Analysis

  • max time kernel
    1772s
  • max time network
    1771s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/02/2024, 12:37

General

  • Target

    https://discord.com/login

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/login
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe55933cb8,0x7ffe55933cc8,0x7ffe55933cd8
      2⤵
        PID:1808
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
        2⤵
          PID:4376
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2420
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
          2⤵
            PID:1684
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:3528
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:3908
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                2⤵
                  PID:1608
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4088 /prefetch:8
                  2⤵
                  • Modifies registry class
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4692
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8
                  2⤵
                    PID:3280
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4832
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4116
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
                    2⤵
                      PID:1632
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                      2⤵
                        PID:2760
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
                        2⤵
                          PID:1696
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
                          2⤵
                            PID:2704
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3800 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1052
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4384
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1008

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    3ac94e49addbb0b2b78b1cc0c4fdc41a

                                    SHA1

                                    41dda9076097a81d24a814805f80979eb5736a72

                                    SHA256

                                    259e79a3a5696dd704f943a3146b6622715c38d269751ea5b90c4858aeecaec5

                                    SHA512

                                    9890dd31736bf96b3669a9ba135e029d02a0245e31795f71f15bdb79066e95f8d43233643a78e1a36780b6983d88a5a82f71a07eb91133d9319c014e935fc9fa

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    2KB

                                    MD5

                                    42ec8b664014a8dc5354f8c700764ae4

                                    SHA1

                                    f6ab63f2df4e3558f09903cd08823906e4c5938b

                                    SHA256

                                    20c019120233c1731aec4455f9728d75b9d7735d95b8368ef6dd1ec9761bc032

                                    SHA512

                                    10018b2f7cb9a41688460066aecad8fdfac6ffa17793371baca71591799652f4a6baaf5f1fa072ceccd53c4806be22a8d6c632eb4d32c3da3475a8aee582d905

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    179B

                                    MD5

                                    c88a3bc77002a075b95198522f195432

                                    SHA1

                                    dd6ff073c9b7fa86d1a461013165a7251443e777

                                    SHA256

                                    8f8c6061b94669fcf151b9f8f1c979a33ad38d597be893f375bff44ad1b3556d

                                    SHA512

                                    e3facaf13afeab1a90a5c15f31288611e7af177fed3e4474aefee3560c5e1129579ea74857f5a3845b8f04c117e6c5af45c87df5d0b003e1259d918b7b0dff1f

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    ff61205747dfaa5771788edf8a783973

                                    SHA1

                                    f74f0fd0bafbfb23868babb58e76179a6096d480

                                    SHA256

                                    eb1440ddca5d185ba59e17b34df6ca63a6a18a815c6b772c6da7dcb89694b5e0

                                    SHA512

                                    9dd859be26d5df0db2301dbcff35f897e023e436a86eaa70b614f91b134261fca93d02d925d03c52536d4d03a6abbdcd7feba8e77c6edaa681c704ff9357b879

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    4411876cea58b5dc7c73d34e9e730832

                                    SHA1

                                    dff6ebcaf8aba69e162215540c08baee615a42fc

                                    SHA256

                                    1e13a7aeaadc8fc07be4be35062c7c7361d53d921d51dd6666f41193c75f5013

                                    SHA512

                                    9b159c239709892c691621de700ce455673c7bf9ad08260a9d050b9d182eb03b8c5ff44142dd2f69dcf87ae3a0b2bea5469c1f731be41e785a39b6b72d63fa72

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                    Filesize

                                    25KB

                                    MD5

                                    0ee370fd0b36aa248467fe639b6efd62

                                    SHA1

                                    8d05ed1594e797f3b884c0640b394305cca30521

                                    SHA256

                                    7546533b63e8d119b7d4d58459a88b1bfeb060128844de5ffa9a2800a07505ba

                                    SHA512

                                    9f36083d5068d2b293bd459c8a03e7d79b1f005f7386dccd2df7599b8f94875bfb7bec715e8141d02dbcd92043c8dc621493939cae7bdfa96763927487bc261c

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    3d408850398d66e63e7fe01b8e7f5b58

                                    SHA1

                                    ca60d51e86830a1c859b15acda806da2526a0242

                                    SHA256

                                    2f387e0d5d016d34039ed7354b8ba199a275e0051e1fc93a86f53df813d31ed1

                                    SHA512

                                    e0baf0b85963ccff4f3a7cd4c723e986e069a02dc649dd0da5d1b0496f1deca045a863154322a9c02adfdf9f063e99acab07a674762c4072c54db928713257cf

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    7a7ecf0811fe70bf9c0358dcd5c3d4b0

                                    SHA1

                                    c7d427279962a1248d4e36775d01936052879d91

                                    SHA256

                                    9fb925d1cb8ae73c972b4f1f3756c6afc15e499bbb47690ce98ccab3ec1f69e8

                                    SHA512

                                    471b3c9ee566d9da7829bd69a124e7156a368d9f086d375e70c05952672df96ce745eef911a60ba5ce68e1af57372be5725076d438b0df208d1639137e5a3c85

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    3161d1e7d537472e616e0a6413a70465

                                    SHA1

                                    f1bb9793f30e15c534ac35ca1a4266afbd9f7c3e

                                    SHA256

                                    ede80bd71dfba2044ac829bcbf41debc2199c806265735ed317d4f4240eb8aeb

                                    SHA512

                                    aa78b86017159d77121936f117940174bd6a441f45ef72e3b59771118ff99dd8c6703e7b455b609fd35daebe38c45ea5c7e7bb587219a344789f06209166e92d

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    ca372cc987691f199a841d05f8e66d34

                                    SHA1

                                    879d26221f8cf69e8bb681a8119825baabc5b564

                                    SHA256

                                    dd90457b4d6591200df77155a0771da86154ea9854d6514c3a86a561f1108a25

                                    SHA512

                                    3fd846f86358edb7a213fb954f9e460fc81b7c9b6fb9284215ec4b8ff16212d027acda7ee2f8a61557ee6b1223230dca12c3574db4933141d34bd5db1cc9c221

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    4f08e87636bba61a85aaac06327f859f

                                    SHA1

                                    b0c28cc35503df80fa56ba32f8c26eae10104c24

                                    SHA256

                                    205abc10b32f0494dc97ec40a120e81ae5e79485574e84e221a1910b9b63d18c

                                    SHA512

                                    95a76e449ae5d78458ec69228072d3d6387292f438dc0c537cfe9a09a74f215edf96ae05a144bbf3947014c6f3acb4bebbed20a2dcfda1bed1f874f4065b216f

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    2c7b92d2c0c5eaa7ed88b68bee4b9670

                                    SHA1

                                    0048dc515f5f78e6d85c823a4d002fdb08542eb8

                                    SHA256

                                    ccbead0c1f65ee44a7ab3339330bcffd067dac985098445d5a5d04b43b87c9da

                                    SHA512

                                    69cd15a78ac640d0c4c5c7c8ac719bb9314accde07c5f5e64951682efc1ab7e852e66400fa8add0abfb04acab3e261ccac768b438551cd14731e0720f78e7bff

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    b84ebcb8f7ead877a8152902fea4bb91

                                    SHA1

                                    6697a32142a980380898fa188761492175a2cd95

                                    SHA256

                                    9ad1fa96e344d008b2bea689009a11b018095df843302913117ecd9fad99d682

                                    SHA512

                                    a9873ed5efe748d4b59f9792f9afc7df7de359158fe1723609cf61e1466a5aaa732110d7be636f8f50fe2aa05be31776e2a796d668486e6a051c0341006a85c8

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    62ff6a55478a0bc2dfc3a1a69984f60f

                                    SHA1

                                    6d82eb17cfb0966c9f38bbbe6e2390e9892032bc

                                    SHA256

                                    6c0bc7137db3c0e4fba1e898f87e2b516da8fab285b4aef81564086d52ce0429

                                    SHA512

                                    d5335555aae0efe36813c28784fd4f7fc9dacd2f34258fe4a718a971af4f9b27176401dd73226645a262719a4853dc3c37cd4aca9fb2315e28916a6ffcc25964

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    52a0af29a3a3935e2bc7935c528c7d1b

                                    SHA1

                                    da2f7a2bd207f07e746540c91a1bbc6aae94075c

                                    SHA256

                                    836548eaf7417ebb897433bcfc8cb9455cb0523156ca4dcf5a22c3eae692ae8f

                                    SHA512

                                    543887359bbd8ad5945e028fac4497b451b344940c79d6341a147f2d5597369a6572cf98697d475af588edac039a00e91c31894b6e1551d82c44d07cca47a31c

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    0d0aad48169298d55b704f1f0932aaa0

                                    SHA1

                                    45f175e500fde594ac11a9a44246a02089508644

                                    SHA256

                                    67a47c0ee22952f61aacd3954ae4df85405579a5b47538c3c334c0fbb0cf4af8

                                    SHA512

                                    66a44d45ee7e828b21dbf788eb33945de08f36df57e423008f5b2b5c3c4e775ddfff5ab7e0bb24e4f927a1f5a298dd2f802f6d0d39f3df13c3bc390b4bff4a7c

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    29830471609fe59327e52d52d838ccc2

                                    SHA1

                                    b49a09ccc680ed3e1743abcb40332cde954be2e1

                                    SHA256

                                    c467a15f705fe384328bfb40a865c6a6281a47fcc1f85962196d900d607645e0

                                    SHA512

                                    8a23cdc493fe02c9be393d5ab60f1d3bf860b43e84648d3ac7f2227069096e2f97d46d10daaf1fae2a4a79890e45616973ffd5ff7c95c7856cfbdf0660bff873

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    f09e5b64003a85172dd14239ded29366

                                    SHA1

                                    99f542479fbaffeb23c96508baeaac4d7d2a71c8

                                    SHA256

                                    6d858eca0e8aa86eacb6d1113eed074ff3806a3af1798f22e91e0a8489198d8d

                                    SHA512

                                    a0ead75e80b3bfd36e6f74d54c0774526c130a5d89d7f8fe566af6525bc169a3a490fa07d819ac07213165dff82ce8658886fe9401a58244f55830cf17291446

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    370B

                                    MD5

                                    b4d6b50169a328466dd92c41369ccc07

                                    SHA1

                                    9a03df408a66d3275e1d4c6dc942474b02d3e921

                                    SHA256

                                    9be679ca02f2bc722832ead8aadc71fe9489d3a1b2e66dbe71aa1d1cd13a1a81

                                    SHA512

                                    164cc50817b638db768540c405b55b647b071bb63e618e0013a9eee97d6a75e312aee350140690cfca11669d7f531b73f5a0eb837a4211b8ccec03f7173f7f10

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599234.TMP

                                    Filesize

                                    370B

                                    MD5

                                    fd065948620570375741c6b4d2144597

                                    SHA1

                                    b6063b57e77639c30b95b9022f01b8ba39f95374

                                    SHA256

                                    16ae153f8eaa08d718003d1aeb94575cef310d523787879111bbf45f2e7659bd

                                    SHA512

                                    28acabfff6aae11280071305d969a77062af3ae9ef80d129803457e865a226dafb005f3797bf9c495e58f371820bea2ef1633fc3d07ad0838405daa9d8f51db8

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    e235e107c329156e0f83ef58f4f82cbd

                                    SHA1

                                    8e7ae2d6ec74a3a2ba1f1f943f08b3d0c529d336

                                    SHA256

                                    15da98c4d24b33bc536ab51dee97cef735e0822152a6997242b1de58f3f0c012

                                    SHA512

                                    6d143fcfe82bf4d1698deca90e2b8a14a3c142b58b856f7c34a6ce05264ac8e6610c11bb20b6d82d4d59c20942b3d5f379769dc1d0b3c9c801cde14583697e6f

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    e55c4d53af0ee72a91846bcfd4da84ed

                                    SHA1

                                    bf9ff3c091dcf8b336f6b48dc738b1bc6ff6f04f

                                    SHA256

                                    18e78925e8bfb331340082fc3c39bcf7545f731a4460732dc6995ab20a945707

                                    SHA512

                                    19962a443b8537cfdf49a8894da06f5b1ddee230e75359e90ccd7b7734c266d5b75a2167f02912978c2882f8954d4c5be5bc7c6fa6e4bf5872e9a726b9d6b430