Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    136s
  • max time network
    142s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03/02/2025, 17:54

General

  • Target

    http://lablancer.com

Malware Config

Signatures

  • Detected google phishing page 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://lablancer.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc89f83cb8,0x7ffc89f83cc8,0x7ffc89f83cd8
      2⤵
        PID:4592
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
        2⤵
          PID:584
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
          2⤵
          • Detected google phishing page
          • Suspicious behavior: EnumeratesProcesses
          PID:3412
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
          2⤵
            PID:3220
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
            2⤵
              PID:2268
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
              2⤵
                PID:3536
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                2⤵
                  PID:2084
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                  2⤵
                    PID:3316
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                    2⤵
                      PID:3100
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4152
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4740
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                      2⤵
                        PID:4844
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                        2⤵
                          PID:4956
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
                          2⤵
                            PID:3088
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4788 /prefetch:8
                            2⤵
                              PID:3544
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6132 /prefetch:8
                              2⤵
                                PID:420
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
                                2⤵
                                  PID:1180
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6704 /prefetch:8
                                  2⤵
                                    PID:2428
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6440 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1096
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                                    2⤵
                                      PID:4076
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
                                      2⤵
                                        PID:1764
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12362122217492305424,13920197753592926580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
                                        2⤵
                                          PID:4868
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:4720
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:4812
                                          • C:\Windows\system32\AUDIODG.EXE
                                            C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004DC
                                            1⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:3456
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:2800
                                            • C:\Windows\system32\svchost.exe
                                              C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                              1⤵
                                                PID:2980

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                Filesize

                                                152B

                                                MD5

                                                5431d6602455a6db6e087223dd47f600

                                                SHA1

                                                27255756dfecd4e0afe4f1185e7708a3d07dea6e

                                                SHA256

                                                7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

                                                SHA512

                                                868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                Filesize

                                                152B

                                                MD5

                                                7bed1eca5620a49f52232fd55246d09a

                                                SHA1

                                                e429d9d401099a1917a6fb31ab2cf65fcee22030

                                                SHA256

                                                49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

                                                SHA512

                                                afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                Filesize

                                                126KB

                                                MD5

                                                429ad8239a955eed7282b16bde34c5cf

                                                SHA1

                                                459a7fe487e39a36050969895feb69b618e39df2

                                                SHA256

                                                111b9b04cce2d055a257a5b51240f0205fc578501a7a73a928948ae43a22571b

                                                SHA512

                                                0c11cad0799751dbaf85c62a9687785a73bb0ee929e6499394648bc7723b6ec97ebd0e09658fca7bb5a6d542c317714cc283084e642ee4670bc15634b7d8f2df

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

                                                Filesize

                                                73KB

                                                MD5

                                                411902761ce02ed757e6bc66e6a84be7

                                                SHA1

                                                350bc198b40570b5a3202f4b751c3ae82356a8b2

                                                SHA256

                                                2b280eed72f5631b17cb2ad188b9eba35d033664ada77b0ea33dd1edd4d69aa0

                                                SHA512

                                                c43e94e1d577cb0fe3dffb33498b65e6dc6efbc31e779633076d6377ca6d6bdc93e646afae644b9892bae745445960bfe2110a60dcec755a430a936f5eba688e

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                480B

                                                MD5

                                                15c0a04553f500e2ea1b0d772418ed6f

                                                SHA1

                                                0984895ae59b49f86453309f4cf82c8f96eec668

                                                SHA256

                                                c02f9a51d06129c2e99badc9797520d6c8060f2218946ed6e9253be264c4a1d1

                                                SHA512

                                                b7c89643745c587e7d84e4ef9220828d26d1e38f164c9c2cfe7c4b35d9095691af9649a4dfc90e5048591da402048123db60e718d1526a0e1717bc665316579f

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                192B

                                                MD5

                                                f157dc9a235472a7648645d28030b36e

                                                SHA1

                                                0a0a728cc559b90f492ec690d77afcd5842567a2

                                                SHA256

                                                6b0e7b5dae12808c6c628ee155f8ababb6ec23354f6138ab5dbe7fa12b11cf42

                                                SHA512

                                                d20e2b85c9d8aff834496564934bba0d2f88fca885f1181157f5a96cf86d85531cd74e398e130b0aaba4592195e0056449e4763ae4419d075cc046d0a974b951

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                144B

                                                MD5

                                                ca41b64a6fbfd533dc267671d8969c22

                                                SHA1

                                                f83990c1362cc707b1dcec188f1d14364ffbf681

                                                SHA256

                                                1be1d84265ac3ab1de11b01673abec56ce5d1d7e58b2c7e308fb7d9f0bcff7e4

                                                SHA512

                                                fe56ffcd0cad954415d176741d1f53740647569a4520fd479fb487edcb5f9eb3eae8fb7f7cf801b391e80ac9ec005ce844f4a17db5734798908802803bbb60a0

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                Filesize

                                                1KB

                                                MD5

                                                c721e81b3996875a56608451cb275f7f

                                                SHA1

                                                eddbcd531c3c6b6619d2440d47184059f4bd2f77

                                                SHA256

                                                11f98d8cf4dffb2097c721f6d997ec97dcf79af8b0861890c6b123da33d1e9f9

                                                SHA512

                                                52a244d6835d94979ec03786fa1a5542fd8d04bed51c3a21c2e0fac200f61c5116f3592e2b7e3f353567e26ee9b06312c77ed1e477d1d9c5d92c01e4561d6b24

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                Filesize

                                                2KB

                                                MD5

                                                9164416c8b3804aa2cc20cc105583278

                                                SHA1

                                                9ad6886dbff8ce6fc3b66df4be11d6728c468017

                                                SHA256

                                                22fed7566cd45222a3f43f38f1c0ebc67c6c2a00e9ac7ae0cfd62b518910c207

                                                SHA512

                                                332a7c155b936080758ef8fc2ab03433e4a0dd02a8a741275d1e8e6dd49045e959a843663fb06278bf5c993be3b9e81c65bc5e4fc904019556edc76d06761038

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

                                                Filesize

                                                41B

                                                MD5

                                                5af87dfd673ba2115e2fcf5cfdb727ab

                                                SHA1

                                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                                SHA256

                                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                SHA512

                                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                550d6a3102a8c9149210783c7672d5e0

                                                SHA1

                                                406cdd28ae53ed998f359ab43bd3b953573b21c2

                                                SHA256

                                                e0de35f7aea225658dd49a1b8fdaf53fc7ca898795bff3208db76235ba04a611

                                                SHA512

                                                dda72c4399fde3e1d0741a05bb890e8ff0e77aad07a69fe4a07e807e92a4b253d8b0660974da616b4c11a1048a68b48b93da5e326fae0a6fe8ce191d9c803b34

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                6KB

                                                MD5

                                                caaafb61d42f21fb48e7704b3e3b10bc

                                                SHA1

                                                c31b769d1ca5d0a3b8fd825f2a84a6706bde446d

                                                SHA256

                                                b94347e880825bc2b4c8c7841c7c4eadc10a33adf8f025add6ed48cfe2377b44

                                                SHA512

                                                1401969add84fc72b7942c6a2d0bc804f912f57a48aa7975669e3a8d55130df794055df2dd75e2ebe5af1dcc3df924f7644420fba4a3c77dd0227a03db7346a5

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                5KB

                                                MD5

                                                1e587275b3741d72cd156a0723aadaad

                                                SHA1

                                                c93c7fd07b30aeb366d020e5c6129f51ef910c38

                                                SHA256

                                                97c109cd357d9cbdc9018aa9abe4d4ec7afcd5cc00e3289d5ecc1eb2cfd6e335

                                                SHA512

                                                159cfc11153c039b28c0d83ac570510c9bea63710dc58c7a2687921a49d3503df0af3ae215b78f1343250698dad907a77820db342b30b3d582801ee9013013d5

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                6KB

                                                MD5

                                                04f615e8f8d5a766a46c646fb5abb196

                                                SHA1

                                                882cde2c86915c0461a6e8af3f9eafb64ffa5bb1

                                                SHA256

                                                0c2d20de92e7a40be918ae7fbb97f012cdac12c5ae01e890dcd421f37e29e47b

                                                SHA512

                                                326600aab7a02dd8182efecf73a5deb85654f7bbb448783513e3bbe59e4075aead8d1a5a711c39eee4884b49317ec482de464b1c7faa537c4c662934e0f684fd

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                6KB

                                                MD5

                                                42a9f29d6860d2da14c153f7f68466c6

                                                SHA1

                                                97fe3598fbcb85ad8d279f48868385e403c3076a

                                                SHA256

                                                35257c0d458827c120fa68e5da4e4ca286dc839abf404f7801a5723c4ccb8045

                                                SHA512

                                                2e3ff7834ac455a0547fc560c28c1cabd24ba3df9182484e8fac2d88f0ba08167848f7845238d86ce5ed9f0c110504db3a256fc5567c18370af9b4a84f8aed52

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ad809d2a5dfb0d40ccb4dab3929306dceacc9eb\86bfbaee-766c-4690-9a3b-098a17a8409f\index

                                                Filesize

                                                24B

                                                MD5

                                                54cb446f628b2ea4a5bce5769910512e

                                                SHA1

                                                c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                SHA256

                                                fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                SHA512

                                                8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ad809d2a5dfb0d40ccb4dab3929306dceacc9eb\ce8f8a2f-1229-4704-b97a-3fd4ff844af4\index-dir\the-real-index

                                                Filesize

                                                2KB

                                                MD5

                                                3f00adfd389e35442adaac6c27242aac

                                                SHA1

                                                5e07d632b171c4c0228c6e0615441d479c2e1561

                                                SHA256

                                                13a85cc4713f1e50c94d2e062656ca1664917ec9606feee94f78b9829499b42f

                                                SHA512

                                                6f1914402fb20120cb330fab01bcaaf939389fd1829b399a76f17842bd64e65244f651a6f97585d269704acc1839acdd783817bd116e66e99632209344ffa5e5

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ad809d2a5dfb0d40ccb4dab3929306dceacc9eb\ce8f8a2f-1229-4704-b97a-3fd4ff844af4\index-dir\the-real-index

                                                Filesize

                                                2KB

                                                MD5

                                                7a159625dbd405c90b84bbc138cfc636

                                                SHA1

                                                41fbdb4ec1ccd3891b73bac9bb7d9ef8b3d555be

                                                SHA256

                                                9556511afc4f51f5d52804fd8a9c6c1133decd4b0938e9b53e33659e2785c7f9

                                                SHA512

                                                eda967d06e33ab0c4b08a53ffedb7494de1121e8083d0133e7abe3ef68d6c087b66119d9a303c95b0c04087981d635bb1269f7b7e42ac91ea2137629d6d55a59

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ad809d2a5dfb0d40ccb4dab3929306dceacc9eb\ce8f8a2f-1229-4704-b97a-3fd4ff844af4\index-dir\the-real-index~RFe589e2f.TMP

                                                Filesize

                                                48B

                                                MD5

                                                dd83b31af38db8e724d5bb1444c3431a

                                                SHA1

                                                cf64eb9b72f9b76b6e506ec084f79fcdd73f6225

                                                SHA256

                                                fdd844e6a9306372232e4abfd5036174d06178d57f7c8e576205a7d2d684a9b6

                                                SHA512

                                                a579788e94930f0c0ce705a2c52ab375217fc2feae794271a3ae26b8b980950c14d166b40f462ce20d86eb6ec20d1a9aa39b7397b43a052c660fe2d7289c9a4b

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ad809d2a5dfb0d40ccb4dab3929306dceacc9eb\index.txt

                                                Filesize

                                                146B

                                                MD5

                                                26048ee115b75c450a1e274bea367539

                                                SHA1

                                                9c6b22b1ca2f2c153043583671c57d0ee4545040

                                                SHA256

                                                92811cc8e7d99b0e54accafe5c24c5eb7b399b31f5e7b4648ac422d54f6fa4c1

                                                SHA512

                                                0ec0e4d838231758235142d747b96347b414e83ec2d247c9eae62e8eaafe77e7907517851963074c83b891b9b542d999ee05cc1059b13950ef1f01765eb4df7b

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ad809d2a5dfb0d40ccb4dab3929306dceacc9eb\index.txt

                                                Filesize

                                                82B

                                                MD5

                                                467aa029fae9c289d74329b5b22a72d6

                                                SHA1

                                                405b5d42c19cb65e0330f8f006c0d4b8ab2ed2c7

                                                SHA256

                                                693d9d00c8a4cafcd18e99f9df189edf057f5d9d28766cafac601032984b61d7

                                                SHA512

                                                ae0a4de346c3bd114774c13fc50dc0f6a96431f4addf4a02b4bd80706bec64c2ef3b7edcfa964bf46b77b29dd5287e2df1efd6d86fc61d7c5f804536358d182a

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ad809d2a5dfb0d40ccb4dab3929306dceacc9eb\index.txt

                                                Filesize

                                                82B

                                                MD5

                                                6e502f339de54678886b9ea7ec394676

                                                SHA1

                                                4b78e3b6c03dbe39183a6fe09e4ef99acbac965c

                                                SHA256

                                                0308a5482f9b77d131646bb1dd748f5b4dd3374541b97d82dc469dafb4455dbb

                                                SHA512

                                                595c8aab1fa2003c7bb4f4690efcb592a148cc1a62a921905b896105d93a851b5b19536dc438c4841b6526a7006bf6653dc4726c69280db9c9a9ec6ff67bf754

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ad809d2a5dfb0d40ccb4dab3929306dceacc9eb\index.txt

                                                Filesize

                                                144B

                                                MD5

                                                4ee6b8435645cccac5234ed5163ebcca

                                                SHA1

                                                9adec8821713050c5c88277e8807d82cf905fd66

                                                SHA256

                                                d4947e6b0e9c51e7097a006a899c2d5334d6dbf37e0db4868a1d14fa52da952e

                                                SHA512

                                                8f1881ecc20e6c04e3148803c52bd1077483b473dfa9080a92e2b735a66756ec9308f37f68cc72088e9a5674dccf416051bbfb20febf0e0317f744aefacf8d6b

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ad809d2a5dfb0d40ccb4dab3929306dceacc9eb\index.txt

                                                Filesize

                                                80B

                                                MD5

                                                fc0d2dc8994b04a63e71dac9554f140a

                                                SHA1

                                                0e8b2026a793e7f59abdffeadbafd0012b1ad8f3

                                                SHA256

                                                0c80325eb13b64d9b8fefb0fcc9e01ffce416a89dfa40f2586adca679447a39d

                                                SHA512

                                                89719dd07571d81962ec3b36b244318dd69f9297d54a8663ed55bf3c929ceb891fec01d426be899311b023d1e8f972f79785d7ce321c79877ae52590da2005d3

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ad809d2a5dfb0d40ccb4dab3929306dceacc9eb\index.txt~RFe5846d8.TMP

                                                Filesize

                                                87B

                                                MD5

                                                458344b055ea1289f28261f4b2878b7f

                                                SHA1

                                                f2a85f0916dcbec18f2ee0181a46e82c7d9bbd0b

                                                SHA256

                                                209c6dc9e02ae8c7eb6133f3035332e7a1bd6708fd6e11db86850d056cd8f22b

                                                SHA512

                                                ac4daf13fa7735c2516e2aaf8354e6aa34779d8370a02f1b0e164fa5371cb45d699212b26b5eadbfe35a88c3b1cc4464c12fdc214dd3f911c9d279b9d5948576

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                Filesize

                                                96B

                                                MD5

                                                e036113357ce3bd588ec25df21432958

                                                SHA1

                                                dfeb1477f598a77e8bf5e753dcfa36bb20335d6f

                                                SHA256

                                                ae1053d1ac4ae4dd53b1577fcaa474b1de399dcdca8be67fbc04e4f39f01025c

                                                SHA512

                                                e1f280d325ca7c8d5ef5fcf9d4cecd4e9cb7f9775becae1dd4c204474a0820cb6744a246c4347095ec7718804c6bcf836b86004d959c829f595a7662f1ee87fa

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f112.TMP

                                                Filesize

                                                48B

                                                MD5

                                                b5b3e35ae9ecf1dd7997c7abce8836c6

                                                SHA1

                                                9c9fe3d197ddd339fb166de77f45c29ccd87a6d0

                                                SHA256

                                                b37e0164b67751dfb5ed272d2e22be76c710df04a7da0791c1dc4755844fc8fc

                                                SHA512

                                                ad896d5471a8fcc6c3924a8138c5ab8a77aef853a1441c1e55ae85a7f7bd256510be8e068740a77a35d410f2f739241f1d0963cd9880e354c66cf713fb598beb

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                2e1ee8844f96f2441fd3624f4edb399c

                                                SHA1

                                                f99b29d009108b4d7c4fa473ffbfea22cb9db037

                                                SHA256

                                                d99e57b9c863ea09efdacc0fd69f86ac761eb0162d2589cd7b447abe6b33043d

                                                SHA512

                                                f92cdd0a0acb73572a4fbb4a8401531bddd938835fa0e98334f83c7614b7056f8e25345cca3f4272f0e71148cb23ae9dd395a66df51f065f5d6c18b22e4d238e

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                1802274847dbb26788594980d7d957f9

                                                SHA1

                                                76509435d29976e5043a96917aa6922a065e00a4

                                                SHA256

                                                aee85ba321dd2bec4a44201a065a45a6948215b7ec0f496fdebe0542ccfb798a

                                                SHA512

                                                d0c1abe9b4fb7b9c5662d00b9824bcf7a9afb9d3354056073d029dc1cbe6af672e6f23fc3cea3d2474180f57eb38bedb00f1605d5891ffb8f915fef0fd146359

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                778c51377c0c4055b36e9e4f79d3987f

                                                SHA1

                                                9e6ad6b262fead403a7855262d35da033cee694e

                                                SHA256

                                                230b50f06872fb4a976ebe5f7f11d8f54440a6242565741ea67fe98097b95ba0

                                                SHA512

                                                080ac13972a173c6d6c38da45ffe193e610c420cda5ff5dfc12997dc9e140cc52570bdd1b2ef5956bf34f64bef42e4e4ddfb2fe7df12c1371133db2a1fedb303

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                47530e758baa811c7ad017bfb18ccf3f

                                                SHA1

                                                d320219ae9fd5bce3aba8b25ed51737fe020dfe0

                                                SHA256

                                                df9fa768ca34a2dd992e0d02266035725a82cdaf649ca1a64c7357e6feaa4d2f

                                                SHA512

                                                365781d9a51a02f47a426df3b31b173d67af52398892e469a46a57058d575b1f4f1fac17c8d237c671c96efb900416445451b2dc96f73be3c8a153ce8582855e

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                154f2fc2c4bf19559c78b0272bd1c74c

                                                SHA1

                                                11e19af36bc9848f29f3068c8fa31fd39d169fa7

                                                SHA256

                                                93c2b5e11d5e6508bcb029b4105e8ab9489bdc355f02284675d9c82e974994dd

                                                SHA512

                                                2379ee5e808d6be9914e8b098a75138734183fee33dd48141763d388772a3c359462b4388795a13b87756f626d7e5460afb15655c88b095afcf69a4eb80db91d

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                868B

                                                MD5

                                                fb297afbc329472bbba153f494cff476

                                                SHA1

                                                fe1f606cfa69c0a715a3b1d6a75c38e08f9ae26a

                                                SHA256

                                                8d7a27b9168e7ca3c57a2e5da64428d914519bfb88b42ab8884b2cc5c5a958d1

                                                SHA512

                                                564984372c457b0940abad9e2cadc1aaa5f565e16b466b6b0450d93c30954006f6da539db396cf3078c08cee956f216a0522727701720c3023469c5709d22f90

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                b0d7aad72bcff38d07db9c6f2803aae4

                                                SHA1

                                                2b5eb2c92f909567abd4fe0e56af296a99017570

                                                SHA256

                                                4de3167bb70cd7ecd7867059cbc2ce8b019485a18798c0f2cc26e8b1605b3119

                                                SHA512

                                                e44f719c8cdb51b7f19aefa81547a53f8785f9edef11fe9e32defe2c066dc4ddc0d5d5808f51e5e7effef23e0507e0cf449f0bde5199f507c38552634227ab74

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                d3391c8d59b8ed1ee6ca83fbe3be76af

                                                SHA1

                                                0dacb011282a3e50dbb57473317dba6d9619c041

                                                SHA256

                                                ee3c803a34a49209eb98a46c567880d0fb2724bb52561e2821c8d8ce9d4071c7

                                                SHA512

                                                be35360c2b1169128f91d007b2acd57039accc116619e6af828b722dbe371a4e8b2812976d2946c4e8efab3f957ee0c5a95b91a4d6084323232e08615579d546

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                608bb581a1100bffc88983fbc9544cf8

                                                SHA1

                                                edf556fe822d3e4c80d3b4bffc6eb11bc41a62a6

                                                SHA256

                                                066a5af39511d6babfe535e9dbec23abb4fa1002a24081888bd1cc36ad59aeb6

                                                SHA512

                                                700fef8ddf76c627b463bb5659b5760cfdfbe70b78d92a0f3542857ddac98cc409ab36d604db4d00e139d69de4fc31813e8e63d38f0af3d698955f593cd5e61b

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                4b600c47aff5029c0e90cb058d1d8ba9

                                                SHA1

                                                ced3a28b72490f08f4bf13186028305f405b381c

                                                SHA256

                                                36e8d45603982e2cacc532e4a68aa1e9e8884398e66f372c16eda295aa6c0bef

                                                SHA512

                                                56f0c0ab1a54816b495aa99ff8a4dec88ab5d4cbb99aec9bb6ddc35ed977a63f73a36051f2d4e6699d4d3cd2ddc7376b50b7acaa8afcc6ac54cba59cb13db9b2

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5834c7.TMP

                                                Filesize

                                                698B

                                                MD5

                                                c3711144a9c6d42d16a09c093826f98e

                                                SHA1

                                                4432cb6b827c02f5e77763c7940d19939a7378d4

                                                SHA256

                                                26630cd1aab3a0a4727e591216fc8987105961af92826adf5dc38ff2bd7ad5f8

                                                SHA512

                                                b1a8329ded037d55f216d98cc06545d1ae505fdfc443bbc7b3e9a1ca1112152e77e0a8bd156be7fa9a3fec071b8e2ce408dcb4c00a3acd0ea0ab03951b36c4e7

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                Filesize

                                                16B

                                                MD5

                                                46295cac801e5d4857d09837238a6394

                                                SHA1

                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                SHA256

                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                SHA512

                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                Filesize

                                                16B

                                                MD5

                                                206702161f94c5cd39fadd03f4014d98

                                                SHA1

                                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                SHA256

                                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                SHA512

                                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                Filesize

                                                10KB

                                                MD5

                                                ffc7143b0a034cc981bbd1480ce8fdbc

                                                SHA1

                                                a66fe5e98cab7a19a6c886f9464f875f2c7e089d

                                                SHA256

                                                25a5bda7fbe5e6719d1359743a654c5d396c43012b0259267fa203a22f8d973d

                                                SHA512

                                                0a139380934b5eb23c15bb49567c0edefa372de8360e8692812bc895025042e6e3619d0a4fc369ceda87d0323cdd21d9dd708fb8ab5344c1dc8654ff0c82ea22

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                Filesize

                                                10KB

                                                MD5

                                                5cce297bd4bc418e4e7a2d4554efe9f2

                                                SHA1

                                                bf96c08dd84dcffecb65df91660ed100fd87d72e

                                                SHA256

                                                62b2107958a45719d02a889dece226aa3dd79aaa6c4036daca6de21bad7d79dc

                                                SHA512

                                                4217873828a3cb43bd60a07af99354108e53730771edb28e6d0288446c09606cc9b4f7bd67703c54f359f736eda6772898c38ba3e3fc739901429bd0236e6bb3

                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                Filesize

                                                2B

                                                MD5

                                                f3b25701fe362ec84616a93a45ce9998

                                                SHA1

                                                d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                SHA256

                                                b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                SHA512

                                                98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84