hxxp://discord[.]com

Analysis

max time kernel
1042s
max time network
1048s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25/04/2024, 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	discord.com
1	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-801878912-692986033-442676226-1000\{B29A61F9-1938-454F-B0D8-C8640F86BF8A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe
616	msedge.exe
616	msedge.exe
3792	msedge.exe
3792	msedge.exe
1428	msedge.exe
1428	msedge.exe
3212	identity_helper.exe
3212	identity_helper.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4744	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4744	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe
616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 2368	616	msedge.exe	80
PID 616 wrote to memory of 2368	616	msedge.exe	80
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 2076	616	msedge.exe	81
PID 616 wrote to memory of 1080	616	msedge.exe	82
PID 616 wrote to memory of 1080	616	msedge.exe	82
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83
PID 616 wrote to memory of 3044	616	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff393a3cb8,0x7fff393a3cc8,0x7fff393a3cd8
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16302148656933308722,2711297475830715207,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7afe3cec-4e63-40cf-921e-006c23a2d25d.tmp

Filesize
11KB

MD5
a6f68338a3a1eaf513e4eecb244cdd2c

SHA1
1d6c72e5278c1cc456f159e1320a3691fedbf000

SHA256
91770f21b7b4448a3a6398688a1d4c3c432078432305d13f0904f10d2a66c7f9

SHA512
619fd6946d9e71a7b457a154796cc14f565113f023b58542aaf58423d56d39dd310b8347f60cbc6f3f6af9032b202250d33201b33d31c8ddbc322c2e0bcb75a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae7fbf62fc07f0bdb15169d2de3dc768

SHA1
9155eb973df31a7d6fb95f03058dd523171b4f0f

SHA256
ecfebc84b01ed9071cc68bc2abc4eae4f891e1dea41a16ea6010f7acfd6cc624

SHA512
1539bd6c522e56685399616d9811435ff0197c9471404361c53370a261feb180a38aaec9aacd38ff52c94b2cac2e4da19a3de50a9b6541f6f3fd0497bf15bcae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a5e869975d65ad786022d6fc8b47b747

SHA1
14b030f53bc86bdbec766b2f3942804ca742043a

SHA256
d5f8f63c67fd06a2ae7da80cbe8cc96bab5932087eb70432df9147ba818d758f

SHA512
fd8d2b8ce13f4aca312f4856096edba99310a78a5f4c4148046a06e873a3d2514fd2dd9b4515fc89e83306d251929f2ef9c78863f85a3e017a3029dec63d98dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f1371e8-c11f-43e6-9373-0802d7f144c7.tmp

Filesize
1KB

MD5
859cb388aba4e5e605611b0d5fcf9816

SHA1
0657d9bf7b9e1dba149d2234f85c74bdc5a6e0c3

SHA256
a72805f477c1f3b3fbee37545f1e43a03b7c4aab1d361fc8663e8c2dd12c0a8f

SHA512
aa6af5638e4fc56d0809e1f3284261f07e5cfb04fb5cdaa5b76c542b7e0ae7b9ff079e94abc2f6aeb002d51951c80e7606899dbd8a20daf2b546bee6c4e48539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\687b1cd4-a719-4ac1-a263-e85ebbb921b2.tmp

Filesize
1KB

MD5
b0c17e4644885c33716d6203d0e3afc3

SHA1
b6aee718bfaa78d2030ed85022c1373253430eb4

SHA256
30765386c767422bd03d63f0af0be7f55caffb672f2de7be67c2840e32b6c2c9

SHA512
5ae6a6aff1f8c4257d9d692676f88598adf4dc2c0b2a95ebc193f15a3eea54dc139a8571bde9a15a95ab408f88fb4b37778e0c32d8e555fe3462cba1398056dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
29KB

MD5
07bd004322d7b2832709191bddd0567a

SHA1
9149ed0c2466995a3b6dd5182865a78fd76ec0ea

SHA256
6160a9f25b0dba39f0325b3268e0c00e2c374fd278fd1e90edc2fa87271b55bd

SHA512
28de08cc0284652a62600ea99583a758e83b8c79e10982a8fb11058bb5bfeac5570ecc51b4c58589e8f1b821645839ea5639dbdea2071bd1af9d0d4145e2d944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e2fe55b7464f6ab3eab4e596c709c7fa

SHA1
cae4be07e9d63f20ca782a1df0fa7b3a2a457830

SHA256
b454077a6e32c7472aecfa8a9dc80fb1755c027a7cccc716e3a95a14b968af44

SHA512
3049d8ac5a534024ad4cd77375b3eb8f88ef330bdbaa93f9018b0331f70b83badf88702134c9dd29d991c507d0b5f5cca358eadec436da8536bb614cbccabb50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ef9c007d42eb00cd861935d7690c9054

SHA1
7d0d6046f25e4e9c0d5cd6d3faeca21b787afc65

SHA256
a5d2c9bfa43b5a7edf87b790232535d56ff22e3b30a541b2b787d8049be195b1

SHA512
fefe293b1aa87c14d1244e235db764a53428f95a2d10f7b81baf4288af2d33219e027144236125ac3068b838e77eace92929e19be30473c2a84bd6f4fe0dec04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d6e4fdc4878ac664bf7549419eb25bc8

SHA1
a50e5344ad4ae0629fc5bbdfd7059a00fc7a696c

SHA256
9139e5a4fff1f5904eca8fafbe0e45fd7af79e37c8d50c53c1461894f9a027b1

SHA512
2e9ee2098853bfcadb5826a355a0d084a3a4acbf5a9b2cc4fe308ee618a164e7b5f98dc90ee07dd35be59dfd4601e1dfc7d93a1d5cb753aecaccecdf5da329c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
7373d5fd750b82fddd7ac43c3ba3d85f

SHA1
689381b4f7c0012d36fd6b63f41bf896afeae9fa

SHA256
1e901b8faa4c0785059904cb42da26b04219a5833ee34eba5838f1c8cb422adb

SHA512
fb385356ebbc826a25591a2a02a8721db0d6c9aaee48312b4e9fd67786301a0cfbedfeba33e23e5d5886c18783b64775195ff32354cd240305237c034f28c40b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
682336bbd38bc7c1be3ebc51a8cc63cf

SHA1
80437cc81e398899d53c95bf262f2fc08e5ee555

SHA256
0594203329cf01897edc341ccfd2958b5884c6173d721b62e5e32dcbba92c905

SHA512
d204ceee009b6e0e9d27fcbc49a51e80812127e0606ce849ed50c4cde1c935b62f70895bb190a88f8e1c799df1fb05866cf9343e406db8f82cb804ba310241cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8ebb4762aacccef73f22779b797dbd85

SHA1
d500aae6facb3f046c5b2494609baf20dd0080ea

SHA256
10c23f56a0c9cf7f3d092708183a79ccc64fb65d651b625e5b7d6f63bae5c117

SHA512
d256c88ee6ac9f829aec6d85419c7090ad31480dd97bbcbbdd8eb37707646fb340607416d6762338474e21e05215423ccf03496b90a8f71ade198625c8248fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f85a838d4608f9987fba1d8e2b975745

SHA1
eaf3b3fd2caba31546e541c3bda00c45aefadda0

SHA256
b8c677203aa30fb74cc7290d1a30f3ef3b505153debee329b1cb11d6f5aa9cad

SHA512
9bdf9256d224ed8dd86c3b44296d8937efe469246ccb1fa411931d951298f1d74fd92f5bdb2a363f8a5dba825c529f4ce1ffec158b174137ab8f01b9ce90253b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
140c368a09a038b3b0a7f4dcdab8bd50

SHA1
e58cbb919b34fe07f0c08e569c8e1a5f0e16e6a8

SHA256
94a3eefbd3d34dd70a1c9d81a4d2f3221666e2afa271bef1222c26690477ff2e

SHA512
b2a4529427eda2c7f370d24cf7316609dfc782577fbe96fe219f5c636e353cd589f5e81730f47a5435ffa5b03e164be7b4713e61b99f6f0f41fc0449f261ae04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c932a9e56a9bf11b0e351559a1ca820b

SHA1
ebd970c6f1232b3c595d100adf3b3bcd45f4e7b6

SHA256
84a1ed1f53e8b8017e3ab8c0caa1d874843d042fea526623d8f56dec60c56c40

SHA512
94193ab5eeb19ccf0c443ef201d66358491f109385c7518b62edffda1d23ed53ffed8bf1813ebf99e0abed40005130a0d467a8f1b42efc2796704becd4e95e7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60e3bc6aa7769a502bbc841c9506f6f4

SHA1
5159af19aa77a118ae62d697f80f468260191cdc

SHA256
f341f275d4a8abc0f375fd051b2fbb73001866e5e488c56368dc9b8b07d755c6

SHA512
286a1f7d6a8144f8d6a6e86e8a5b407dcf52ad0829a9053a93baf01b9e4c8eeaa5b674aba406c07ae01004b74fcf44d61b27d995a6808a898269b92efb27ca09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
354e4d79888dcf435a0ed6d925409756

SHA1
f17c258df960219089751ac9a607dd17c481812b

SHA256
87b37c69aa93069006d5282a0a57543acfcea085fc97f06ed19136948db144f4

SHA512
afc5de9189dda8d0fb668d0fe2fa21a87a704b3ff7f4a4567ee6f0936f53ed036fad1dcb0a06b02bb4bd3bf3f856ae486fe1ee75193e575c78529691b7472b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
843631d33e2f4fa868c2ef10e55d99e8

SHA1
ea03137ae8fd44900fd681f28669a27fec67eacd

SHA256
997ba9c02bc91704ea946cd5798c71f272e44858a3e4586d4bc9fd98eb01e1c9

SHA512
291e8b68fcdece20128e960a2289f399d857a87c51e8c5592d004d647d6321fc13b2977a7cebe6ae0140f619a40efc21447299dfefd395f29c90a8bb267e7aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
55509691f7dc39aed73ce38ac296fc78

SHA1
f5b37abb999942d332765a63278dea24cee4c5d3

SHA256
eef48d73f0fe229935629285638c52b30afc226133460a18e3133bfca0cc8289

SHA512
a928ecb6dd58b02c3840a4729555392e4944f87083ea71baa7abf07ce4575236ace4539e63ebc00b23318f295d1c8a27a4c1f5b57fda62eddec3d10a05e3b4cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bdb6c5661e29fa3332b96fe9a9e02ce2

SHA1
55b1f5c2cf5c976b77237d90591746b76d5b0502

SHA256
09521ce2c0e5b7bbe9291f8fc721f8f555034b74a51f1e0eff4f130c95af1458

SHA512
735b13b2a83f2c5e4daba57a9a8dad74408b8811126c3873984bd29f1d0bf19e72969f4b1a22bafa059252a8759948bdbcad44216e345e73933862e48ac8008f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f3ce1c7850dd7ba93c63e47ce2fc4db

SHA1
558ca2f340b6aac0e01d50a242d51d315a95a9b8

SHA256
4d390dfee0b0a4d3d316d7989759cadae87c71f0c67b008199387915a1101dc8

SHA512
37904d02acdbb9d33860c1a03c939e5a9e5f63c0973e6ac192f0f5dd49d91b8ad409a04c6dfc11e47dab5eaa62a2bdac5ee81b4c91c7bef21bf8c993c6d104be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
809952d71706b7d5c82d6730ef215ba0

SHA1
e977563b63c45e7d5917c4b7d56b995b166b3cf2

SHA256
89369231e3f2834419b4530485914813773925e2ab6308d1fbc5290e737d515c

SHA512
dc95880d6c3bbe30716264c5685240df4aee5ad9eda6f804607f0e327abf6e1b334a6fc0be46b37f55fa01b8d35b555dd45808ca71871ccc14f7eae33a44280f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6b421ecf7ce05c63644a356ada2ea4a

SHA1
f0a6ce2d6af1787b3890c4ab4f7226bdd1826d1b

SHA256
5240d1f689d3476aa2c2dd8200fea1715a36e42134133abed53db716d52c781b

SHA512
cf074b59f08e623f19ed40ab2a23a3d42ff8dca465f25b901105a6b29bb5ebaba26e6ea7b5fbd2a0a0de4e3ffd21a2a4a7e13d3e3474950a1e24224f39e056f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15926b8ae6db2e551e63fe2d100cf4ac

SHA1
6659e726224601388c2c2a2cf23e8dc5880ed570

SHA256
79fae43c3423b0408445c3560927b2d923a25299f3c71b972a8c60f296f61e54

SHA512
6693c6bc06813c6f7f1a8342c5f53da00a86bc2780b0f22d058b1e2e1784abd13d0cb557b8166f24df0a17252dd7a932d5d9e89b3a76ff077711cda47d5b57de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f44d74409819df2d591731c258effc30

SHA1
b5d02ecd00e25a948183d031b74aa722b4fb4a9b

SHA256
3e8a05ffb5fdade57d4cf7d9d939a2af1426b26e23f69763cbb552ba03415011

SHA512
5a5f74ddd35424579f2fe2e53d76502f19987787e2520c0c7cdfdbb7b6cdb2c64484c92487d8318e37346ea4c1aff0f1ac5cee21e3539c3a1745e5b4a6df2c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37d613569103a69761f7702cc1dbc704

SHA1
0a7233389432046f3bd6879b39175b96f7088323

SHA256
151ec819bf5380bbd33b09e3b5f0cf8dc953f49b7e2ba96015fa0472d49ab1d7

SHA512
62073719cf61f9d8dcac51f3830cb3d2aee2740de91f432e14ca1554448961aa5331c8cf48cb0cd05de4362a980f30ba8caefbf90ccbe8fce6acb75e9adb8bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
217bdaa2f816aacc64c6f9d3f162a251

SHA1
1aa633719ccc521a29d2599428851f99a9b67c88

SHA256
d2c9606f2511e4a4ced31002512c4ec9902ffb33ba180a458dd53155597a2be7

SHA512
682c63b404c35c7b82bdc6a5c43cbe4fe78134c8619623d512e139de1fab130788d31457fe699836f3ee569441b4ba3e7a9cee514a1dcd429c8e9d84a9a84468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff5fa7e2a9b7f001b169bb56e5aca0f6

SHA1
13ff6499f86eebebd32d6011ffc9d0d342bab79a

SHA256
54d2fd4a789876ab34021215bdd51ce2ca83d6c55077e1fff071fe366426a622

SHA512
5143dd5f8b403c471adf79c0ae32b0e7d9e4e2186e1224a940a6bc659fd22d56a907426d20518f7aa65840d51e3707244ea099e11a9a23ec73012b354c1f7756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ee024650a3215fb9ad02112a7eb1d20

SHA1
ac1989ad17c7ee47ea43195e4bbecd931b4e75f1

SHA256
6d8af190c2b4cc655742b482bf026046f975139c4c720befc7e4e97e28fc0afc

SHA512
f4a5f38483e2b9a3719d0ee855aab048d39b37ae97b3df6f4fd24275c8a45703698fe1608bd048a4644cc3d91f22791a7d7a5aa382f8fa8b4719776e42eb6a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1dc0ae673f8fc483c48d49e1bf4ad4d

SHA1
b61d31da652e6077d128283dc838590e746be64b

SHA256
3f3ccd463c767113c5db104fe568f4d6cc81c2534d95b5647900f190ba3d6d85

SHA512
1351f39d1ae16903a54469c770da8b94119ff3433673d36f16acb784dd0a51b989d4d0400dea41bd07ae19e934896cbbe406c6878d67ead2e07f202076e2b753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
48f7202e63d75f6a6693d5d5150ba4f8

SHA1
51036929ad50313b08046c540d8e5734fb05dc0f

SHA256
a3d612e16bd8fb099efa0990e25d0dfcf778ee880755b331b84c058ddece0d7a

SHA512
eab48224c6ac6a642c6ff48e6cc2e25a9e48226cb079ff87ece9add07f5ce2117fec973773dfb5897eee8b7e46ab8524ba9bbfc27e03334e239d7baec2f056a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed94bb9825e942eb7412676e445fc996

SHA1
17a7453d38e84e351f25237076cc436dd93c5512

SHA256
7e45daf1b4e8f0c9264c59b87f1e4e0ebfc82cbc088ec42e30b0bb498f5c579c

SHA512
e33551dbca2f54942b230c044cd9d56105f6f853b96ac21b81244964f0df48c6f6bb59572946dd864546e22076d4e3744e8193ca4678d92339a3bedabddee914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5173ca73cc4e596abb9f64b7afafea9

SHA1
9ce12ec9f0bad002bd6dc54d2dfdba77d507b37a

SHA256
9bf547ce888bb432c75604b7b53bb22dc4327160f44b9184035cba754ccd5280

SHA512
e56bff967a0f11648bde63104bf6997c0ef9c2c3a3357c9042807e5c740db57b4f5f4a738f87fafb75f96aec5ea71a3bbc5198a1fedb01a8c7e636e2cda97c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b18c7f619d50edca320736f8336a851

SHA1
ee3fc85e42be288a9ada6dc827cfb58bf63e2214

SHA256
986a22d1acf4539ccbc5f3b64a2fd8c275fbc2520c1a8b0c07ba95b7913275b9

SHA512
1a7eb153cc89c947f3eefa05067e16af30f85ea8e2dfa70fd36d57f1f6667608d3db314cc0e92d54c92f396345475195de1ae4896b51312bfa60312eb9ea5251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5f164110ad51bc33dddd92e40e54c5e

SHA1
efbd47760bab57a20c4d6ac0ddce2838356fe73a

SHA256
d57f79e79e5aeb302d618ebaf0d2cbdfc530ca153c8e586b527b73e8324755d9

SHA512
728102852693ff67e8ac218fed1664a8da8d96f67deeef5ad9706905cd9a6c82c5271b325643bb974fdee60d757a08a5e8e0b1dc796e1321fe58fadafa52af5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00955403043e59886f29253b1e1ed0d5

SHA1
14df9c3a84a707dbd48e26697bdb3ff9ec386409

SHA256
ef09470b21ee14ef788ee3a77088600a3f8b4f7db0fab5a9775b1b8704bc23b2

SHA512
94df1ae15ba823df9a1f02a1cfc430e167d04a99948d448aecd97032f673fe1abb4ff77afd427800eb879dafd02a3fd02cc75fc5cb91cb3ff33c58a4d3c89d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8560c563075486143d0a1f5beb365f1

SHA1
a739a85eaff708e44bd4302a4f2aadc15644bd19

SHA256
1268e227c2110fad8736afd94a12f3bcb424b44223ab2ef43261a9b6dba6a527

SHA512
3e3905b92b6afd2079397118d60f7d714119d55dff74131494946676bed070e635c9ec03d6cbd4de8c5fb4c294a3c6b50dd8b5b476a38c2ca6f0d5f2009353e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13a54ad7cdbeb6740743049bc25af6c4

SHA1
bf1da729e8c9368d8e88f45c42933e15567ce415

SHA256
dd73eada936597350edd2af3addf70487bf00faf2b578429a1c8e5efbfa72c48

SHA512
6c5dfff287799533e56da4b7f71ab347c853e1bc7db4d6bdc97db2e022a73e3d67786e71f268ff069fa7ea272f35370dd6909e92bb4030326a51c13cc05c9ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b75ebc0cecc6f80334976bd2207a5cb5

SHA1
5fd741c6c447373f8510fa716170c08843d36238

SHA256
f59d37def97c1706f5a0d8a145d8f1c3751e197190162e39a3cd83a08a29052c

SHA512
3b309b128588eee5703600def713f360c5c572e05f61dba715c37eeb3fd1487ab74de2117d4d636001d86ab88b773e0d82e696d0e58ad60f42e5b54b3e5d96ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
366dc0cb07a3097e39b074ae77870d6e

SHA1
83dcd65e1c90c4bd412d0b22310db4207d259160

SHA256
9585c835f6a873d39ece21541a99f7b3cc1283ab9253a1e3d103e1a0e5c356e5

SHA512
28a9af91324dc15b8d5a43eedd0ca523a491d056ca0ee3d767750716193724e55b561dba27942b32008514715769086b5a086e982047894409b87f28ae55efc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9dab64b913504f508334c4992e2acade

SHA1
4db776f8ddd05452cb14e4249b8fb394038fdf52

SHA256
30ab065afabe44d6df63bd20b555221a36a860821d4ec2d5f8ae74c96c901cd1

SHA512
33fe9d792cbe52f7fbe75c8319b4abc87aa1e9a144a0311511a1df0bc1c5d37a6e0ed9b4d1928ce7125968392a699eda31af1e29ab093df216f832bb31b3b12b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a26e414ad36be16205dde09cd0368c8d

SHA1
1c8f43341930242197efc0b7675de474bef76972

SHA256
66e80f7a35ffdeb41e4f0c9637fcb174093699106376046ab6c579210aff8c6b

SHA512
4acc029877b4ababd624b0d928040a041e13e449076b71709eb3eacd77707ab84dfab0f5b09be345ac5bd2cbbb4ca510a28181692c78909ad4b1dedb2369b945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c8dc4a67a999c8ecc44f7c36dcb23448

SHA1
b1919fd7ab378f9dea88842d3ee6bf60c1c71481

SHA256
c4f75977ca6bcf81cd161cd35abc36061bd2e0f8baaccb8bb831f1005b867034

SHA512
100bd04103b13fb06b8f19f1c56422f812bc2b5970df4f6e52d0be0619e11fc9ad69ed6dcf0224c0e079f8f4f381c2ca10d2a9f96f938eda262324d69a7373c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ab24.TMP

Filesize
1KB

MD5
6cd1554c1ca15baec902b6479c72ec6e

SHA1
ba7ec41d53eca2509ca8e97d6e06e7db651648e3

SHA256
214642d2394e200fe6b6dadb2a6be9cc5077ec45a7d68bab30bc655ca45a14d0

SHA512
8e1224b3203ef6823d2dd5c19b4f6a2338133657738daec892272b627a419d2d7b222a0d457fe23c75aef045498fffb1827587524c042d2adfa206caafd1c96b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cbff6531ece0720038014a1d0e12a6cc

SHA1
d5aa632890d4d89bdab9c846d5df2fc440a344c9

SHA256
291062fd4b75c83a73e12889300410c577ca05f392bc4cdb93428c25f62db2fd

SHA512
642e39009d5f1af9a5ceb8b1fd1e1db660d0374fd9fdc25553095fbea56b67ca79d61fffe9a38b33b2c94906a43fae9478d4f408ffcffaf66125b0df89d65845

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit