hxxps://www[.]discord[.]gg/TGqAbDHw

Analysis

max time kernel
594s
max time network
451s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.discord.gg/TGqAbDHw

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3073191680-435865314-2862784915-1000\{41DCC455-8EEA-4F56-9CCF-76B74192CB40}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
3992	msedge.exe
3992	msedge.exe
5328	msedge.exe
5328	msedge.exe
3152	identity_helper.exe
3152	identity_helper.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1232	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 3596	1208	msedge.exe	91
PID 1208 wrote to memory of 3596	1208	msedge.exe	91
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 1920	1208	msedge.exe	92
PID 1208 wrote to memory of 3992	1208	msedge.exe	94
PID 1208 wrote to memory of 3992	1208	msedge.exe	94
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93
PID 1208 wrote to memory of 2132	1208	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.discord.gg/TGqAbDHw
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff997ed46f8,0x7ff997ed4708,0x7ff997ed4718
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5624 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11319068376086858393,1851905968627527402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1232

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\06d6bc20f5c943adad13a0dbd33f6b4a /t 2936 /p 1080
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7c5b93e4faa9e83110e4dd5ce1f30b15

SHA1
ddc9b85b0f008b9f5e085d9f245b42715faa8366

SHA256
12dae2c3a3cebb242268e223a95fd8f1186e21c052d8dbc865caf940a8bad17e

SHA512
1d1f5dabcc0a684a8070ac2b4e99b54d542290fc58eef8481e2e99d3aa9dceaccd6413d67a368e2e895d07f9682d170fb9556dcd653da33c3b35ea6a84ab09ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
327B

MD5
4c875180383e2924ff3cd2ae96fd02cd

SHA1
3061e7f500b095ae7a72db3d7cc49fbe883ce4e5

SHA256
56c61aab0135c1f692052d8bc4bb6af6a3282e482b88b72973a19422e9f02bc3

SHA512
548ca762c623c72cf7b89a909d4902fdaff901f3ebb518240499cd228571da7b47cc091e9c188a7c91b0a6d17c4fc24fef4ba97f13001fc87e1075710c3fafd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
07db3a0ed465d173168caff142e1c821

SHA1
d7b708de4ec481d45fa04c414084e58ab7ebd068

SHA256
57cc79eeeee328c0017fb6d5e4d0216a6c27e6b63e79561b38c6388dd74752fd

SHA512
916dd78fc9b58af57c22350ae93682fc1c419470001cea74648adcb649b7cd47186c23cb55286c07d94cb31291a2fa246afd6c8b77323a874f614418155629d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d5c2593785ed8ed77006a6d2b0795c0

SHA1
a2ea1e8add663de82373d62dd5e5c4ccc90d8e61

SHA256
4f32e35c4bd56af9a7d17cb825105cd991a36175aa2737e94194c785c9236c80

SHA512
69af521551ff4ed22c85f3bacc845fba8ba88506d5dd058a4b14b12359ffd5b1be025e6d8666467dad7665a7a8865f6628b2e14e809d37786f105db6ccfde381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ab2994ce4e6da50e3a65efa5e54e580

SHA1
9a2442b7d86e6148984c08d001456a4f4fc148cf

SHA256
185a70c7d66bc38a60b5afbef6a04c0619eee878992e32b38ffb759de7bda1d7

SHA512
f8ae05ea40de745877a19b2a8ca8f3be58592e75efd846864cb95fbabe2309c8cb1d5983694eef2f5bdb5943dccb9c9e936279949c534498ec0bf11910f1fdc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
920cf8736eeed01b631b5f057eb5b72a

SHA1
559e9e0d03c7941a98f660e766bb2c337a2dd61a

SHA256
3145428a1ff4b63dafdba72c9a1c5c563811d3be4191ec2ad646396f581392eb

SHA512
b69f01eae5bd3a70d62c9b69ca725293470e71892fbc596125cee26c277cd02ebb549b7c8f7bed0a2162852fc926ff3c36eddfa5dc6bf00dee43f9183d3a05d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ad5b08b89ae8674ead4a399d90c8854c

SHA1
88c7a529f2a66bba3b184c25b00e00e208235ee2

SHA256
767cc386ca391f2e4246b79ccb9e84479c0c24870b3691e86f27d8a4db6596a9

SHA512
6e094e957be3f636e43fe730bd1eed13afaa8466e3753434e248eb1e2b61ef6f39b06a90675676bc6abd0e16d3a3ded76b0b3664aa102c38e822993f484c5450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d810a541b4384d39ba37f0ce02b29dc

SHA1
f552209744930d2a7a217a8eac52c5e97ddbf04c

SHA256
f99eeee643e5f4fd6aaedcc889b9fd717d79ef39f506583ff2811772a802b3a9

SHA512
07dff47a7c63c025a8d6e0ff14f161e029a7e716c085ac09b35d65a0f521237efe21f865c51933c06ffa61a80a222519d712be778f395d29ff66c3d318c6eea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03edaff8f7264e628ef8bbcc7087b5c1

SHA1
64294f66a089960fee6e1e01423e8cc6a4bbd1e2

SHA256
1f9a970c56a6a5cb119eefbe9789e62c4ca184cffa489d1370fb7247fa2df1aa

SHA512
6e810b9ab840167daa412328db46b7672dd6193ed49d5c0fe694c15c3de71bd1ff4766c7b941be54ff83e8a75be341eee3ec185caa0c1bd01f3e45a05eb0bc5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
efb87afdca564aff2b780f4b57dbaf8e

SHA1
ff1e0fefce227f83d444cebd0066f0002fd10b82

SHA256
1e4f7b5a97341acd6742971bb4af9c64f0fd1a41a5c03d7933f213f3e6e1a612

SHA512
26543142c7781070d0aff977e9c193d8ab543a10c7abc264c7259e40c951bba4ed96aabfd927df1c15b9a7e277b52433e990ed287bdb9580226da5efb6e3f063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
401fb875bb640efd5ea0b7481577797f

SHA1
d00a9adf409af2c79f9210cf71f90066a3597889

SHA256
fb12c5ed785ff4929ce15f4eacdcc729008808159ae7d27b1c7300f5b9078525

SHA512
9ea7c29fc3fa9ce6703bdfb0e99814de46a2108734f543602638c6efbec4e8dce01bb94cec8318a6625d7a9e7e1db62c7bb9e965eb626d20bc48b3e06fc38900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
7122f76e155486e79db09ca6340f77e1

SHA1
d789f08cbd90dcf0a54261815bc1a704bd7d55ab

SHA256
e49ca4cf7940fa61fdb7ecee9d82d5b42ec82130ed264de3ba6e54aff45127bd

SHA512
7ae899d4a66ee0f8deadac1d54cfea66b0c225a395e2bcf56ec168807270978aeba246a9ef5386360a5171fd2213d3885fcfb3669cd90516cc04f544eea016d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
ea9e43b79aa2424f1c9e7cb5ecdcb41e

SHA1
c3626d816cc55305e250d2207d6be9d99030f18a

SHA256
9865292653960fa195020633e40d5c6feed300e0840f96aa34c4dfbd59c1ed59

SHA512
621a368156d4e74b7683eb1558725ac69316a3090f1c245126b1d459f05e3fa70a3781f2c3e0ccf662c69ee9c632201a77533bfeb955aa583419316a422831a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593c53.TMP

Filesize
370B

MD5
21149ccc45b2d69d21985ff113291e15

SHA1
f2c49420c3d67e2906d705e504982464c5b31bb1

SHA256
30eb300d6066ef26711cab191947a486bd5a399893d1ec7c14682a1660331efb

SHA512
c7cf4dbd01f92362a68ec62e279dd83851e429570ca2d908ffdf477751ce5820c0e05a4eb84ab2f39a18459d6af6943ae3afebccd3d22d328e3803b7a7da00cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
69b3f80d0fa2a9a3c1ccdc9721204f4c

SHA1
52145d93be4a247b5cfcf9c87f3b22059c646eeb

SHA256
681697b0502ebb28f21fb677288784f32f7cf9d4fb7f33f02c453f5b427bb2c1

SHA512
01599186887b16de1a86a1992132b4a18b85a7dffd492821e8d1b44ec15c2289f992e86960cda145fe65dc7ee64a7544fec3f4ddb5f04b0edf4ffbcf0a545037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
836c3cd7fef7dd7ff5f6d56fe06450a8

SHA1
83538959e7e63ef61b768b609b8cfc914f528b5b

SHA256
16f1ebdca4348b44255b4e5d75b5a89b198133f1c9708823691c08f179ebc458

SHA512
d7bee0bd5bf1b216ac7d23af4df7fec884dbeca77c259b4443c20deecf4d0eb8055bc890e2627073d2e35b209f94a877e4a77f6a8d56179b8af53b0acd2ac0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c5fed00b302972cd7237e0a62f42bf69

SHA1
910126d2f07348df4c9c85044bc420782d2356dc

SHA256
0ae61eba5cfed592536471285b0d859987bfa987ff1ecb998c9b0578959c5e8e

SHA512
419a1b7fa99eb86375fafd769b3c63ce87d9dff7b36a86bb0a1de2b0d45b835945f98e7e5b1860d65c852532b49a62b64a4f65f8d83e5c3c69a5569e8d9c20dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24285113c4706c58cb2ce9efccc8dba6

SHA1
841de0fee9bff3b71023a82787919fbcad23af91

SHA256
394c08dcd303473fc68c7128ea727a4c0f718686a558e7fd87dcdcf98773c0c4

SHA512
9b0a948b04d27c12721b247b03a45208e202e37fad57c3c7f0ca486e57f040e7dfd79c307079d591059e3175567d0315d2b24889f4c72ae4ec611c1fbe05a37e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit