Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    128s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 21:45

General

  • Target

    https://github.com/blowcrazynofex25/blowcrazynofex25/releases/download/latest/Git_softwares_v1_7_3.7z

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 22 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/blowcrazynofex25/blowcrazynofex25/releases/download/latest/Git_softwares_v1_7_3.7z
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
      2⤵
        PID:2176
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
        2⤵
          PID:4024
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:848
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
          2⤵
            PID:3740
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
            2⤵
              PID:4896
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
              2⤵
                PID:3640
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                2⤵
                  PID:2392
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
                  2⤵
                    PID:4548
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
                    2⤵
                      PID:4296
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1504
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                      2⤵
                        PID:4624
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                        2⤵
                          PID:2908
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4708 /prefetch:8
                          2⤵
                            PID:948
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
                            2⤵
                              PID:1104
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2832 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5884
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,8910878770521064940,10146584683689196330,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5688
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:380
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2760
                              • C:\Windows\system32\OpenWith.exe
                                C:\Windows\system32\OpenWith.exe -Embedding
                                1⤵
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:6024
                              • C:\Windows\system32\OpenWith.exe
                                C:\Windows\system32\OpenWith.exe -Embedding
                                1⤵
                                • Modifies registry class
                                • Suspicious behavior: GetForegroundWindowSpam
                                • Suspicious use of SetWindowsHookEx
                                PID:6088
                              • C:\Windows\system32\OpenWith.exe
                                C:\Windows\system32\OpenWith.exe -Embedding
                                1⤵
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:4620
                              • C:\Windows\system32\OpenWith.exe
                                C:\Windows\system32\OpenWith.exe -Embedding
                                1⤵
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:3568
                              • C:\Windows\system32\OpenWith.exe
                                C:\Windows\system32\OpenWith.exe -Embedding
                                1⤵
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:5340
                              • C:\Windows\system32\OpenWith.exe
                                C:\Windows\system32\OpenWith.exe -Embedding
                                1⤵
                                • Modifies registry class
                                • Suspicious behavior: GetForegroundWindowSpam
                                • Suspicious use of SetWindowsHookEx
                                PID:5528
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:5740
                                • C:\Windows\system32\OpenWith.exe
                                  C:\Windows\system32\OpenWith.exe -Embedding
                                  1⤵
                                  • Modifies registry class
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  PID:1960
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Git_softwares_v1_7_3.7z"
                                    2⤵
                                      PID:5200
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Git_softwares_v1_7_3.7z
                                        3⤵
                                        • Checks processor information in registry
                                        • Modifies registry class
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of SendNotifyMessage
                                        PID:5860
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.0.789379633\283965388" -parentBuildID 20230214051806 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18a0feff-1864-46c3-923b-18c4a00a5020} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 1836 24262125558 gpu
                                          4⤵
                                            PID:6076
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.1.872676263\1192048005" -parentBuildID 20230214051806 -prefsHandle 2464 -prefMapHandle 2460 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fa55aea-b8a2-4021-a833-83376eb8af09} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 2492 2424de88258 socket
                                            4⤵
                                            • Checks processor information in registry
                                            PID:2324
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.2.1999107175\2038041633" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2996 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7188665-ca81-435a-8b5d-f4995feded7e} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 2968 24265060258 tab
                                            4⤵
                                              PID:5280
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.3.1015694788\730363822" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35169ed0-fd79-45be-a8e4-aae4798963b7} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 3600 242665fc858 tab
                                              4⤵
                                                PID:1312
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.4.1783223404\15669167" -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5280 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {843b8094-6038-48a5-8e70-87b09aefe6b0} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 5316 24267d7eb58 tab
                                                4⤵
                                                  PID:5112
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.5.1353781121\183855191" -childID 4 -isForBrowser -prefsHandle 5184 -prefMapHandle 5272 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eff0f39-d48f-42c7-8f63-0991964369ef} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 5196 24267db7f58 tab
                                                  4⤵
                                                    PID:912
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.6.1401965423\263903501" -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5692 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fed2879-1335-4b48-8e01-cc5ca5c1853d} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 5704 24267db8558 tab
                                                    4⤵
                                                      PID:4724
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Git_softwares_v1_7_3(1).7z"
                                                1⤵
                                                  PID:5048
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Git_softwares_v1_7_3(1).7z
                                                    2⤵
                                                    • Checks processor information in registry
                                                    PID:5680
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Git_softwares_v1_7_3(1).7z"
                                                  1⤵
                                                    PID:6108
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Git_softwares_v1_7_3(1).7z
                                                      2⤵
                                                      • Checks processor information in registry
                                                      PID:6136

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    a8e767fd33edd97d306efb6905f93252

                                                    SHA1

                                                    a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

                                                    SHA256

                                                    c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

                                                    SHA512

                                                    07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    439b5e04ca18c7fb02cf406e6eb24167

                                                    SHA1

                                                    e0c5bb6216903934726e3570b7d63295b9d28987

                                                    SHA256

                                                    247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

                                                    SHA512

                                                    d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    265B

                                                    MD5

                                                    f5cd008cf465804d0e6f39a8d81f9a2d

                                                    SHA1

                                                    6b2907356472ed4a719e5675cc08969f30adc855

                                                    SHA256

                                                    fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

                                                    SHA512

                                                    dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    4f46f38ffea482ce212d499c7047d0bc

                                                    SHA1

                                                    0616162a89aa22533cfa3c7902a5ef04d77356ff

                                                    SHA256

                                                    c12930bc3cabf5362786314f44f0a57bfa6b64d07116211908cea0a9c06247d6

                                                    SHA512

                                                    c315f970fa93279a6994d6441a972a23e3d1e59245cca67d0be9e75db2e268382d55549c4ac78540bcd616987f356eb9f7489d7598be930a00e46444bcf415ec

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a848cef9-bb89-497f-a87f-6e99eebdb3db.tmp

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    31acc3e5806fb6f9c184674f872f312b

                                                    SHA1

                                                    0777b4e10656b58b992355aea562575d8d1a26b2

                                                    SHA256

                                                    04283c835019b633df43ce6526f341d43204424d567f9308cba969bda3a5de22

                                                    SHA512

                                                    21572f1e9137fc48501da31d1fcfe0e556c1eeab538be8b97a9b2594f192203c30518202ceb330dc079c18eb4524202ef925cb64a6e0153f62578cd0ded6dfd8

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    6752a1d65b201c13b62ea44016eb221f

                                                    SHA1

                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                    SHA256

                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                    SHA512

                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    472376290616b1037e84ba81b45dc153

                                                    SHA1

                                                    8c958fa0f4c0c69ec785935c2161cb07de67b757

                                                    SHA256

                                                    fd26eebdd4aa949ed22e2ed5b16b5d5152bb693e7847ec5573e79b974d4d6b79

                                                    SHA512

                                                    11f8f0a91177d0720ef57470be9d5db1e8f32ccef2ef806e0cad9ff56d87034d6d31f205e055f4f1df2dd65060a605371c3390d27843474cd81c170ac8283dfd

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    12KB

                                                    MD5

                                                    e6b63b04464bee7b77fd46241931f2ef

                                                    SHA1

                                                    822b7ecacd58a8b5a5d255da530734b3c5dd6fee

                                                    SHA256

                                                    a72922f9dd149eabd6e2f43a2c131fabe9ee3ff164e8c37636420108b3fcefca

                                                    SHA512

                                                    ed2b267240302e45895a02c8d2b04765ca37b4bc341295dcffc836cba1879b500730128c8e07869033c15a7be4081935328347dbd31e8d73515c10fb0321081d

                                                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp

                                                    Filesize

                                                    24KB

                                                    MD5

                                                    59bfe4f4ec8148d3f42417f63ae0b3c8

                                                    SHA1

                                                    ac4e876a86699e2fb64a7e2050841ca7e6018c63

                                                    SHA256

                                                    89d74aeb1fd20cd77d48b799daffd604939a3543cca62e2745f2184d27f4d0a7

                                                    SHA512

                                                    11e5992ca616625bbd5b1640dcdcf3acf7ae5989da85fa32200b6cf4028e42bcb0daec537a1cf5b76afdf422ab154a6987ad658ef9497094abc9528c0afba7a4

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    adce7b1aaec3e1c77f930224e8b7a27d

                                                    SHA1

                                                    da8c327c9b1e511d1614d956ebcaf80479fd35c4

                                                    SHA256

                                                    7a843c8c6085d5f0e8da3c0f3d50a7b1c73c956bb3f1906f0908c800afae0876

                                                    SHA512

                                                    c19359d66de005c98463256d15cd9c3665ab438ca7d528bc2e043b66b05b2f097a4f56d752b3189ed968f914a256dc756242d57268710df2d5784f39a73f5616

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    9ef3018faeee1eba25b53b66433b10e9

                                                    SHA1

                                                    0cc0f5e40550b37e172e070896643f7a4f6e1730

                                                    SHA256

                                                    735d3dd9759dbaae0bd6e0f9469dd37e7cc29fc2da84475f921a3e4fe2dae477

                                                    SHA512

                                                    aaefb64f8ea6080c00c108c5d2e515fa7e17bfdd7aa0b23496efa3dbc42ee4985d83a393430163ac5618f705aa7975c9998d52f6da71880b5659c2af49674820

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    a8b8dd7e46f3e1e073a060b46c76cef7

                                                    SHA1

                                                    97a54a74c40957a7ede449ae3f656d12130f5f35

                                                    SHA256

                                                    f7effbde1e11afe44f8edc230a2c39f8d06fd815fe51e32405e34aeca4c4988c

                                                    SHA512

                                                    477564d985c4b2d3512608e292384b27c1bea8f5ac117b6ecbd470720fd45f2c533fdc5b63cfe6043fdd2649214a4de67e514ac9767bd2bc38a4c9e473f19eb4

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore.jsonlz4

                                                    Filesize

                                                    819B

                                                    MD5

                                                    722e52775cafb579fa7e7a4da5bab670

                                                    SHA1

                                                    5b88d312e108eae4e474ebdcf45ef357820dd509

                                                    SHA256

                                                    eef8735743adb17cf270681a7ac05d1d394270a1d3bfea2b20cfe81438488836

                                                    SHA512

                                                    65baafe10949341df8c6e1466bc67d7e29869d5b3051100525e2d19ec2d1a97b65350a68c2447aea7379806280edf627d516dc9c42cf6ec206de8077ac68fe05