hxxps://www[.]bing[.]com/search?pglt=169&q=free+nitro+discord&cvid=5e923b5793bf4acf91edddd4e5d985fd&gs_lcrp=EgZjaHJvbWUqBggAEAAYQDIGCAAQABhAMgYIARBFGDkyBggCEAAYQDIGCAMQABhAMgYIBBAAGEAyBggFEAAYQDIGCAYQABhAMgYIBxAAGEAyBggIEAAYQNIBCDQyNDNqMGoxqAIAsAIA&FORM=ANNTA1&PC=U531

Analysis

max time kernel
97s
max time network
104s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2024, 19:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/search?pglt=169&q=free+nitro+discord&cvid=5e923b5793bf4acf91edddd4e5d985fd&gs_lcrp=EgZjaHJvbWUqBggAEAAYQDIGCAAQABhAMgYIARBFGDkyBggCEAAYQDIGCAMQABhAMgYIBBAAGEAyBggFEAAYQDIGCAYQABhAMgYIBxAAGEAyBggIEAAYQNIBCDQyNDNqMGoxqAIAsAIA&FORM=ANNTA1&PC=U531

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	discord.com
31	discord.com
32	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-664403437-228026989-2547995067-1000\{880274E9-4EE9-472B-8F0C-AFE05A62EAAE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
1476	msedge.exe
1476	msedge.exe
1884	msedge.exe
1884	msedge.exe
3724	msedge.exe
3724	msedge.exe
2380	identity_helper.exe
2380	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 2452	1476	msedge.exe	32
PID 1476 wrote to memory of 2452	1476	msedge.exe	32
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4116	1476	msedge.exe	78
PID 1476 wrote to memory of 4144	1476	msedge.exe	80
PID 1476 wrote to memory of 4144	1476	msedge.exe	80
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79
PID 1476 wrote to memory of 4316	1476	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/search?pglt=169&q=free+nitro+discord&cvid=5e923b5793bf4acf91edddd4e5d985fd&gs_lcrp=EgZjaHJvbWUqBggAEAAYQDIGCAAQABhAMgYIARBFGDkyBggCEAAYQDIGCAMQABhAMgYIBBAAGEAyBggFEAAYQDIGCAYQABhAMgYIBxAAGEAyBggIEAAYQNIBCDQyNDNqMGoxqAIAsAIA&FORM=ANNTA1&PC=U531
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc339d3cb8,0x7ffc339d3cc8,0x7ffc339d3cd8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5675044314557166439,17077070670504353386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\ConvertDebug.js"
1⤵
PID:2744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ac94e49addbb0b2b78b1cc0c4fdc41a

SHA1
41dda9076097a81d24a814805f80979eb5736a72

SHA256
259e79a3a5696dd704f943a3146b6622715c38d269751ea5b90c4858aeecaec5

SHA512
9890dd31736bf96b3669a9ba135e029d02a0245e31795f71f15bdb79066e95f8d43233643a78e1a36780b6983d88a5a82f71a07eb91133d9319c014e935fc9fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8dde3b1d1f6fa21dd27c62a7d928bedc

SHA1
e1b01308df2631450bff5bc8507843ad06af65d4

SHA256
b199b29540c0a711bae92782075f2e9ac31573a5a7f4bfa69956f3d2304f16fb

SHA512
173acfa81566f31e0a965ed1f91c5b56d35b81d699427431582c8f572277d3399cfe70093da035157a6e963ef977bb4c175292a16f6dfccea6dae6a8fc8e144e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fb9821c13c5aec2b3e7b8557c7058858

SHA1
84e4bf48195d77399994de52e31646f5ac71dc33

SHA256
79345bd87ce986f0371fce4165eaa691705d92ca6dcc1015c645afe04aae0458

SHA512
466b180f588aa643a4dbb09c5fd80bc060be8e4a50a1898c724214e503a115649f8b2966afb5e4ef9bdceeeaa2e35800699a69d8509303ba9c157fdecb28e35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
481B

MD5
49489411c71733a27c4308154c752d7c

SHA1
ff222d92143d456f8454780ce5e8ac73cd9d1d15

SHA256
0c89277b18e6303a949df139ea53b0233bd720e74469039e8a4711b8958b2ef9

SHA512
c118125e3a83bc22a298e74818b6a5ca957789485bfe1c2a438e8e26b9cf1e7549958ab79655a639a9753a32aa48b2195e06db10e5a3ab1e08c9e831366112f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc6627f970191c2eda421b8c31465411

SHA1
89d2f035fde07b5feba65346df63c808a879a4bf

SHA256
91b75298e27b8186c8fa5c894058ee88f56de995fa617d6f6a8c76da4e4336a1

SHA512
f30dc2fcb451dd362f906e414d7711388bafffdd753a4f56d7cb80f27c167164259d89b807097b14e1de8d38d97fac78d8e1739d9c96c9e1f393e8aa5219d9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cdce5b306d67c2804df744b3a5ad1fbb

SHA1
1cd7b162f974955d8b24645658bacfc4739a809d

SHA256
08579eb00c9d0015f9b732aaae05a575e7d5a49a44f5469bf1759a349f57de0f

SHA512
e06df242f4faa9b4ae587596699b13aa71f60533bbd7ee9b6c5736561776b7333499d3edea17d0228d7254a6e0d7ed2cf5eb68040d560a6de3e4e19c78049a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d3c13880b1dd493b41836990fd6bf93a

SHA1
e9206e8e32689e1f219d1c508f3f68311376e3e2

SHA256
19ba41bc7da18444875a1f3c973a1e205cf0cdb278d9dc42e63eef624254c68b

SHA512
f0661a7a35dcd1802092b5671a815036d7fb30ca20f037be54004d8c04b6678b6b0dea75457f9bba4dae8a647ec0c656a6f733fbeb38c88a0ff6726158e353c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b96ba746131aecb29e5e857d7673a59f

SHA1
576ae340ce15cc780b37dcf59192c28a18a183f7

SHA256
2c16d62418543842629b4af51b66ae88759cc254e1f9f783a583a047e694d158

SHA512
0138eb496ebd83a92d092ce694e9835626ce195b0659b43ed47917c188dc1a73bf5ecc32aa663501b050cf92b66fa6e792e0335727dcd6cd740d9b5310fc2d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f9ec79b9cd04f93b3a9f4b785ad2320

SHA1
5928ca67808fae364d891f1ad3d2ee38a9c0c9ec

SHA256
19c71c738f84e64cd81f066ce358168c5dcaa34baab9f721a53a1eec7a453e15

SHA512
72c06b5a6d2907b8fdbba62255c0644a1080ebecbf296ac0efb9bd6dd1bd3be2290fb895875198c2f7806a21ea7da0b4225950935af2f784d59f684d86f72416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ee370fd0b36aa248467fe639b6efd62

SHA1
8d05ed1594e797f3b884c0640b394305cca30521

SHA256
7546533b63e8d119b7d4d58459a88b1bfeb060128844de5ffa9a2800a07505ba

SHA512
9f36083d5068d2b293bd459c8a03e7d79b1f005f7386dccd2df7599b8f94875bfb7bec715e8141d02dbcd92043c8dc621493939cae7bdfa96763927487bc261c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac0f82cc2142c3ae29fd41ac42c6f503

SHA1
f2ccefac66ec372404cf3f54f5a7d94698fa3531

SHA256
65c0aef816e5c3bd2a788b958dd363d80818ef18203f3176c63b21f8ec54a62d

SHA512
4e28eace069a90c5438c3f85f375078c1c3891dafa0177a3ab31bdbebbe968f72c40468f484000a434da642daaab168b2e359db5ca675981c0ebe5962a8b2269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586cee.TMP

Filesize
538B

MD5
da1d593ecdd9377ec00607a81ab40bfa

SHA1
d94960e1995f531a866dc9d84a30f519ef0f28af

SHA256
c0dad4e61a500a7b96520991b37c02e746a0a2505682f589d7aeae54c6018ef9

SHA512
543d9e0b2ecf71d251ac5c228930d6716914e50c55bd640dd6db881474e03ab659a9fdb88ab4c661dfd7a791b913aa0b9b7e2a79d52231984681eea7fff1a5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
5fd11b881107e8d3bbe3e9e6be7df0d9

SHA1
c168c61fc3210ff66ec4b36fe5006842044edcea

SHA256
d1ede6e84c66e9aa2708289fb2ce2e541fb5212090ef1ec98b7152a8dba95ea3

SHA512
ab56e978212d6e389eed78e5e760a712d3edf2e2efa82aeb862913091481c2888d6b895a163773979aba7501fbe8e70dd4554af832bf59f2dcf0db1cffc9c8a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a4ed47d4660a4a5757d026cafa4c1764

SHA1
c6643a376be50a05cef86662b7fac09a354ea23f

SHA256
b48743eeac530e02672da894586d1843ee5a38fc1d938b22eeb801c67060712b

SHA512
e8e436514415564d3b3964d9fb44f179100d642c04370817bb1b2be6d68781837ab8e72486cbccf8134effbc2cc7ad5e10885fffc8fc66bd70f8a31ac992f3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7904554e2de7aac71d5d310671bbc5bf

SHA1
c53e8a79f307452b338f4c825621eacf0cfa5635

SHA256
06a95b06199de6832616222345ea86f2bc40284e824bff13f8e3ad8e5630b775

SHA512
a321db47c8cac6d87802fb05e6c4c483346b53e8bdb899418fca29b2b0da6312656ff7f10de7e6a8d140c0b36feb51bfe22157a59cc28d3ea6463726674dc70a

Download Submit