Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    900s
  • max time network
    427s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 18:18

General

  • Target

    https://gofile.io/d/AeQXfn

Malware Config

Signatures

  • Downloads MZ/PE file
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 25 IoCs
  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 38 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AeQXfn
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3dd746f8,0x7fff3dd74708,0x7fff3dd74718
      2⤵
        PID:1696
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        2⤵
          PID:1184
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:540
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
          2⤵
            PID:2680
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:3304
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
              2⤵
                PID:1756
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
                2⤵
                  PID:724
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
                  2⤵
                    PID:3496
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
                    2⤵
                      PID:1568
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4568
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
                      2⤵
                        PID:3172
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
                        2⤵
                          PID:3248
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3844 /prefetch:8
                          2⤵
                            PID:3672
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1556
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2372 /prefetch:1
                            2⤵
                              PID:5116
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                              2⤵
                                PID:2316
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
                                2⤵
                                  PID:2444
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
                                  2⤵
                                    PID:4808
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
                                    2⤵
                                      PID:1928
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                                      2⤵
                                        PID:760
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                                        2⤵
                                          PID:1328
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
                                          2⤵
                                            PID:1468
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                                            2⤵
                                              PID:1004
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
                                              2⤵
                                                PID:380
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6760 /prefetch:8
                                                2⤵
                                                  PID:2168
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1988,13526279087113716371,12206364320959281467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1020
                                                • C:\Users\Admin\Downloads\7z2408-x64.exe
                                                  "C:\Users\Admin\Downloads\7z2408-x64.exe"
                                                  2⤵
                                                  • Executes dropped EXE
                                                  • Drops file in Program Files directory
                                                  • System Location Discovery: System Language Discovery
                                                  • Modifies registry class
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2468
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:2812
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:2800
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:3336
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:2952
                                                  • C:\Windows\System32\rundll32.exe
                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                    1⤵
                                                      PID:2044
                                                    • C:\Program Files\7-Zip\7zFM.exe
                                                      "C:\Program Files\7-Zip\7zFM.exe" C:\Users\Admin\Downloads\Cyprus-external.rar
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of FindShellTrayWindow
                                                      PID:3056
                                                    • C:\Windows\system32\OpenWith.exe
                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4488
                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO0FB205B8\cyprus.vcxproj
                                                        2⤵
                                                        • Opens file in notepad (likely ransom note)
                                                        PID:1240

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Program Files\7-Zip\7z.dll

                                                      Filesize

                                                      1.8MB

                                                      MD5

                                                      1143c4905bba16d8cc02c6ba8f37f365

                                                      SHA1

                                                      db38ac221275acd087cf87ebad393ef7f6e04656

                                                      SHA256

                                                      e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812

                                                      SHA512

                                                      b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

                                                    • C:\Program Files\7-Zip\7zFM.exe

                                                      Filesize

                                                      963KB

                                                      MD5

                                                      004d7851f74f86704152ecaaa147f0ce

                                                      SHA1

                                                      45a9765c26eb0b1372cb711120d90b5f111123b3

                                                      SHA256

                                                      028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be

                                                      SHA512

                                                      16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      eeaa8087eba2f63f31e599f6a7b46ef4

                                                      SHA1

                                                      f639519deee0766a39cfe258d2ac48e3a9d5ac03

                                                      SHA256

                                                      50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

                                                      SHA512

                                                      eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      b9569e123772ae290f9bac07e0d31748

                                                      SHA1

                                                      5806ed9b301d4178a959b26d7b7ccf2c0abc6741

                                                      SHA256

                                                      20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

                                                      SHA512

                                                      cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5e897cd4-379e-42ad-8950-94220dc03714.tmp

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      ebaae35080512f4241314dbdf618a6fe

                                                      SHA1

                                                      9c984e64831827fcc67d32cc5af5283562adf739

                                                      SHA256

                                                      8e07aa0b7bbfef2ee2a25a37926a2d316033b83e70a94e42a2515ef062a23b3c

                                                      SHA512

                                                      cb1d29a66cc82c4f5d9a751566f2b20eccd99154eed753bf42a0b2250ba28b941131862cee435563174b9ac100bfe2de0e4ade7d15c68f6ab7daae94e6b7b162

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      3583ba0924996f024b02b87b19cd4d5d

                                                      SHA1

                                                      835169db7c93ee14d866c4355a4b59e4bb32cac9

                                                      SHA256

                                                      1e926c1838d0bcbfe1062c9db442cdcd28c27cd4fd1ef121d6c57ad2f0eb253b

                                                      SHA512

                                                      1f8453139b4fe21f8548cdbdd5a51557c75d528e0bbc0bfb25595592d14c47521a81810799327ee637d3a73f93481714007bd6daac5bf127eb91494040a98403

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      6c7dcde622c0ef751b22b98d4e1aeb33

                                                      SHA1

                                                      eb3559922b529e9e9b394e02ce40d7c9aca5ad89

                                                      SHA256

                                                      180818a3d53a5842017eeb2850455e7708e6e6d87596726c98f0d9ea04b0d701

                                                      SHA512

                                                      58e387949748605aad2a6b63beb6e63fe19426b99f2d17be000a134310d6458d7878e34ee42bc472e366b3022d7a1470d117fa485585b782fe7b786c5ea10e5f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      37a3c77f79f2b73d78a11698f12b7967

                                                      SHA1

                                                      21cadf1d4fb2678d4cce0f90cdbba3aa4bc1c632

                                                      SHA256

                                                      b4a60a0f0900c64f3c69139d03c973b574ff7e664a56a1795039ae9c6cb965a9

                                                      SHA512

                                                      db33fadd8ae93b4d801f5deae9021a5e9ad7e7197de2f76c41fb3578596db85dd287f7042640bb2be5980d9d467de5d3bd57a9c7221bacb138ff7b04f3e0604c

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      475865b27fd7edde88ddf72ed008b275

                                                      SHA1

                                                      1e2ea75136739d9d57131016d965f12ceeda1e93

                                                      SHA256

                                                      3d4c76f47261f3485e4ad2e71ad36ef70c6056a3bc9f59c0d49b6875b842614c

                                                      SHA512

                                                      ae07c5a242d974cf8f6cdbf993948b4d179e6a81dc0059f9873d0fd787d3c91ea19adcd50742c4558cf51e0f0e3bf588878ee2f81c41f5030c62f58c9628d3a1

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      8ab738415d8e265933afdc3a984454c5

                                                      SHA1

                                                      060110a38fae1c04a11d691a27b5d7c7bc8bc95e

                                                      SHA256

                                                      e37a0a99e819d45582dbe416712f72dac6532276db56d493264f2f4f6e307525

                                                      SHA512

                                                      ded3bc7e637971c7113e74e528b7e6a4e103176a746f41a588f8a25db17a248fcfcd8e2c3775a525ff1b0fa17ed83f7b22b9b5bea769b01879e8934757b6f077

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      d0fdb51f8d44be537bab12706c7b1da0

                                                      SHA1

                                                      464a0ed679e10ae68024f26413ca145a941cc1ca

                                                      SHA256

                                                      2bdf69d8c3df8e0a4e11ba6325d37be4b451ec5fe2f0cb4ab9c2c334fe660159

                                                      SHA512

                                                      cb03bea307eb71bd7fb160bd1fcaa990fb7fd0b2165d93937250b49386d643ca5201d79f41e285f0439429b1d6050125ec48238210a377eb63fd27c0f799a05a

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582074.TMP

                                                      Filesize

                                                      538B

                                                      MD5

                                                      60fcf5f76969d602aa9bf7c27a565955

                                                      SHA1

                                                      ea86a3eba343e2f060fadf57afe6e6a471bd10ed

                                                      SHA256

                                                      1a9a5d3ecd575be676fd805d767231c8e3ba4cdbc3db6f4b09bc73b6c3283026

                                                      SHA512

                                                      8f45f3f5ae43b1c99bd6f9c26be535431f041da6680a5f821e2df9d3f37c555030bd01a0e8b246dfc912663748d8b18b6d97eed569c4b7d2ca5cadfcc963e67a

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                      Filesize

                                                      16B

                                                      MD5

                                                      6752a1d65b201c13b62ea44016eb221f

                                                      SHA1

                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                      SHA256

                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                      SHA512

                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      10KB

                                                      MD5

                                                      953ccc7249c324eb9d58bc62ebbcef06

                                                      SHA1

                                                      d99db2cff7e58fda02d7b7fdaa9f590ab0255722

                                                      SHA256

                                                      9a09fb3894cb051692a3e4b0e4364094faf75c9a1db9b39cfcdebc44532bab63

                                                      SHA512

                                                      cd3571070135aeea95a11f5c06c56a261bbea62e119c55471d2c90b76066f5d9c658061d3e442891ff555f56a8dcd9c51d67ccd5feb451abfb3c8ceb0f00ce1a

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      10KB

                                                      MD5

                                                      6977a20903e51c88f471a8e9ebca43f8

                                                      SHA1

                                                      911af1eaac6bdf7bae120154e39e9cca63a7ae8f

                                                      SHA256

                                                      6f9e54131154ae17bd879ace92aceedec0a45628801bf23c1eab059aa69fa736

                                                      SHA512

                                                      42514495cd3ddf8a4bac8b5b8f4f686e1912945b792b955e0d4c82cac1de189cac6e9b0e196aa54f94d26877982f2a1e7b47d39c64f5ff080657d268ff76e4f4

                                                    • C:\Users\Admin\AppData\Local\Temp\7zO0FB205B8\cyprus.vcxproj

                                                      Filesize

                                                      25KB

                                                      MD5

                                                      0b7ecf1ad4e1b043f7cfa46cf7ccdabf

                                                      SHA1

                                                      4eaf9dbc260b381b95c4debc6a34830719553285

                                                      SHA256

                                                      5656c0ee3dcaf696ffbf7c40463db3fbd2b3f4a4a544265b5c6970ed3b92a9b7

                                                      SHA512

                                                      35d6dd6a4d3a7151db69a83b1e761c53420c6181a6e693882a2395a3aee791c77b00e42e7aa6e47a9e4d286b9818c3c851557c9a88b98081b9a818c83b8d29c1

                                                    • C:\Users\Admin\Downloads\Unconfirmed 213696.crdownload

                                                      Filesize

                                                      1.5MB

                                                      MD5

                                                      0330d0bd7341a9afe5b6d161b1ff4aa1

                                                      SHA1

                                                      86918e72f2e43c9c664c246e62b41452d662fbf3

                                                      SHA256

                                                      67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

                                                      SHA512

                                                      850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

                                                    • C:\Users\Admin\Downloads\Unconfirmed 893139.crdownload

                                                      Filesize

                                                      9.3MB

                                                      MD5

                                                      599a26c838f524118c4698c618b5df81

                                                      SHA1

                                                      f7e76729b7c34b73a68859b23d22745fd9bf90fc

                                                      SHA256

                                                      f7b70cc7faefd5747a1eef5f72ded5d10212d68dd221bfc277f26312ee93cd45

                                                      SHA512

                                                      a961a5882b42e96e2dd53a8d4d1dc79383d14db8a384befe261fc0106952090781290def3426b5148f3dd9eee2ac10a4f8ecec019c59829a13c848c2a4c74f5a