hxxp://discord[.]com

Analysis

max time kernel
961s
max time network
1047s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
18-04-2024 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
8	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-243033537-3771492294-1461557691-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
5016	msedge.exe
5016	msedge.exe
4196	msedge.exe
4196	msedge.exe
3456	identity_helper.exe
3456	identity_helper.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2988	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 4716	5016	msedge.exe	81
PID 5016 wrote to memory of 4716	5016	msedge.exe	81
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 3576	5016	msedge.exe	82
PID 5016 wrote to memory of 2468	5016	msedge.exe	83
PID 5016 wrote to memory of 2468	5016	msedge.exe	83
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84
PID 5016 wrote to memory of 1456	5016	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffac4243cb8,0x7ffac4243cc8,0x7ffac4243cd8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4452 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3326881952035195873,7648850477755012356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2096

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e51956799fa67379ea02ed281264a0e4

SHA1
e8f9403225aedfc94b27d902b72ca6591858d643

SHA256
6f3fd42d136b90c98ace40fb6b1522f1b9a1076b431e5290f89cabb4948c3a57

SHA512
c5e017b2b06bf486daa64612f8bbe5dd9f28633d6dfc434f1605c2f36cc08ae6ae40c187316fe1ff998ed7346deef35a66cbc445f2adbb273ac928175e735391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0d0271cd8394035d3f04a57c4376225

SHA1
6ef25cb6b29467e6a659b8dbc28b52006778dabb

SHA256
1c8016ee1208109e59206f98b68b821b61f1cff2ab3852042379b3287674c42d

SHA512
b856d97096d0288fe0547b484abddce5fd100c080a7992709b0158b7e2d498c9820ba54f99b6b71056bdff7f0d6ceeac87793ab074f126e506aee2c83d2523ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0a81e6ec-3384-46f8-86bb-5998eed85c50.tmp

Filesize
6KB

MD5
09ee84b08b818d8abf5057873281067c

SHA1
4dd35356d35f41c94cbbb364a54bef48f6388b92

SHA256
0798ee61eaa2310e65fe4f03d3182b4a635357792ce418aa2444778094b6ecfc

SHA512
c5b2834594e798e549c46d7f1782ae34433c664c12ac4fd0088490990a3662aa32309758e19b9451911581795d57e4a6a80888b58f5fdd02e425293e8531804d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
25KB

MD5
6bda06ee5d87c237b4ae6c9094fe9060

SHA1
6b89a24c25d878f5816936dc754fe91b43dc31eb

SHA256
292c6c6909ec2f10b23222422c4822a6ed8e0d4e9f179b6a4e7dcfa79e0c2e94

SHA512
875504932c1e73cecb5036e951db1c9400e3f2173790aa8bc4915a62b4c7a4cb654583083b06157a42cb68a83874357f2a638e1486fb80b29dc2e3dd9e86293b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
44b784357b7270025a6b3ee874982f4f

SHA1
9b953cb44179a5521fd0f5a9339b810e3f0572fd

SHA256
ec0d2c8d88fcc1fa708d5a86b52b8245e626ab68276de3a9bb33ad491862a23c

SHA512
5281a87220ef67ebc8cdc73080adfea47f8ad91d3aea6ed9db69b48db264a301332452c2e309e14d601fb257b5790f07d9b99d274ec433167b1df4339946cd2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f73c1745ea908524a9f701ed62562b5a

SHA1
4d5c581cffee3e6b7bd544fefd88a84efd01bdd2

SHA256
035eec98e4bd3138647c8ea99d2be393ee8f6b37ba19276292e5846c965fbd6c

SHA512
a71826aa526b5f98d97941c17e60185bdbe477ddbfad099edb355d2b81d2f433ac746e14ce46b279f34a9a908bfb73779c5499004d35e9983fbe57b0d8b70c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f417b366541f697cbbb65ad7fc35dc93

SHA1
f3b89263db043f7d88cba8095d828aede6db2076

SHA256
205ccdd3c5c02416dec89fd095a87051cc4a73be062396e91417bb6cdac8067f

SHA512
16e05aa70d1b082cc902743326bd669abad85f0eb4e64fe37b41a81c390598193f927ff7e05004fbf1fad53d5cc8444a61a9e22423b2bc276f646cd80ef60804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
166408ec18af756a781872c76c87f92e

SHA1
8dfe0e87d7f7fc8108de7b0e6d65d0afcd974f90

SHA256
3e3235107b7dc61a6cf147b5e3042e2257f2e44939f1c7c5786c6094ed9754c5

SHA512
d6e87687bdbc4bd4b6dbc3ff67bdcdb934397bde2b19766309414f85d5e093bc8d6994542708c55d2b46eae32d571485d71258aa5f88efd9d85bbc376fc66b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cf2ec588fce7d1840ac0defecaeee088

SHA1
3f70e3a7d3b2c39a70156e864f982a7dc3ecb2cb

SHA256
f17646846cabd3ef9c35d46b38e105c32dbe60f62994449c27836dcc42f8a30b

SHA512
74aa290ffddac6f1cc1c35424d3bd7d793bfcb2baa079a8d723dcfaec11cb52a80bdbc09fd904815f385127e520f815ea0937a4b82e283115a5d469b30b0f69b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
22b8030347b38ed19705f35199ef43c5

SHA1
cbf6de50ce0087174c6f74875918c5ddf643ff2c

SHA256
47ac3f9620448de27daf2f1132184c8059d24e1c6e76c85bac35413908959b94

SHA512
4dbd033cfbb6cf92d3f93cc27a5e8f0ed7c3d2f603b392d69104c2a9b1b3f1e3b82820da46f7a71ec39151e65e98273e94157a57faa256f35b1cc39633e7b815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4f0bd779897b1f59ce3c5a36fef23b70

SHA1
de53688b917f579daa686461e34115edc6681746

SHA256
9818cebb8a3d3cd75298db8667e6ac2fe728cde988ab6d69dc3f84af57bbde4f

SHA512
be2dac3a64b9b98bce6b4eb12a4a85db020c9f35893c694fb6c27c1bf7ee686a0ac4efa2a630663c5f77e314529dcaeba9da371da0c247d93491f65f44196028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c52d1573194b3ac72aeb78c355d6a669

SHA1
cc51611b5603e7a32630644b98d6f5095d4d0b97

SHA256
38d737c7c6945ae287b981a6e890312306773a2ace38285878cb1a17fe235933

SHA512
06eef3e59be28c6e75270f6244b63029b39c0b65adaa279605d0d178d536e17607d2f63f33ba2bcd4c14a2a5024bcd6378af5d2a9725b30a5e6eb0d6ba1cf5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8f58e458413d6297aea6dfaf9f6a498

SHA1
d68f8e7357ec7c8542d410b7ea1aa1e2bdbfcff0

SHA256
de2e5e5a9882d5d6d2f6b1eab2496be19a2fd8e3d4edd57c4e35e4d248295914

SHA512
f679833bc11e23203aefcea3134ed22688ff85060f19ae2a1ed215f8a11cf27e7e3a5bda98486c27ccd8ca1f932478ef0abd3bbf9538d1e03b62e633ccb30b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5ba4057386b93435e3fdc05321f56cbd

SHA1
d7fba62aa727ae85940897017e2c2cd2bb1aa50a

SHA256
42eab6d972fa185392eade8ad7b20b8ef1147a7e7c81c167fa50b99ed14b3c50

SHA512
d74450a821c4da2dfad9cb9944648a7d76ff09307e2d8487dc9dc99a67c7e42a6fa9315e88ed35f7a53b2234dce6940199e8f06f6558490302638913ea2059b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d992f644d389d080283a6d894e199c24

SHA1
c3d86e37d0bde74f226196ce70b0abee3c3ba433

SHA256
5850a38e720dd50dacf04f45ed18e342490b79b6e0561a808985f02fdd92b020

SHA512
09aeca03a13c2ed174b0ba608ee170cca97f52e7e2bd466a9259fae2d1500bdf663528b947a2d49d848cb887b835a3fff701c09a04dc6601b650f65f83c9c455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1bde94026d1766fd179461223399feee

SHA1
3df0f99744cf17d8b24144cd5454c8d97b1d5bc5

SHA256
74b882724ddcdf08b087dd9bd391bc6cb29c56b41bd7fcc9f380eb3474da26a1

SHA512
22578ab264dd263d5843951b466974b842158d1620b8f28ce7a531a825bf1664777196d66b9575f9dc498586e606b4fa89c1205d65995989cb431b038019a5a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1bc172c51a73ce87bb41315ccfb793b3

SHA1
23ecda41f5a301c5cdb3de4044127845e0e1debb

SHA256
1c3180411695936e756a1889605d65fb22a8ec99010c3ba910d6fdf1a5acf463

SHA512
cc8143f7e157b782823cb19c723f73e115e79281e5d36710c2ed3c098e2e1206ee5ae0329f65306cb2e47dc9d5f5b5b2ad276ba4f4708045448119742f17f7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eeef74edb3201486bf20f3aa625f24f3

SHA1
f3ae75bdecefcf20d50639164e1456e48749cc7d

SHA256
702284e422625d60bda06763fe364bc06d0e4a76e3df4074bd67d0e7df962761

SHA512
4cabe2c5f2002ddd5c8c54a59eee9456a79d415a6e63aeb3758deabd8b140b940f99f5c02790f337355638f8a89865ad818480d3cf565b33d95289327a0eaa77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e07d.TMP

Filesize
1KB

MD5
04318cf5da7904d218d0a5acbe5d3264

SHA1
161f934099329c0e7c577b69f2d9904b789cb33f

SHA256
07659464e2aea969abe3662ca055c9c4f950a30e559f010027e2b0b3a08fb209

SHA512
3912452025d9a0420d59c3b449a815ac69d87d2010ec32fedafe22e3bed9e11c030272d34097461aa1775f1055264295d48b6612b2d465349ef5e13ea1fb0dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
23a67630ff7ec9be53b53715be82640b

SHA1
0ada1b2721aaf731c741c5d7b5ab6a8cd8796718

SHA256
063e3e6c8366038364ee7db5ce476fdefe92f05ae632282814980c19228b733e

SHA512
ef4e6d06b257b0dbcc33f5c9de43b4df8d9d551c3dcc4a3774a323838bb57b25a9eeac7d612f66209096a9ec92a02ed8e03b7700728d7a63466c37e7f1e8ecac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c976abe1-3e6b-4ab4-9b8f-111105453996.tmp

Filesize
11KB

MD5
1f1eb50004070c362c72729c5c7401a9

SHA1
7fa049aa068ba582e3eb46590d2c7d5832792b34

SHA256
625bc978b3720a93cc4ea60a96d853f0b929cfbfd988a779517e7763f0079baf

SHA512
52e77934300c478aebaaf4840ba9cf39a75f777fbadcd8ab4174827e08fb347068d9de97dffbc07b82a2db66b479ecfb355abac158cf0c9c46618d6030de40b4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
124900fa24d1ed9fcca4a8f39850b0af

SHA1
73ed1ffe3a681ffe1697299650f1f701e1bc9201

SHA256
b797358fc1d51d309184ff91e58824af256ed11fdc3d4c569b84d8013eff9295

SHA512
c2dae13b9ae18dbdb92eb114201ced03f8a03007dc4dd408d7a8d19b0f99f2a68b513433aaa7c3686e4216e5f654361f8be1eb90fd4bc5e36b5c523c4504adbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
6ead9ef0553fed09ebe0e355fbc1c44d

SHA1
18564ff9bb694dc92269e04bda5d935448e2eda7

SHA256
fa665352559f129d24336871ae015c15a711b412d9aa6df9278d827de8dafeaa

SHA512
952318e8dfcd5069ac2833bf712d7a5972d9e506147f71458f6938fd979e793240a0aaf05b78765ad211ebbb1bab9fc3658116ced82f1e29eb2731f9bdd0eab7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit