hxxp://discord[.]com

Analysis

max time kernel
1049s
max time network
1046s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
08/04/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
14	discord.com
73	discord.com
1	discord.com
7	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3594324687-1993884830-4019639329-1000\{7F7A06AE-336D-4C31-B58E-4317D070597D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4076	msedge.exe
4076	msedge.exe
3916	msedge.exe
3916	msedge.exe
5016	msedge.exe
5016	msedge.exe
1536	identity_helper.exe
1536	identity_helper.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2008	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2008	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 3724	4076	msedge.exe	76
PID 4076 wrote to memory of 3724	4076	msedge.exe	76
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 968	4076	msedge.exe	77
PID 4076 wrote to memory of 4060	4076	msedge.exe	78
PID 4076 wrote to memory of 4060	4076	msedge.exe	78
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79
PID 4076 wrote to memory of 2064	4076	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb86c43cb8,0x7ffb86c43cc8,0x7ffb86c43cd8
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7719549708285941739,13711357132205306510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4380

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c65e704fc47bc3d9d2c45a244bb74d76

SHA1
3e7917feebea866e0909e089e0b976b4a0947a6e

SHA256
2e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110

SHA512
36c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c3ea95e17becd26086dd59ba83b8e84

SHA1
7943b2a84dcf26240afc77459ffaaf269bfef29f

SHA256
a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc

SHA512
64c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
93KB

MD5
a8cd5b56384a0a6c56270aac751c5f40

SHA1
bef1714218e3eece8e04b23e448d7ffbc37b35a6

SHA256
1fd3c63746c6637930c70d45cbf8bef5ae20a80247dcaeacbd64d12bb381bc13

SHA512
09b2d6216e2a9aee87543bbe21b95a818a48f9c40e1495a35dc1aaa171b260f77e2d34813ee9fa22099cedb009fd83bc77bee81b298615b18354e7cbaf25b245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4893fa310c2769fbed4a8c4a1cb6ecb3

SHA1
18020efe1463a7e37230436de48166a58d73f20a

SHA256
8a841bbe459d1e82df473e1a21a3d089eda0602eb4fa9104cb47d178d1aa4072

SHA512
cecbf7bf83c5a09add5b510700f331f31994a6b1e13a758e0ed26592d7cfd50161c26633acd4c727e34b2724cdab2efef9521188e3f0a12dc3fb2f14f79d03ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
325300ca7582dfb29b1506bcd6ced251

SHA1
4dda01c8ba616b52eee2bdc4130b3057e0cc6bfa

SHA256
cc4edb1d99f620809105cf77ce15148eb65ba064ba21865518f4150ce61be55a

SHA512
21db181e9947ed6d3e5fbcb8bdb0b86531a122dd8870136cd8667c8899aa0bd033c3fe8ba1d4eea7c87af4bebd6c8cd93546cc150b3ba75880804829f462cc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9057d84e38a00215812637b3227e4991

SHA1
b7872acf41cc1334a106e0cd60396a60a97f63ab

SHA256
dafbcc1803bcf1917081ae1ca43d49da540ba783fdbc9bd1a691b006332fb132

SHA512
58e66841c0bab578332c9b2f75c0be1708e41fe1515b6e8e7de812af5a696f5eefa450c255c8396390e50a9e0bb6a9944f650f1d40e2b3d6c129be959899a782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b3e02718d907415af368b0efc12e79c2

SHA1
f79f1dc2c34bc09b9274c6fa23f954dd8da15a09

SHA256
65915b5ab76744e2440743bdfa07acdbd0dfb32b9cde1c6a52b26ad4a5bab87a

SHA512
096c5af851878ee1f9e2476aa80601fdc7ceeca0f1a45438be6b4528a8ddbb72f181e43df568d810c7533f617ff04318973b92debd57b2330e5578f39740b003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
224abc7c2fb98ca2a8b966c3e0b52d44

SHA1
1371cd3e3cdd5245cdce61cdfb2dba03e207b14f

SHA256
6f38638bbff5dc94f13fdf1d47d11faedbaf7bb30261781890fbaad07dc00045

SHA512
935bbb12fd3e7c63a4f772581b989c1e11677e4bbac22d6574c4898b3be69453bb1cce7228ed99a44d8a8de7b1774df9a9bae2a824a501701255298f43da2842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b5994e4b45b3111a4a1847f9a27a32f

SHA1
9aeb9933a8d13f9728bb196c6b7e334c804cdc60

SHA256
797ec0d1107cd2916046b450b2f41ff888f01b3b943223fec30afc5dfe775915

SHA512
9f8b8d3527b67b38099be295e42ec03c62bae74cc9831e24beaca9d470c9966fceef0c6f0b1299babfe243eb7c58784a7f020f0dfeb305651e17763cf79affa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
859334f227797c92ffc7fb34b31169a6

SHA1
63b0bf69a7506e57728e17dfd1601cf7787d7b85

SHA256
b3c289bc8b245da00a03aa606a4b3af3d13c42a659d72d88f7eb40f8007f1683

SHA512
8e570ffc787ecf200ba2164f449158614d1007f3b60d0e1426e1a73a72e6e4fa3e37805c82936c6025246a2712e6952536edba0dfaea6d4f25b13f184d061fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9e03503b1ee2d87a557504c557c3aad

SHA1
a03daccb5026958011cc95dddfa42b239e5c91f5

SHA256
7c08b94597f400088884725c3b0879678e6b04cb62df34499133de346c5f2c5e

SHA512
74ae35f0dd7fec1fc36d1d7a7a1eb40a69aa38dd62f26acc52cc3582bbf501ec001584349ec43ff8bafed971ed91c1aff44000d1bbf8367bffe301d917a732d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca96c32107e39686941b0c2103ebfa6b

SHA1
ae09e31e29645b8b835021451878a98ecc74f010

SHA256
ff4f0fee52f8bf0618b751ae7092f4b2ca4243c8008e9adfc64929bef5199032

SHA512
a2b3e0767f408b20d481e84d211dabf7db50991e265a0988cc38a1ed3b65916b95b5f48a27fbd5271d567589058175a83ae9be0efd47e4edc5294c7c263c0aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
440b9f7f50f4a1667b3996aedfb1b673

SHA1
fe6c8f6c2910e2bbf3d0b37c3b88d511f46dd5bc

SHA256
b9f874cf7f4ef6a265d90164955573f6b30f6de5754182559b25dcb33d36531f

SHA512
1386742f57ec770801f1b5bdf0db8916e76f31e2c107d358ade265e88cbeadda7e4807e60fd88b18038490e5b721c93b9fc32a6bafe3f09f9e265991df600ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
43a9217682f3f22c9ee966caa1d146a7

SHA1
c4957e573c70e595e56f6bd7eeeabfd360e63053

SHA256
3f021008b7404b983d6697ed4928f66fce4bc2d0653a069370bdc6cdbcf01b85

SHA512
960a1f525bb29d8a96c11f260152002cc5c45404c39a77e56db7d01855696044a04272879bfd86e5ddd517b28e4e0ad9fa22c532a7d2c138257b681375dfbc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b320e528ec836a5e8196bfb77cc3c9f4

SHA1
c0fbd8af06f337428073d5d66bc9bdf80f649a05

SHA256
1d232918b17c0e2b8b447770f40a1d855291d0301deb180124b9218287b80b7b

SHA512
def1da67e3964d1872761737052d97df7c675c6f2f190ce589d8c3487b3812ea20f24571dcbac774ef35b296d8d1a3a31d51a49f425a6548b270996f959fa72a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
28d70f080b40cb06f884f46a8d65d6a2

SHA1
3977e2ef7663330ddedc1f77e512793ec6ff630b

SHA256
ec771cf2e975056395c14d747618776da42dc8d36061cd52434c2025a1f88033

SHA512
729e59b9ab4399842609132df4d39dcf8d1999cb37904b0669ab7558a658f5987d96e151adf859d10d17d80e74a3eee28f347137240ebb334addd2a0780609c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22ad6dc9fff83afb3e030fcd848897d2

SHA1
5d46527293faf17d9aff2c7c2c02b8b6e6a2e683

SHA256
8ad812ba7a313dcca45e6a849f238fb988758e2c8a05c833b33e6556e9f1ef6a

SHA512
7f079a2e8029a0914408b70e3a89754f66ac16e1560ebaf8d7fca1960143e1d3e0dc2543356d4f2ae08620e888041b551d708b3094cd94897d36b94fa5c72269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1db1247e8896542691f65399eb095a40

SHA1
83b39546ccfbce578604df497a812237183eaa54

SHA256
3613ee2322705cc8659d3cfba0ded2c455c6ca117df4454733664bff649ae98d

SHA512
2f5d884ed040da2ef900eda8191ab6389eec08d35ef6cbd10a2c310ac0834ae440dc2e93728fee20209ca91b387da2fda7a0cf85efd6f3c32bbe712d0a8508e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cce5.TMP

Filesize
1KB

MD5
b4f2f65cd36ba237f543ec7396df445f

SHA1
53251239f4ed51e03004ac640f9f6fbb850fae87

SHA256
727874b6fcc1f2474460313dacfeebcb3f4e06dbb9fa4c30e971b40202505c8f

SHA512
3dd97b35557107fa2266b319b8325078b9a501087b38b59022513389bcc9d426f6e2fd2ef19a0e2844553b755aa516075823146fae9b904caa72dbb740861b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f97861ad-7053-479d-a0b7-28d3a228a13d.tmp

Filesize
1KB

MD5
f168448c3396a0511ada76168faa748c

SHA1
b6239b3a18f723d1fa004548cc3025ffccd5e5b7

SHA256
78099eec6240344210f65e2db227c18b9854bafd8978073eb2df254c1f54a85f

SHA512
5725ad715d9e84b794d44667bafdbc3d6e6538f11a1bf784b608f63d12cac2a57b921bdda146dd887ca0ee38a2475f4b80760cecae70075421af76f5cc67b448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f066fec1861eab42443ad8e115403da

SHA1
c65f9f4a95145e4e3cc3f935ed77a3f877064acb

SHA256
b28538f193fd217ab8888a28a7924cade451391678bcfdf53798e3b11c216741

SHA512
260f7737e751150b5f2d0742745cb3820d8a04181fe5cf28ab75120ad81a5b6607f3d2c9bea7a18b66d0a0eb2a3c92bbd5f4c7e682f68718f851a7220699938f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit