hxxps://github[.]com/RANKTW/Discord-Token-Checker/releases/tag/1[.]13

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/RANKTW/Discord-Token-Checker/releases/tag/1.13

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3216	msedge.exe
3216	msedge.exe
4832	identity_helper.exe
4832	identity_helper.exe
5756	msedge.exe
5756	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 3068	3216	msedge.exe	88
PID 3216 wrote to memory of 3068	3216	msedge.exe	88
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3108	3216	msedge.exe	89
PID 3216 wrote to memory of 3872	3216	msedge.exe	90
PID 3216 wrote to memory of 3872	3216	msedge.exe	90
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91
PID 3216 wrote to memory of 4340	3216	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/RANKTW/Discord-Token-Checker/releases/tag/1.13
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73ff46f8,0x7ffa73ff4708,0x7ffa73ff4718
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15203773013864900828,16980069535350288284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6196 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3508

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
636KB

MD5
aacb86f5fd697abc68d4d5a66cc8584a

SHA1
37901d85297391942723af8aa7be6542c44f59a3

SHA256
ca88f1d13189c82db866c153132a7d6bf1d6f612a280f3c4a78d4662c4ae9a05

SHA512
a50a5f794e2b2f100979c28c42bd528e3877a12da9da493c8be699b59e89256d69c3cd3331dfa98adc70b3c437d7678ded3e05f9bdb0d78b11bc5c211d672dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f8dc054670651745b1396d4816574e6e

SHA1
68f4a5559647063c0737b59515e736fde5a2bc55

SHA256
7071afe3ad38e7f79e6e833f4fd0a21be494e745a0781b6364526e648225987d

SHA512
2984dd63208a359b3d493fe4bc80727379afa76a1e4e70db613a8e607de2dbad6f656c46cfd2313ec768757fc3705fad6374fa5053585ff44fd761ca44ee01a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
1150479beab59a582a880570c5dce6b6

SHA1
af02240585805fbbbdb79650797f93f6567239c6

SHA256
684dcdb63481f7dada497e18df00286ffe985e90567f64d984ee84f6de2d6a0c

SHA512
7784cf370b2115c08ddb21425db2533c8d1135ab4581adc212f143524736310660c9cb02d28ea641108fee31ec790f93e084fe603f9c51b7b166a731c3012200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69a856aff24e6e68f98f18ebabb726e6

SHA1
6c2aaef3ec56bd792d63e2b45c0107ce40bef792

SHA256
f7538bf95097bd269fee17d6d8c8b60f355a4621bd0a1e1b6b55ff73efd0cada

SHA512
a4337131a5829790f756baf72fc13e810cb60853d1c952d3233dfd40d97b7329915b022369178df4a9d5b073d187afcd23d839ff72f4f9c8bcb0e90a99beabc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2bcd4b8b00408c60d1b3bd345ac99e09

SHA1
335ffbe33a8d8fe40bd9efd7035484d132813df9

SHA256
aa1f1c3b71fb31ae69075905e35f536c79c985e90e22321abd354993c58ead32

SHA512
38564e1d4fa3a53b874cd2cb57e68fbb507eb78d2f5d70408d7ff16cfcf317192ee31503ff69ccb2eab46e1b90ce0e9562316f5d4abcd802c269098bd3a336b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c57edc2b496c852005628395c146017e

SHA1
8211e649209fa736d04c3da19a50d7fd945b0e4e

SHA256
a9642908352c9bf414caff14ebd51ad7553d2c5e4ca191ea8546172b4c8ecafa

SHA512
6a5811920e784d0ff33f6132ccc53a35501a02dc8e936694b607d866c847c296993a25c4a619986bdedfc71ca591503786dbdbc4ab532c72da8cf8744c69afab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c663aa3cb2a36e01ac6ed6fe630a11ec

SHA1
63278ad30b020ad7869c15c4999101b21d971032

SHA256
69be3b6bd33b302173213c7f163b6ce2ab316e4653cc90a712392b631a630818

SHA512
af36c4f9ebb4b0236e1a832525a18dc90b580e5f47095c1b793311960e3b7860b822fac1e2d79121eb823d0496b74b8e5bdd1f91e5810cef10187cd8ea64d7ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c3544d8d32d45646bda23fd6a8a97b2b

SHA1
a57a515e46542aa84a46853ac39b5e156d2cb951

SHA256
8de0d9dd14137108e2aa75edf2fa66a4e0baaf28450d6f5f09659248bab3dd56

SHA512
70fc9c84672d8c67f311fd0e99bc39d9fa99345926c4a02da3a86e7a22e99ad55bdb95df0e7d2f1e6a13e7da9cb949af2fa6609dd6dd289b10433d252fbc0e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c613379c5b4b41a54f693215a8fc0dd

SHA1
52ac5fd303b3ff0ebf511473f545fbfa594abd2b

SHA256
7de8b649d23516efd717e23546dc29554b4312bd5c5f1ae76e7f60c40d7c5e02

SHA512
2e9dea4d6106d4a10c85fe709c7d138cced417f05cfcdf34ed23557a8d7eaa1b03157314315c9778a6bddab802b23f02a4b79f83ce2b4f66970b996a536f4fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579069.TMP

Filesize
707B

MD5
cb9ce17cc4ae8dc0ebffb4a47d9771e9

SHA1
63e127e892f5d3f1f8d74dc8a0238a199b613ea9

SHA256
b84d696fef715ead74f6694eae86066836991a6ada919e59e1ee59ec447f032e

SHA512
162bc751c50d0374bcc29ac69ab4d137671c7f1db48e21c380aeb27d2710ed6c51d7e43218117ba362736811eec12581ca7d82fc4a9e0df6bddb81534b26ce8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e167f90d4840a99b97a038bd4fba517

SHA1
7c5c1bb029893b29b98102f8cca33e1c2a791238

SHA256
c3754d974c05b295d1815bf96b5473f18b55b661bddc0b54075d27e480f81087

SHA512
76f0304c45d5ddbb3e81ef84bc5cabf3fdfe09fee2949e6723a15541cc266b9f90bef57427f82652fa92915e441c4887df132ce89498c65d44cb32426ba4f980

Download Submit
C:\Users\Admin\Downloads\Discord-Token-Checker-1.13.zip

Filesize
2KB

MD5
91f9bcbeebf5b3d74cda192d0e2c2243

SHA1
a3d507655272f8dbd2136374111aef7a366029d5

SHA256
c574617ae0c6b9671080821ce6c83385d8159d8d3ac6edfe58949bf7f131cd2c

SHA512
d4f5c3d274a97b051da58f26af643dd6eae625afffd47a2e165f60ba534c900796402cfff89b693b5b3397f5bbaecf1591e6b602d20c7f455a4ec17e27e07808

Download Submit