hxxps://discord[.]com/channels/@me

max time kernel
1171s
max time network
1173s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
18-03-2024 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/channels/@me

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	discord.com
3	discord.com
5	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4280069375-290121026-380765049-1000\{0296A03D-72AD-4896-9021-2F92712F8985}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2468	msedge.exe
2468	msedge.exe
1964	msedge.exe
1964	msedge.exe
3656	msedge.exe
3656	msedge.exe
660	identity_helper.exe
660	identity_helper.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2188	2468	msedge.exe	79
PID 2468 wrote to memory of 2188	2468	msedge.exe	79
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 4600	2468	msedge.exe	80
PID 2468 wrote to memory of 2240	2468	msedge.exe	81
PID 2468 wrote to memory of 2240	2468	msedge.exe	81
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82
PID 2468 wrote to memory of 644	2468	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/channels/@me
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd4cd3cb8,0x7ffbd4cd3cc8,0x7ffbd4cd3cd8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,7277473163392499290,6749391992074992873,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0407c5de270b9ae0ceee6cb9b61bbf1

SHA1
fb2bb8184c1b8e680bf873e5537e1260f057751e

SHA256
a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

SHA512
65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ded21ddc295846e2b00e1fd766c807db

SHA1
497eb7c9c09cb2a247b4a3663ce808869872b410

SHA256
26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

SHA512
ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9b8704c8c4622e3f29ac03daa7cd7126

SHA1
d3b741d0504ca70d0ef2d424849caba15b0d891d

SHA256
df227414b61147d028c32ce86dbef5be0a6e37d2d7074a888991469bae37387a

SHA512
b9129713e1c9d298b18daea7d0e15e9b782e256e56283e87f9f280e0889d7fb1d4006c46e8a124a4b719169da1686ba9804c7c8fb0f9563c64137dc6d1876d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
179B

MD5
c88a3bc77002a075b95198522f195432

SHA1
dd6ff073c9b7fa86d1a461013165a7251443e777

SHA256
8f8c6061b94669fcf151b9f8f1c979a33ad38d597be893f375bff44ad1b3556d

SHA512
e3facaf13afeab1a90a5c15f31288611e7af177fed3e4474aefee3560c5e1129579ea74857f5a3845b8f04c117e6c5af45c87df5d0b003e1259d918b7b0dff1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c37dadd7e5054b2e659ce57150b5c543

SHA1
54cac6838623e36337fd96f507837317c1b549ad

SHA256
ae50b0be481fca86cbbfe06dd755200dd66b225d383e6f36fb629cede3e4c545

SHA512
82b1201106266ec712e35e5f8b4f354910ffef75b070e400b59cc355abbc4cc815114e31e4f5d112671cb380b8756ee7a8034d59366ef257681d8f73e699d823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7ed48f22c265c37fb06cf33a77b0af7

SHA1
736eae64eda46f7b79054d06b228eecb4ebae37f

SHA256
d1f43df95ad8a1fe2f1daf773498a18cccb1c786020602bed077cfcd7071c49a

SHA512
e797779a20df621718353e2a300ff7c4dd09240bcc00f19bebe51db26967c5ce18783d7d84fcd482c7132c99b322d67e3584407e375916c0b9ef5fdbb3591543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
c86619c575993ded15e71c305238e043

SHA1
30445ebcd39cd20fcff513ec9976a2963dd9ee55

SHA256
cb7e84bb4bcdda091b6c8053fdb01e018dbfac6f8e810d64ef6fe9405f568979

SHA512
0f637cb65b54f7edf5e59188260a8d28abaad0cf511ae82f75a67d73b30d54a13e787a9434f4270001dbef0ad4f3990d7209de00120d85ffc044f8cefd705c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
154c688319d27f693d45afabafaade71

SHA1
cde960bb1b7e440eda1421a3b0a96b7bf58e3f18

SHA256
68be4eac1ec2e32d1003c2a576cfefdc3851c681752b3a6e5dea1d416bfc289f

SHA512
bc44dc3c1be0a5cd48ea5aa104b1ce4fe0a959412ff4b9e749f5264be993505f5df8c109dda51187e527d9c6fdbb1854b968cd9f92d7be897c5a92ab378e87c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
f09681cd421a29f09b62cc8218331c44

SHA1
4dc42a93c93f57d7edef8b15041f075e4c64b47a

SHA256
ddfa615f8dce36aa5ff652ad67039224dab3f3a11b89ec4bcd2ca2b0e1ae8ba0

SHA512
676376fa939cd034be6364cd629e2fb1719d37d76bfc2d2382725cc0ef4c005f5c507d3fc42b251fdf2f0a772510bd2ef526b97e87d4c6b3b84cec7eb830a1fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d6cba189d331824a04f8c6ad271b19a0

SHA1
2c55d8d73bb039e79284951230c10f82c79b680b

SHA256
e377e94928beba05059bf442c7e6c1b104affb0740b4ac21fd11fd310c905bc7

SHA512
6650175c647bd38e8c09e4db0a68d1edb6f774a3672c8eed80162ec0b615fa9f5fc53c6432e1982d9b49a8ee201388482b9a6da434478787061cf07b550d3358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
715c5ce647df4d2625a31e05cc589a70

SHA1
024e9fc22c56c5b15c121f066f1a7bef47485ea9

SHA256
69305d2af98cc2606606914e9fe0a6a58df3ccaec56ee2ca31c87da02dc15ca5

SHA512
014fe2a083c8e7ed16e394d3c048c52f9b3fb2105c7e5f215c461670745ac195549b1092224d3d18bb5be8cbfa8f788fd7a7d655d244c5c92f26fec93aa236ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
5f180878b3f1cd90c9830ec93dab1f31

SHA1
e1f20a3d5816e3b389222db11a33cb71b7c72a98

SHA256
b94c63d3267c7b880703003a59a9490a8a5ff13736e5c7ae0a05f70201e9f131

SHA512
5802916effbe035300fb7850d2e00bafec7e96b8ad7126b05cd563608779447583104779959e3769f6c6ca2522280c0f271b5c34d056c7f55e9c4e5cc310f2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
1e45c293febe7926f4f2ab9503e2bf9e

SHA1
f47b736bd15086be7d2db69cd190b83192df337f

SHA256
51faaa5998df32f722db66633d6669f633e7c1c6a6783d0d9117e028bda167d1

SHA512
193ab342f186ef22eb912d40fb38769d155105d7f6fcf074cc7474fdbbe6271e9c683b87e77bb2b61284703bb0f783c53f2c1fb1580ce0e8932a038c5c0a12bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b41dcc0054f2f65607db092a9cdbfc72

SHA1
c59d80bd541c21373907e597eeae88dccbe42167

SHA256
29175de858526b0ea19530849492aa68b12cecd5c77b3a559b1deb6db2ec679b

SHA512
d1a44c2bb4420ddb69a981525bf5079d43a0231f3c9eb2b77b2d32225bf99a4eb6323e8d645b1b5b7352f3272ccd66403bef9c7bed573aae01d0faaddec11f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599bd9.TMP

Filesize
370B

MD5
b23e45fd16d8a8b80e631fd76a4aba92

SHA1
5fd977855e6a105a3ae83a051a0ad63140a74a80

SHA256
87447fa758a70460d23e432010652803288db18d1b1370a2a5a1f6b2c5491a94

SHA512
2abfc29a91dd28788ee34f9d9987258aeb0b81e42f007efb299a8c869cdca512b6ca05e071231335f45768098e00522f1c506e03cc24934076d7563bc9fbce96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6c18d6b72b923f731696391e77b6ffbd

SHA1
f593f3af2744d1a73320f20e40225a79921199ad

SHA256
747e75685449960d2dc3051e3c99135e125a15eb0e92ed7b30edcdb496ad580e

SHA512
79e2ac42c15c5ebb80dda9095a2465b9d04148635ec9edc26bbc95515eed03243906ae6eca75ae57ebf8bc857b6c2154858be55d1a06279021e2e1e81d1a0538

Download Submit