Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://l.ufiler.pro...

windows10-2004-x64

8

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 21:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://l.ufiler.pro/l/7/22986402/download/867/?i=dGl0bGU9VTNWd1pYSWdWMjl5YkdSaWIzZz0mZGVzY3JpcHRpb249VjI5eWJHUkNiM2dnNG9DVUlFZHZaQ0JUYVcxMWJHRjBiM0lnS0ZOMWNHVnlJRmR2Y214a1ltOTRLU0RpZ0pNZzBMalFzOUdBMExBZzBMSWcwTGJRc05DOTBZRFF0U0RSZ2RDNDBMelJnOUM3MFkvUmd0QyswWURRc0N3ZzBMclF2dEdDMEw3UmdOQ3cwWThnMEwvUXZ0QzMwTExRdnRDNzBMalJnaURSZ3RDMTBMSFF0U0RRc2lEUXY5QyswTHZRdmRDKzBMa2cwTHpRdGRHQTBMVWcwTC9RdnRHSDBZUFFzdEdCMFlMUXN0QyswTExRc05HQzBZd2cwWUV1TGk0PSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT1aMkZ0WlhNPSZ0b3JyZW50PWFIUjBjSE02THk5MGFHVnNZWE4wWjJGdFpTNXlkUzlrYjNkdWJHOWhaQzlYYjNKc1pHSnZlRjh3TGpJeUxqbGZOVFU0TG5SdmNuSmxiblE9&sw=VUZJTEVS

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks for any installed AV software in registry 1 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 11 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://l.ufiler.pro/l/7/22986402/download/867/?i=dGl0bGU9VTNWd1pYSWdWMjl5YkdSaWIzZz0mZGVzY3JpcHRpb249VjI5eWJHUkNiM2dnNG9DVUlFZHZaQ0JUYVcxMWJHRjBiM0lnS0ZOMWNHVnlJRmR2Y214a1ltOTRLU0RpZ0pNZzBMalFzOUdBMExBZzBMSWcwTGJRc05DOTBZRFF0U0RSZ2RDNDBMelJnOUM3MFkvUmd0QyswWURRc0N3ZzBMclF2dEdDMEw3UmdOQ3cwWThnMEwvUXZ0QzMwTExRdnRDNzBMalJnaURSZ3RDMTBMSFF0U0RRc2lEUXY5QyswTHZRdmRDKzBMa2cwTHpRdGRHQTBMVWcwTC9RdnRHSDBZUFFzdEdCMFlMUXN0QyswTExRc05HQzBZd2cwWUV1TGk0PSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT1aMkZ0WlhNPSZ0b3JyZW50PWFIUjBjSE02THk5MGFHVnNZWE4wWjJGdFpTNXlkUzlrYjNkdWJHOWhaQzlYYjNKc1pHSnZlRjh3TGpJeUxqbGZOVFU0TG5SdmNuSmxiblE9&sw=VUZJTEVS
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad394718
      2⤵
        PID:1164
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:2608
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4328
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
          2⤵
            PID:4580
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:4744
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:5060
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
                2⤵
                  PID:5104
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1500
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                  2⤵
                    PID:3860
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
                    2⤵
                      PID:4188
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4812 /prefetch:8
                      2⤵
                        PID:4120
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                        2⤵
                          PID:4084
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
                          2⤵
                            PID:5020
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
                            2⤵
                              PID:1080
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6756 /prefetch:8
                              2⤵
                                PID:3964
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,17017415437834638659,11934487040285537906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5792
                              • C:\Users\Admin\Downloads\Super_Worldbox-2852463.exe
                                "C:\Users\Admin\Downloads\Super_Worldbox-2852463.exe"
                                2⤵
                                • Executes dropped EXE
                                • Suspicious use of SetWindowsHookEx
                                PID:5928
                              • C:\Users\Admin\Downloads\Super_Worldbox-2852463.exe
                                "C:\Users\Admin\Downloads\Super_Worldbox-2852463.exe"
                                2⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                • Suspicious use of SetWindowsHookEx
                                PID:6064
                                • C:\Users\Admin\Downloads\Super_Worldbox-2852463.exe
                                  "C:\Users\Admin\Downloads\Super_Worldbox-2852463.exe" -a -pipe
                                  3⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Adds Run key to start application
                                  • Checks for any installed AV software in registry
                                  • Drops file in Program Files directory
                                  • Modifies registry class
                                  • NTFS ADS
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5136
                                • C:\Users\Admin\Downloads\Super_Worldbox-2852463.exe
                                  "C:\Users\Admin\Downloads\Super_Worldbox-2852463.exe" -uFileID=2852463
                                  3⤵
                                  • Checks computer location settings
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5356
                                  • C:\Program Files (x86)\uFiler\uFiler.exe
                                    "C:\Program Files (x86)\uFiler\uFiler.exe" -uFileID=2852463 -uFileID=2852463
                                    4⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    • Suspicious use of SetWindowsHookEx
                                    PID:5456
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4464
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1600

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Program Files (x86)\uFiler\modules\libeay32.dll
                                  Filesize

                                  1.3MB

                                  MD5

                                  900dafe19a17f2e21729ba1ad2a7ddf2

                                  SHA1

                                  1403c2eea8f16b0c37062c649a146025243139ab

                                  SHA256

                                  e970087342a29079bff6b8b37fe58ebf579fd9bf8b5c0815bdc4231b73f9529f

                                  SHA512

                                  7ac58cb85a8e866da568a85f1d9a9aebd04d7c4b6bd66f1fe9fa017aa40d855e128128e0fc594f6c1d72e89c17e7038b733126e985015fa81c3277ca97446ffd

                                  Download Submit

                                • C:\Program Files (x86)\uFiler\modules\ssleay32.dll
                                  Filesize

                                  330KB

                                  MD5

                                  5d7476f34764f278852406cdb3beacb6

                                  SHA1

                                  c22ebfecf64ac2f066b68bcbbadfcfa582bc9064

                                  SHA256

                                  df74479fc4cff960faab94c481db6b962844e1396716ff5e84fd97eb0fcfa661

                                  SHA512

                                  c924c2124f78f773ab1c5b58b0cdfa7209c721240522e43e3847e98298ec8821f6d93cf29e0c2b261237c75bab021922cb7685662b528162bfb2dad6499fb793

                                  Download Submit

                                • C:\Program Files (x86)\uFiler\modules\ubtorrent\ubtorrent.dll
                                  Filesize

                                  2.7MB

                                  MD5

                                  39fd9f3ba43e3e1896467c690053523a

                                  SHA1

                                  c3add9ef446ed07935c4784c0b07e4fd814ccbc7

                                  SHA256

                                  c7b7af783ecd72104159cca39fa347f1e110d512e8bd5863d130da9de8594d7c

                                  SHA512

                                  bec480e2fae3e337d52c204f2567f486b54d72596b5b72ca22b08d9b6ba7a4ca1b5aefc40b7059289cf2d0585d269bb6928a87e7714d5de5ab58b2538a318c72

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  ce4c898f8fc7601e2fbc252fdadb5115

                                  SHA1

                                  01bf06badc5da353e539c7c07527d30dccc55a91

                                  SHA256

                                  bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                                  SHA512

                                  80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  4158365912175436289496136e7912c2

                                  SHA1

                                  813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                                  SHA256

                                  354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                                  SHA512

                                  74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  120B

                                  MD5

                                  3a57ab3f1aa1aabe25f26fa40266372f

                                  SHA1

                                  38b0209e4fa3d2ec8edff41749abb041600d962d

                                  SHA256

                                  5239a68a0e06c4ffc4ee64a20ab7d913fbe4060618e7cbc1cc8c31f137857f89

                                  SHA512

                                  61c3a7d0ea0c998cea603953470e10a09735c704f182f6cef4c27e2aa03ba491928a0b67940bdbe7aca2d60029cce6751eb352dee770171bdd8b82807500ab92

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  8153e0e1d15e761a9c511f9284a26636

                                  SHA1

                                  6c6f27d406bbc849284349da2b85561da967b8db

                                  SHA256

                                  d478eb5d653a409cf0d1a5f93f2c7cc56678f7b62d772a995e56622e8463c45b

                                  SHA512

                                  4b62ee1a61d163d5a6f8553dc4e85a4993f8826dc9de3e418138ae93207352743c9674909b6d8209c9d7b3829321ed7e53c62f3ddbc64e9234856bc95b196367

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  9bf78ff0233ccbd9ee3cff82198c7ce3

                                  SHA1

                                  d985c6e0b8f80c673870c2f3f4f5ad3fb2e7b5fa

                                  SHA256

                                  f906aef7a07a6a9d8242208a49be1648fec4868fb8608fd792e82b6a4f4442ae

                                  SHA512

                                  543da8b4248015134722e7880a85bb48ec5739790fd6665668c4bcffe2384b4d90aab9ad7736b6d3659dcfa553563f697e68dab6bde6784ebcaecbfe0cba5989

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                  Filesize

                                  1KB

                                  MD5

                                  79d9cecaf4a399ec9d03ac2f21a2bec1

                                  SHA1

                                  7ab4a29887e2993f8caa0f1b6ff55266eb2993fc

                                  SHA256

                                  bf9ecd4abf0b80e6b69121591b9444c9c5bc6dab174cb9f3e33837470f8d16e1

                                  SHA512

                                  c72d4433bfb7a66298828bf9934b98d760bde1dbd7aa59c50df7da55da9630b2a961bc3b34179def5e7c464bf215a326d781fbfd4ff0267934026674e99c52fb

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b6cd.TMP
                                  Filesize

                                  1KB

                                  MD5

                                  02a876a1171eb4ca021bd40f510a9065

                                  SHA1

                                  07a3628c4531b6d95884a4bb592cb2276863ff1c

                                  SHA256

                                  65825e37fc2ea42a615847d73da9010880e858474a19714410e57dbe49a06edf

                                  SHA512

                                  cdf59a844ef76bba28d68d4c1634ebc99d0f6729ec5b667d06936778f4b6ff02decdd908984302acd0f0736602c33e917c700c41f16ea7507bcd2040b0adfabd

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  206702161f94c5cd39fadd03f4014d98

                                  SHA1

                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                  SHA256

                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                  SHA512

                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
                                  Filesize

                                  41B

                                  MD5

                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                  SHA1

                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                  SHA256

                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                  SHA512

                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  1ee2e2b7d9fbfbbc057295e3d1a8e124

                                  SHA1

                                  ff63ab53d947eb7f7bc928a7621da18ae2d65c3c

                                  SHA256

                                  425bbe5d05b874baec7be43c72777a57dea4b046714f88f6f1039c26ab339ede

                                  SHA512

                                  c86b3ddee82af39150688c7c7727dc616f37764110c39987d33b300763b62f76149a81fe2b9f903e873b1561f8d0c6b368189e5d5052443d499954c74194df78

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  823b01938acbb7bd346cdb5aed64814d

                                  SHA1

                                  e4caefcc8f43c3939c85df2ba652c8dbd6f7b4e4

                                  SHA256

                                  28e93fb9e42443f87c972ca6c59a250152ecddc278904e478460d66ef9891eae

                                  SHA512

                                  769960c6693d1ee43f1b740c1dd06073450bc7278c42c935c08a7af9c1a6794db49a3be5318f8411d33a9c5225bc3d1ea8a34c1cc0eb45876d1905847b46fb0a

                                  Download Submit

                                • C:\Users\Admin\Downloads\Unconfirmed 367884.crdownload
                                  Filesize

                                  8.6MB

                                  MD5

                                  9595e49300c884ea972200f03d7551aa

                                  SHA1

                                  32266d5316e4a71037304a73b71970e422d0c4c7

                                  SHA256

                                  a4c8b95638e736bfd4cabdf43121ebb65229c3754a2bb35ffe9a81a8091c2d16

                                  SHA512

                                  137b8559d7e4e0f2a11b97a2caacc6f466f62a136c0f3f36e5d65b6dabdad073fb7eb32805b26951aa0328a6958731fb2a80b9e2f063a3a3d0b0d44feddd6915

                                  Download Submit

                                • memory/5356-178-0x0000000000400000-0x0000000001E93000-memory.dmp

                                  Filesize

                                  26.6MB

                                  Download

                                • memory/5928-129-0x0000000000400000-0x0000000001E93000-memory.dmp

                                  Filesize

                                  26.6MB

                                  Download

                                • memory/5928-128-0x0000000000400000-0x0000000001E93000-memory.dmp

                                  Filesize

                                  26.6MB

                                  Download

                                • memory/6064-131-0x0000000000400000-0x0000000001E93000-memory.dmp

                                  Filesize

                                  26.6MB

                                  Download

                                • memory/6064-167-0x0000000000400000-0x0000000001E93000-memory.dmp

                                  Filesize

                                  26.6MB

                                  Download