Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

30/01/2025, 00:15

250130-aj8t7stlcy 3

30/01/2025, 00:08

250130-ae7fkstkdz 10

Analysis

  • max time kernel
    393s
  • max time network
    396s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/01/2025, 00:08

General

  • Target

    http://www.google.com

Malware Config

Signatures

  • Detected google phishing page 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.google.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3436
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb27fb46f8,0x7ffb27fb4708,0x7ffb27fb4718
      2⤵
        PID:4220
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
        2⤵
          PID:3012
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
          2⤵
          • Detected google phishing page
          • Suspicious behavior: EnumeratesProcesses
          PID:4576
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
          2⤵
            PID:4320
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
            2⤵
              PID:4040
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
              2⤵
                PID:1396
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
                2⤵
                  PID:3288
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
                  2⤵
                    PID:1228
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                    2⤵
                      PID:2088
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                      2⤵
                        PID:2908
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
                        2⤵
                          PID:3672
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3840
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
                          2⤵
                            PID:224
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
                            2⤵
                              PID:3816
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                              2⤵
                                PID:4632
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                                2⤵
                                  PID:2820
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                                  2⤵
                                    PID:1664
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                                    2⤵
                                      PID:2908
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                                      2⤵
                                        PID:4968
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                                        2⤵
                                          PID:668
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                                          2⤵
                                            PID:4572
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
                                            2⤵
                                              PID:1272
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4048 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:4808
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
                                              2⤵
                                                PID:2696
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
                                                2⤵
                                                  PID:3184
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
                                                  2⤵
                                                    PID:4652
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4820 /prefetch:8
                                                    2⤵
                                                      PID:5016
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6232 /prefetch:8
                                                      2⤵
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:3496
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
                                                      2⤵
                                                        PID:3532
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:3176
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:620
                                                        • C:\Windows\system32\AUDIODG.EXE
                                                          C:\Windows\system32\AUDIODG.EXE 0x310 0x460
                                                          1⤵
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:4272

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                          Filesize

                                                          152B

                                                          MD5

                                                          9bfb45e464f029b27cd825568bc06765

                                                          SHA1

                                                          a4962b4fd45004732f071e16977522709ab0ce60

                                                          SHA256

                                                          ceb8f1b0aaa1ba575c3704e73fd77edf932d68c8be902b33f1ba3b1d130cd139

                                                          SHA512

                                                          f87cce8bb5489b56027f5a285b948b639a1c7b0f213a111f057235177e5bffc537627c82586736704e398a0185cf2ad8ba8cdee788531fb753a2d08f16e906c7

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                          Filesize

                                                          152B

                                                          MD5

                                                          ae2a8f2ebc841509f7b978edf590d3cd

                                                          SHA1

                                                          91358152e27c0165334913228005540756c35bd3

                                                          SHA256

                                                          631550765e3db02be0709748c0634a2cfdab711cea94f5890854d0c1dfbcb214

                                                          SHA512

                                                          e52180dd175f1e6ff72d76400085869387cd70da33919de219a04dc26871e8421e93b22e7c59125c19c6ee54a8a8f742d796ac68ea9077c9dab5f03b80967d11

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                          Filesize

                                                          214KB

                                                          MD5

                                                          ba958dfa97ba4abe328dce19c50cd19c

                                                          SHA1

                                                          122405a9536dd824adcc446c3f0f3a971c94f1b1

                                                          SHA256

                                                          3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

                                                          SHA512

                                                          aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                          Filesize

                                                          62KB

                                                          MD5

                                                          c813a1b87f1651d642cdcad5fca7a7d8

                                                          SHA1

                                                          0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                          SHA256

                                                          df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                          SHA512

                                                          af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                          Filesize

                                                          63KB

                                                          MD5

                                                          226541550a51911c375216f718493f65

                                                          SHA1

                                                          f6e608468401f9384cabdef45ca19e2afacc84bd

                                                          SHA256

                                                          caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                          SHA512

                                                          2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                          Filesize

                                                          19KB

                                                          MD5

                                                          1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

                                                          SHA1

                                                          6dd8803e59949c985d6a9df2f26c833041a5178c

                                                          SHA256

                                                          af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

                                                          SHA512

                                                          b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                          Filesize

                                                          67KB

                                                          MD5

                                                          69df804d05f8b29a88278b7d582dd279

                                                          SHA1

                                                          d9560905612cf656d5dd0e741172fb4cd9c60688

                                                          SHA256

                                                          b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

                                                          SHA512

                                                          0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          36282fe9e7c67edcd4e6f075bf74c571

                                                          SHA1

                                                          5da09a1c43d9e25e37c3f14fabff925b41d89f18

                                                          SHA256

                                                          0fccdb1729360d71cf3cf44d944be01fd6f6c961bc96396329e7836fdfbec129

                                                          SHA512

                                                          bb098bc763299c929147e9e8d3aae303feaeffe5a5a398a937b999164d50024bb485f60955a438c72d667a331a2cf50ac8be2ca699f3f44fbe5b2093bc0b69b3

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          13f00ca28133854f89d809a98baa6062

                                                          SHA1

                                                          6951b8bf9598099aac93003a1213619a8343e262

                                                          SHA256

                                                          4b70727ceba460dda807c4f22777063e24b493c0eef6b35d0ae9ff433167bcc9

                                                          SHA512

                                                          eab5597053e24604b3fbb2dd690fd2d4772d81f213a831bd157a8900953178f0cf8f16021a4a39189f833336e56a6fc3f7c38a9b6be94c97c89c4e6c585dd4e0

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          0c6eac7bd9ce19f108fa8ca66bc4c4a2

                                                          SHA1

                                                          21447e3aa73968122fb7fd321ad71ec478b28d0a

                                                          SHA256

                                                          1b6471a1bf29bd2321324c9eba89fa683b903a2af902290128765054a772fed6

                                                          SHA512

                                                          ac22af43c403c1f1a4228001b5367533c83f0488e798e783b6feaea00075f96b5d8b1f5ac73babeba90f57fb3d203a472abfb7cb7de79423955916d68823ce7c

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          2a44c6b668867931f25febd92c01ec1f

                                                          SHA1

                                                          0f8ff64cbcfef51e79e5e8a6386ec4c3eb80ebd4

                                                          SHA256

                                                          9667842e9b96ffc1a9f889940fbae7ac8cfebf1d84810074ac537ee5f4d064b0

                                                          SHA512

                                                          10d629e814c44eb97f090ceb89fea3fe2f5ac71fdf08f4374618d3aa2f100475428fc080e9d72c7b6a084ff26789d4e3ae8f9fe26fcc756ac01808e2c33e847f

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          a38d220bf3f24d63d74225571b01254b

                                                          SHA1

                                                          ecc5b758c550009cf35497cf7dcdcef94732f51d

                                                          SHA256

                                                          78dc17f0b07027eb994c9bf3946951d6c494612a68cf0db6f6dc1399771b371e

                                                          SHA512

                                                          ea0b7cc9ece9f61fa490f835829e7ef35b3f173826656a0722e6dfea402fcbbac08e602efd1763698813a543390aca838cf6b1d783a094d5fd7742aeedf83ae5

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          fac4265302750c4a93b87d00deb0d8fe

                                                          SHA1

                                                          7f2613e1f5d5038923255efa4518707e54e1f529

                                                          SHA256

                                                          85a88b53230e4e7b62652cdae964fe90a252330665a248e2ec814caa00dbf786

                                                          SHA512

                                                          82a572e4a042a15a2ebf94804a437ae535582a0384dcdc7799e947c3d800ffa48355b46aea4fb34c0e2146589b55597b1cf14948c0d152c081e1c8090ea36a4a

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          ebd7026293f6ed9be3381590ef93db4a

                                                          SHA1

                                                          20b5f4067e3d05bea9b6f9a2c4b3f2b8e5fd8e92

                                                          SHA256

                                                          b672c77f715c0c4cdcd60ce67ba6e549e9da819a67d05b58082d90aa953d68e1

                                                          SHA512

                                                          bd12c9293e51d5af04f0e213cbfa3272bbd6fb5fce533cffb719a3381bbea2a1e53e32b750c4bb6ed426bbd493519bcd0be44314568db8358d3f38d523f43c73

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          2ff0aada83a2a091d2f27888ded96900

                                                          SHA1

                                                          2c452b392e42942feb53e369edc874c1f992e8dc

                                                          SHA256

                                                          106dcaba9fd167bcbf8a9850d287f46b62beeca0c0cd5efc639eba7792f96f78

                                                          SHA512

                                                          ac9858fb346b59a903b818721ef5cc55860de9666060548cb9ccc9072bf0e97de20235b94c1eb06c85e523bfa896141004bc260b4eb19ca1bac4f8701423162f

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          7KB

                                                          MD5

                                                          69a7dac6aa1696fb2e418ee6ad20be81

                                                          SHA1

                                                          52747ae3f655c8b3409a55064e7fdc100cc703f7

                                                          SHA256

                                                          d3ab399857d7ffcbf645d9eceaf2ffe480969531e4ba8a9a259885cacda95336

                                                          SHA512

                                                          ef1f6c268980e41623deb90b2a0d2c3f1d588d01a86b688377035c2b92e55e04a0557a861541335115d32efdf60b3b364680491b6a43b1378f210d53f62ae973

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          7KB

                                                          MD5

                                                          8641dab8b8e208c4b12eaa5afdeb636e

                                                          SHA1

                                                          2215d73a4631426306312c50c7ebdd78509fd05e

                                                          SHA256

                                                          d6d1837c78ea104c9e2134ae4c9a9186dcde3bdc6b043e8b2a35816c837bd8d1

                                                          SHA512

                                                          c50ae5045610e20b5229a3b1f6a039bd6a83461d4fcc6c673e8792ced2b425d8b6212afb220b1f7792fc98b673ebba72193aa844f9d0460944ee3e9cd9e80065

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          a4a19c5073219add70d4347f2d197b72

                                                          SHA1

                                                          c96250cfd8d2cd69c539cf8618480c7ad2d2862d

                                                          SHA256

                                                          0ca42f66a37e645bd78e15372207c45aac9b416ee3ad3b3af21f3599d2fd266e

                                                          SHA512

                                                          7858694aa24ad244ceb1ff98caca9d4a5d8a8d40593691315e60277599ab879b60621f7f9fa59d1f1b56cec5d21be56ab85ca1d6942633f24ebe7652e4a61632

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          a0a40344c8390943c2fa510c57eaf629

                                                          SHA1

                                                          5dae940270463d10d5c49c4e6b9f4de373bf0bc8

                                                          SHA256

                                                          5dc0475ee370499df90d7cf43a1a5ba7cb4698b07ff2ac729ba04830d76eea08

                                                          SHA512

                                                          bb8db0e925c4161209b9cdce4ff5655b8cc2c959e80a7d99b2ffb6a6e52f20da2f35d65397e82001d28833a5a92c2775809f0f27198018e41e5ee8c452cd5348

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          701B

                                                          MD5

                                                          31f4bacd3f6813d020ade7b11c1cc559

                                                          SHA1

                                                          bd9a13a152f4fa4211b92e00be13e0a24404ed50

                                                          SHA256

                                                          f21c13f9f5362471f35810356b658a437ab634814a396a9131e12f9a0255f6a2

                                                          SHA512

                                                          1fbe6e6a3dce7332878c6032506888c4fda9e22558ebd09b555317684584199cee7116555791bbeca5df148ba2b4feaac293fb0c691584362696c12dcd6315f7

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          701B

                                                          MD5

                                                          bf74146c64438477bb24e06a2f42c20b

                                                          SHA1

                                                          402ef5970f3275f07c15e70ba06ce6fd4e15492d

                                                          SHA256

                                                          9b8cbf52b344266207bdbc26e09c9330b59433195c454a8f2d6883792b3dcc84

                                                          SHA512

                                                          11a6cf37f60c5e8e0f206d309f41e2a304c2d1861bd9e9acab9844a77f348a2f12b73ff2c40b19af97a5f8b6384e446f6e8caf14d49615a39e13ff8c05611ed1

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          701B

                                                          MD5

                                                          e37d33123520a44b9a7098c211c04e85

                                                          SHA1

                                                          3f8e0fa71ee8b398a054861ce9065d19332c3594

                                                          SHA256

                                                          e26f4bc3861e734752521b8497af14a85b077613ac5291e0c39fd007886df20a

                                                          SHA512

                                                          b2ad11707ea0a99cb5688a2e1a1ea862d4d0d1fa1cc3d7bcceeb698070831a0bd97faee2b32efaf4a6d2edd8797f46a1368572a31066f80768d97bade8420610

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          697B

                                                          MD5

                                                          042b8b12a1f4a4e13ea84ac554ebeeac

                                                          SHA1

                                                          c7015987d2e18b33284cda28978139a239856498

                                                          SHA256

                                                          ac58fb86115d7eebf0f6d9afde60f0c907a36e37ba9698baca8f487ccd89cfad

                                                          SHA512

                                                          4f96055d35295178bc30d7f948ad2ca4cc672e00b24b7cc9a0a27d8ef0bb1783ebceceeea1c18cd8f68492de89239a0fe11321ad7b6a2af511c00f596bee3eaa

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          5b809327a7bdb132204055a8eb952d32

                                                          SHA1

                                                          1489c0276416809c84723e0185a3a2e44f54417c

                                                          SHA256

                                                          e238a64c9c389c52bc48e52e4f55a4dda8923b93279cb0ffa83ca6cabf066c84

                                                          SHA512

                                                          5003ff2c95a840ea347b8c6f4fee21056a8ca87d4fa631f81d772aac7be7d0839df1a8d34331b574819c6c36d7717a1359461ecd8dacd5a7006dd78d59ecde2a

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          4ef0f3dda2363c64a3ce9e5f11edc29a

                                                          SHA1

                                                          b3968e4d35c015375196613bfb182b91a0de4235

                                                          SHA256

                                                          955d6ed781080b9096056b332cbda0d24a19f02e8af62a62f7613fef8176b6ef

                                                          SHA512

                                                          2e5b9813096f74c6c9dc4ed70d1e50e1a9bc1b042d5674404306d17ec3fcdb5407b093127fcb62d90d24d4c041dd13e3b1b9c749e106953653e2f9f93bce835d

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          01e5dc72ebb78ec44f46c096753f2206

                                                          SHA1

                                                          b9da4dea391bf78f796062af4d3172c190930f88

                                                          SHA256

                                                          fbb25dae6e27724816d40ad0313e0dc41c14047ddde5442bbb9984b330550aa0

                                                          SHA512

                                                          6d594600111ad8c535102f60989c813c596fae49384c5aad6daa8b4ba704d9328028794b138dd6aa2f5d9da5eb59ff9c68614a2413755fa39f3a49d284535f76

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          f69fa7aaecc6a3b942b8ebadb92a59a2

                                                          SHA1

                                                          76a122a0c10663d4f448a1184945198eb16a5d92

                                                          SHA256

                                                          20566956d8b80221a5a748f62cbedbdf44aa82cc5e4623dabf9561e010b9712e

                                                          SHA512

                                                          898b6ae63347eba3ff35c3e4666bc5bd7faffb32d5d81c526a0ae76d3a188d960266b13dfbf75c969c8edfc88091385ebc9b8751b92ac07c666fece2e424358c

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          697B

                                                          MD5

                                                          964023d134d8aa92f9c4d86dff839564

                                                          SHA1

                                                          43e7bc3ce9763ec08cca34486e327f7d5eb46e85

                                                          SHA256

                                                          da42fde4753830403a493bdcfc16d2b97ea04815d446f9de2d6593334750a9fc

                                                          SHA512

                                                          1fea87d5b64bcf505970567e3156c7a36930c3f20000f226a6e04a385af40cd3f1b7b3ddabdab9c40791f0459962f1231e4ddbf15f8fbeba7e7fcb3cea68f77a

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          348951310f048b47ca96c7fac2598193

                                                          SHA1

                                                          e632621d2017e61d3aa8ee46c0b5a8693cefa78d

                                                          SHA256

                                                          a2fc28213195df1ccabd82638ac4740b1d14763c37f75e7207d9c7c6bc2a64a0

                                                          SHA512

                                                          3a91572207fc639dc4e941126ebac0d6e6bbfdaca1099aa9a3376234766ff114151e5793a3e1a14399ae0d5c76f05993176dab8ef2259038af335637f17f6ba9

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          80724fa4b308c41cbd3c871a9377e9b2

                                                          SHA1

                                                          cda998bb81df0811751e58fbbdfe8c4f4f048526

                                                          SHA256

                                                          d90cdb31acfc53b738e14e4710343e4b27827009a2f4ee49884cfcea2974582d

                                                          SHA512

                                                          a76aac12fdc1e040a4e83ce21badae90e2edc0ebf9e42755c009b8bb59cd5b55eab92e55c9083e0f62c0fcb87b0ecc5ceaf970c23582e1b2e0ff8f281359a056

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          541e70c3410bacd4abad99861d133cf1

                                                          SHA1

                                                          fa39e67da99e0ee4a53144b1cdb759580b0cdc6f

                                                          SHA256

                                                          cdb0003e73960619f4ab4bf112052bede79c35455de331168482ade35e67f369

                                                          SHA512

                                                          e997aa6aba20b61fe84dd971eda3fde8d22290414fc2ee563d40fc92de8b500640014b243d869d275a436783f11885b68d0ae4948300ae19981068edaa9aa378

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e9ff7.TMP

                                                          Filesize

                                                          701B

                                                          MD5

                                                          fb4e549bbce053fa24507bcd98693b94

                                                          SHA1

                                                          8a6423ef654422b5aa83629f33b7dde61a05d83f

                                                          SHA256

                                                          82fb84d375516b9b7432c3f828a507aca26e25e4fc5e80aa68bc9acd228c7d1d

                                                          SHA512

                                                          7ad737d3fa65ed81b231895e257584a43e5b24d8bdcb0ca70c299dde9ca185153710206bcfd0b384719fb8373d2eab50cf4858e9d182926641d89c9ee9e9eeb1

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                          Filesize

                                                          16B

                                                          MD5

                                                          6752a1d65b201c13b62ea44016eb221f

                                                          SHA1

                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                          SHA256

                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                          SHA512

                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f33c4f8b-21fb-474c-ae75-bf08ce7a7264.tmp

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          bd8feda5d03cdcd0ea029860d8d1a3e5

                                                          SHA1

                                                          a8a5bae3331e27938c4315bf5b168310c063c8a5

                                                          SHA256

                                                          b51dd1ccb7a53a3171aa6ff120b400dc1ca8fb117df79243dd6d8628250a33d5

                                                          SHA512

                                                          9af5afecd3851f4f7f5845849643ed3ac8af0640863d99cd1dcd1da7223eba72360402d55112e59891881db8227ee854d4b37104dd1b605076ebf845c4e507f9

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                          Filesize

                                                          11KB

                                                          MD5

                                                          9ae699a699461b9a31e58985438c7545

                                                          SHA1

                                                          827fd5e4854201843352810dfb8d505b253614ce

                                                          SHA256

                                                          3d623d8ac60e9b68adec67ef3449cde56cc7bf558f335f044a7d1cd1bbc5a12c

                                                          SHA512

                                                          454bbed13d96b0059d98fc79bb374a9f2f528b331bb066be0ff6f3933237838793603ba17c5e2d969e99bf3df4013b04e4173a6abc5e2539cb05ea9410a2108e

                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

                                                          Filesize

                                                          2B

                                                          MD5

                                                          f3b25701fe362ec84616a93a45ce9998

                                                          SHA1

                                                          d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                          SHA256

                                                          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                          SHA512

                                                          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84