03a09

                                                      SHA256

                                                      050e7302cb9456ab3d71eff2999dc367a0ba11bafbccd95609db7d32ea9b7b5f

                                                      SHA512

                                                      d0e86c13f71092d78485521e876a4733ae1d27731dadc6f3815b1e46b4ebe0b26a38a9a64a576ec032b58cacd9073f4ceeb657e942b62de976baed416b6e9622

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                                      Filesize

                                                      576KB

                                                      MD5

                                                      0618414a7257f3f48bf06029ad8ae3fc

                                                      SHA1

                                                      9937f48349759954f546761f13bd2131a1e239c4

                                                      SHA256

                                                      8219b4df7d5690bd702741d23bf7499e2073cce82edb107947553b482dd43c0e

                                                      SHA512

                                                      fd0d1172ea56ade0b979acdcd698e4f2c3b5d2528b082350a57ed546ab4f8755ad73fa262405390306ccd08265708d60382f08313c8b5a4b507e7278810d66d1

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
                                                      Filesize

                                                      9KB

                                                      MD5

                                                      7050d5ae8acfbe560fa11073fef8185d

                                                      SHA1

                                                      5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                      SHA256

                                                      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                      SHA512

                                                      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                      Download Submit

                                                    • C:\Users\Admin\Downloads\Unconfirmed 45916.crdownload
                                                      Filesize

                                                      4.4MB

                                                      MD5

                                                      6a4853cd0584dc90067e15afb43c4962

                                                      SHA1

                                                      ae59bbb123e98dc8379d08887f83d7e52b1b47fc

                                                      SHA256

                                                      ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

                                                      SHA512

                                                      feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

                                                      Download Submit

                                                    • C:\Users\Admin\Downloads\chilledwindows.mp4
                                                      Filesize

                                                      3.6MB

                                                      MD5

                                                      698ddcaec1edcf1245807627884edf9c

                                                      SHA1

                                                      c7fcbeaa2aadffaf807c096c51fb14c47003ac20

                                                      SHA256

                                                      cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

                                                      SHA512

                                                      a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

                                                      Download Submit

                                                    • memory/5972-583-0x00000000218A0000-0x00000000218D8000-memory.dmp

                                                      Filesize

                                                      224KB

                                                      Download

                                                    • memory/5972-584-0x0000000021870000-0x000000002187E000-memory.dmp

                                                      Filesize

                                                      56KB

                                                      Download

                                                    • memory/5972-582-0x00000000031D0000-0x00000000031D8000-memory.dmp

                                                      Filesize

                                                      32KB

                                                      Download

                                                    • memory/5972-570-0x0000000000AD0000-0x0000000000F34000-memory.dmp

                                                      Filesize

                                                      4.4MB

                                                      Download