8f380319a01b631b5a7503ed1f87d658dc9d824e5c9a728328bd76edc6e1d8c3

Analysis

max time kernel
136s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 11:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

redirect.html
Size

6KB
MD5

4f9882cd09772bff8f496b1af17e08de
SHA1

00cd649148e50e319088f8945180e70303cc5771
SHA256

8f380319a01b631b5a7503ed1f87d658dc9d824e5c9a728328bd76edc6e1d8c3
SHA512

7bcba669de973723034fd183365c3a69ac3e8b90a75fe75a8def2afb20bb6312e405db005e91367af1951050daa4d0380676814e7c1b68657d2f083650b6c1c2
SSDEEP

192:d1HLxX7777/77QF77yrj0Lod4BYCIkGOkXadGG:d1r5HY20+CIkGOkXaV

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3344	bad_apple.exe
4084	bad_apple.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 231836.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
880	msedge.exe
880	msedge.exe
4160	identity_helper.exe
4160	identity_helper.exe
4984	msedge.exe
4984	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1700	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1700	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 4652	880	msedge.exe	83
PID 880 wrote to memory of 4652	880	msedge.exe	83
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 3288	880	msedge.exe	84
PID 880 wrote to memory of 1952	880	msedge.exe	85
PID 880 wrote to memory of 1952	880	msedge.exe	85
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86
PID 880 wrote to memory of 1760	880	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce45246f8,0x7ffce4524708,0x7ffce4524718
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Users\Admin\Downloads\bad_apple.exe
  "C:\Users\Admin\Downloads\bad_apple.exe"
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Users\Admin\Downloads\bad_apple.exe
  "C:\Users\Admin\Downloads\bad_apple.exe"
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11899414946163025840,12303731651831450794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1824

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x404
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
589B

MD5
a98d085f42298a95c979b58c180ab8e3

SHA1
8916e39f5e12cc0ad1816817a38f53eb7fa87f5e

SHA256
49b4b299e8aab22d363e12747bdb549851181d919271e77cd006e247e61e24c2

SHA512
1bf5532cba43f8a5f81e152d8daab311095d64e326e6d394fa6f73a88a631cdb0f5027a4a84c2ab591fc008f6a9f5d2cff7f51a045dd6676c726772d748bf1a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
723B

MD5
bd1e1958dc56c8329a4a2a6c72514011

SHA1
1dd430277bbb773e5672750d2575824ff7e9275c

SHA256
a694de0b93d17e4e723f40cf1ebc3c5d93d44683721a29c474ffa9562ee8dfdd

SHA512
aeba1c6057685c7bf7fc9779062721319895d74f72d1b294860178b0f4cd1a246b345857bbd0bba935ab66ce11cfbadfd45052f12bacb28e55e96a5e97f352dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe51141c9c35c020fd31ef01d704d707

SHA1
5e150d90ab724265dbd6365badc7d8784edca737

SHA256
2afec116bcd69c85667bb3e93ff7f18e1d1cc0315cba5a91f847c1942a2ab60c

SHA512
b04b585423ce63806cfa7c2888e2845a99ac32a5193704725350c01d8c3a60a2ec2ade910c26d1f2f365c12b6f8d937c1b4ddebd233a95e86322265a689cc825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed8e239239036fcf701d965518fea2cd

SHA1
827589d270f02d1e2cf7a7e335779a465250ed97

SHA256
9f05360377cd532f079fd6c9d13665209cc33097476176395cb95bc05f155fa3

SHA512
27fd8ed1c03808fd5236cb1355a960091b4fa3a87d9b752e420047ffbd3c8411e5f5a9113e7bb76070b876940323e3553b2789276d55d41d4e7d55b0d315d0d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d66862c40367abcae736dfba907a591c

SHA1
75a8351fd66cbd81004aaebeee9f5a77a38d152a

SHA256
4fd4de77724fb96e1131f6ecbe7cf8c2eb9335fa7142b43b3189a8f53519759a

SHA512
f7c9b6e9aa6154559cf3bc63b9298ebe3f940d6414b0bf46d596b6206febe51813848a5efc78f2ef469069219ed8c15803ce15aac8fa61b24e75c27fe398da4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c1172f2d563e434d5dac5adb74607ff

SHA1
4f2553a3ee56c94d5c910ab1be0ecb571c9255ca

SHA256
9f3c5915b10beef46b68f1546489ddcec4db99c80e23ca9b6f53e8bd8ec7f262

SHA512
2db4e28ddd510082f8afa0d5c704c91b93cc0b3b9c4e9fe51b67221200e3141ea36df764ac26013ce335daabc5cd40dbec483ffdad36b83d2a87032cfd951922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a7447948-a697-4273-b32c-9e9ac2fb973b.tmp

Filesize
5KB

MD5
33d806d5708e36047eebc9876742a80f

SHA1
f8844f42226d95033f82316d2e57fddced71e0c6

SHA256
f02606f313dbd7f5b9f5efaa202bec6d4696eb887c3de07cd6bb98746b140a40

SHA512
3ee6642a6df9ed5610d412b29746f004d5e095953097937ef479849c44f673551f5453be3b047eb7183f0a0903824d711374e94583c17b5ae8c6a98c64f833b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c4354ef728f615772b666c0fdc942684

SHA1
20278a57bdaf7e17e79edd32cb52ac070ea9e766

SHA256
a76c92ffd1c8cd1fc938f875a82f4a8e5ff8ce8c20f8110ef16dd6911daf96d6

SHA512
ecbba84af865d8bf1a06a65ed06c321313599102de56292f8b93987fb0b97cd6c6c4619f6dcbe4990f2a51892d4164ab5a400df0e395f454172d7c20ddbd9e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1a4d0f0915e72508b83035f3f32adb01

SHA1
8c16dab9b1e7b85ab6270def351ab8141c657311

SHA256
6fbad35bb12ad0b3d64e77b02785959c52ee930f1c7cf4e5e5120d02c19b12e8

SHA512
79e2babcb6998f5323301d4cbdda8ff890acc783826320f1606dca40e2ce1680bb1fdf373e4fd88d34bd348a9de780262059f77fd30e0ee7930883bd2f02a40b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 231836.crdownload

Filesize
4.8MB

MD5
6a022e937a774f6da038da4634b0fc40

SHA1
f204d69f3a78629a85f10bd7d2768b6fc3cbd7db

SHA256
6927cb7245652a3b66f1a4517189c7cd08056875e09e267a29fe13f1d3bd4d1d

SHA512
752643d0bc50dd82d7cb82dd8e7acea72859a1f57eff9635fcac0950e73bc2fda1228e8e1405a6cc92ea364f8026e24f4fb88d55f5e92bfe82214dffbe76ca4d

Download Submit