hxxps://discord[.]com/channels/@me

max time kernel
979s
max time network
1033s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
21-03-2024 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/channels/@me

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
15	discord.com
16	discord.com
21	discord.com
2	discord.com
3	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{05DEF715-2D26-4D9D-BBD9-2C1887957311}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
1576	msedge.exe
1576	msedge.exe
4592	msedge.exe
4592	msedge.exe
4444	msedge.exe
4444	msedge.exe
2632	identity_helper.exe
2632	identity_helper.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 1320	1576	msedge.exe	78
PID 1576 wrote to memory of 1320	1576	msedge.exe	78
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 4192	1576	msedge.exe	79
PID 1576 wrote to memory of 5028	1576	msedge.exe	80
PID 1576 wrote to memory of 5028	1576	msedge.exe	80
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81
PID 1576 wrote to memory of 2360	1576	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/channels/@me
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff162c3cb8,0x7fff162c3cc8,0x7fff162c3cd8
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,15392114838751091832,209804710454727013,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
806435928670a9815c02d5b6e522e276

SHA1
85e49119fe6c517f641565cc8c91e1eaee7c5c1e

SHA256
72602005ecb3e45de10425540384bd2f9fe01e013760b821a8c3e3e07402e173

SHA512
ef7706d5b65b08b96c00e39d81c5b01e7cbc87fe6b66c58536d2f71c61fc73738b3cb1297a7e9fabb604d5c71a24b5728c2d491d3da8e3cb5d957e68ef5632e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
179B

MD5
c88a3bc77002a075b95198522f195432

SHA1
dd6ff073c9b7fa86d1a461013165a7251443e777

SHA256
8f8c6061b94669fcf151b9f8f1c979a33ad38d597be893f375bff44ad1b3556d

SHA512
e3facaf13afeab1a90a5c15f31288611e7af177fed3e4474aefee3560c5e1129579ea74857f5a3845b8f04c117e6c5af45c87df5d0b003e1259d918b7b0dff1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
174b02dce20a4ced8bc9b8dd1c3c488e

SHA1
82ad11a8e6384bad2f7166e245faf7e1c82f9f43

SHA256
9ccc9f91a1fd7ab8b676524111d0db2b5633ccc47795de7275d1054c14834b96

SHA512
ec3c68bfda0c7ec116e6672acd5b60fcda1e0341ce3e8d2db8ab7e3b2e0690bab1e6442395b0db5233a36795ff7b77be641371febc1846426baba37ab9f01ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
929f6e52fcd195a7b33db7f52dabf6de

SHA1
467ae35e986ce5d3edc77daad323243d90b21c98

SHA256
a1dc813464651b9fbfbd9db5f0fc4493c4064611b2a291b7cfc9713cf1e77f18

SHA512
14424e1b29d56e4ac9b7ece44260621094cc780d97cb240bc37e30c058468679c98aac06fce8d9cac734983384ab117b830ef3f6cfb7a74191dc9be08bb5a60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e44226c8453e5e52d2dc2f704f1527e6

SHA1
9e3c237466b8504220d9dcc13999d61aa5c3beaf

SHA256
332b4e266e40abde3a646db1464bd87d60762f4ae842c4e5126cdaa4df0c1450

SHA512
bab9bf0730c3d46969d4b09218a0e72c0890dcf192f31da0c1e9955354d436e8a668e8e698de9e542570119a58a09e2e3a24c0d0465d783efaabc67d6a3df16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ecbfbd75c61191a4894834f70def6db

SHA1
baf38d30437c0f0dc9a6940a517ac3c3dcfe8b8e

SHA256
f7fd37d26c40dc6218830622e0afe292eba04a76a5d05dfe06ddbf3610db29ae

SHA512
fb0f5e5bb42881f0441f0971e9e837bd6db6c4093408718d5e6f5e243ec00bde6b2cbab7e96ebb642aa24320d45bc5e0f24405f568cd6e8f1fb599ef8e2228e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b105fe9e17ab44c6bfd60ce6582d40b5

SHA1
320a74440a07d36441495040178ca33e46c13734

SHA256
3081c1d1fe8c0de24c62e1bafb9e675a55c0940c7ba6eafe390c21f373ead233

SHA512
6a12ed51a2355774dad662ddc4c00dde9f56c3633a2469c9c57605f296896b65b5e5a9aecf11448fd5f6ab191b55ef3be662055a7969bcebc784e47e4ff2a4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
466416f726d9291e1eb5b3dad76351c0

SHA1
86166c9dded8a659d0f37df3af4ae60218cb3c2c

SHA256
0c3164731a734f39260f1e2271153aefd727e987544f1760fc39836e9e12b288

SHA512
d2f734a61c58f11197d6c902c6221041265dc245b6cfbe8820d9568f0d69439a52e3464d4b68ad2f909604bd5bcecb99616deafa6831034e8246a27021ae2092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
e082512d13c71fbaf82504a5210b387a

SHA1
3c824962a093ddb7090c549be008385d845ece4e

SHA256
7243363663fb92768d92fe7b1568f535408da59f783d67650aae5e41cd0d714a

SHA512
78b84dd758977146d9957f2391a26df178e74b56f058e251b22dc240062d3b006a34bba02f55d08fd14c5c21f2ac0b6f43dcb31c054e15ede2169b344ed99286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
7b37c38062d48993581abbee15f51da8

SHA1
49f2d38b5a54529be909e9624faf380962359b19

SHA256
e31773a68fd336b6471939e304f3a283b7eac5d5f3c66f59b5df863358b64a9f

SHA512
96b460dba132464c4f3ff1456f14bc5b036a25da1592b6cc07a221a6a3076b1b424f7b13de5315c6ae84d63aaf6900f8af92077bebdd2e73969625af10492948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d5706ce3a3b0dcdc4ec7eaf8a55c3eec

SHA1
6a61ecd77f9ed76ef043b4156cdf49b939a8cdbd

SHA256
e4722c67806b9ad986a92bd7cbbe0484d65033bd4da56a7e5cf3cbfde8271abf

SHA512
0f414867d1c2d9d325e56020bfd1adee45b037a17c24c0ca7c82a23a2e5cf484a380b8220251632db58561fe5da947d45bc63b0c2012847f4c9f6f447526f8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
8a8aebcdf3e32905c0b1f1d4c4dde7db

SHA1
288e6bc8924379422d2e68a6124f641de0b1bd19

SHA256
aa1bcb5277eb87a95fd826c552e72a8051504ce1b2122e2ec9248f1f6f820ed1

SHA512
d095faa921e084052d93d072600c3ca4f7f54b5421d61ef3be22bbd051ca800bfad0e61be10e157ad008777e48aa221606e0b9314650bb8986a6e3b94702843c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a3b8eb4a6ec206ade091fe7283810c1c

SHA1
f1699616678337f2f04ddcbc65cdd5643c9efe96

SHA256
cdc5a4bda8a99b2b9f14393bdb4f5a99120ec5213aee2f29c9aa8ebee90c8b2e

SHA512
8f6daddbc90b33a4d4491c1f695ae32a60bd1288e5db4c8309e4a4a7c21edbc5e30f901b6d358c08480b834d226b2b6a6205fef9044a8fdb346e582f8057546e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
dc37665b0f3fa86dbf2011e0c85171d2

SHA1
426539012cde49fbfb2c5763324f767f5934a400

SHA256
8cc730a63488875c6626f1ea1c6a1aea14da2af616d22379374fa14488d258f6

SHA512
f6906ae95e1510726641d52d9500a52df73c0cffa6fc1a2dd6e3f02771be19796c507d2af09b3c0855b346f69443a90dcfaf8ee50665246684cc2f2d9629f434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584011.TMP

Filesize
203B

MD5
289afadbca3b1108f2d7f4b9c001a74d

SHA1
688f2db4b8b072a5cb1c98eea1dcd26ad431e258

SHA256
e1f49bd13e262c0eaa7f5a415446fc7e79a50749bf3a1085f506b0a141d67dd8

SHA512
142bfee06add176e7ae916db0df735f618f2c6e25d94226dfc4fd3b050dbcb7acae5669da94b723b834f49d9f67abf76fe744b0c6d2689fd9eda2bdd7d0b8841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c4a6d541-2dbd-4e22-896d-b78837fc26db.tmp

Filesize
6KB

MD5
e0a9d0ea4d133dab45117bb883491538

SHA1
0867d3cbfa69e4df4c3ed0d350429e4357fba214

SHA256
0746e490580a2282ac2ded6280f3bdd61bddde0bfa0613396301768537e18c74

SHA512
f1cb112aef3a840f6fc5f5fffb13f5885db3aa8af0acc0da9078ff5f79b618081e988e995a6443ceb6e5631f75b90bf34c8a13279aac7c756195b834ef1995c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
eb126999fdece757f2c7550053b9822f

SHA1
7ea560e34864713a8d1cc8cba0c14ab3c36f14a5

SHA256
65515492a4cc5653d5e3d0b59d01a983e17f05a7f316c4bb17a73fb47d4551bc

SHA512
c077c632b1d7eb1add912cd02340c90a29988177bb3197e24a525eeec3b0e1b238c892ab028cc376846366d4b33a7f4e6d3f622c065bfa70774a2df3de1af39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
fab1b3c3e0442e919b9313631ec0d0c8

SHA1
50cd080a66a80b1fa970d6ba1545250d04bd8541

SHA256
ec3b9d7bafe20860b2f906287256dbd2422a85a949ab89acf1f46f80acde9c74

SHA512
9539fc907cb40d36b4b43ea03fc5d75562a39742f91728992c24e69fcc5ae37834169bbf15828c22e585d4fca7300ea093b3fc26aeff728cb3b2e049426eb6ee

Download Submit