hxxps://discord[.]com/oauth2/authorize?client_id=1223749410366816276&response_type=code&redirect_uri=http%3A%2F%2Fexuy[.]one%2Fapi%2Fauth%2Fdiscord%2Fredirect&scope=identify+guilds[.]join

Analysis

max time kernel
77s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 16:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/oauth2/authorize?client_id=1223749410366816276&response_type=code&redirect_uri=http%3A%2F%2Fexuy.one%2Fapi%2Fauth%2Fdiscord%2Fredirect&scope=identify+guilds.join

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	discord.com
9	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{0BE9CA4A-4AD1-4865-B400-3F2561758E4B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1328	msedge.exe
1328	msedge.exe
1832	msedge.exe
1832	msedge.exe
1576	msedge.exe
1576	msedge.exe
3752	identity_helper.exe
3752	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1360	1832	msedge.exe	83
PID 1832 wrote to memory of 1360	1832	msedge.exe	83
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1148	1832	msedge.exe	84
PID 1832 wrote to memory of 1328	1832	msedge.exe	85
PID 1832 wrote to memory of 1328	1832	msedge.exe	85
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86
PID 1832 wrote to memory of 3060	1832	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/oauth2/authorize?client_id=1223749410366816276&response_type=code&redirect_uri=http%3A%2F%2Fexuy.one%2Fapi%2Fauth%2Fdiscord%2Fredirect&scope=identify+guilds.join
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1f3c46f8,0x7ffb1f3c4708,0x7ffb1f3c4718
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4092 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2332799103840812689,15016245870923850116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:3632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
29KB

MD5
07bd004322d7b2832709191bddd0567a

SHA1
9149ed0c2466995a3b6dd5182865a78fd76ec0ea

SHA256
6160a9f25b0dba39f0325b3268e0c00e2c374fd278fd1e90edc2fa87271b55bd

SHA512
28de08cc0284652a62600ea99583a758e83b8c79e10982a8fb11058bb5bfeac5570ecc51b4c58589e8f1b821645839ea5639dbdea2071bd1af9d0d4145e2d944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
21a098fe9d60fe696907bde1eae72461

SHA1
a8bef8159fb56e5f073585ce25a352932da10d0a

SHA256
30009d8ce298a4a78c7a8c6b306819e59e8a0e0e25d216c37cfa2560a49e5da1

SHA512
ce8477ba30861b24704901d51a304b72e29b0a10c480051c01e39102375737001f24a922b86f9e77b5ba4baf921b53660cc261355f9d48f6ed85ff874947b8c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
80136c6d7e26d0cd4813a696a46e44c9

SHA1
14794b23fb87b3b5df045dd12e81931809db75fe

SHA256
c4bd90ca801cfbd0ca2908d8fc6c9bebc5fbe061f523d870d95e73c726abe2b8

SHA512
9beda4750576fd650b21e39458a12f0ef410120dba5b0b03a0381ba62bb6328d66021ca3adc94436d37a8e5c9b25205c68c6d44523661a85fce5ae97477ca4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
839B

MD5
b2115e897f7fdd163812db73ae7d3042

SHA1
b1c1161ff4348efd4df88a78abf33f71c9a801a4

SHA256
bbe62502a64ed49d619b8d48219717e8294695cec30b7f87a0949196e251f776

SHA512
34a076783133e95ffba625bb2e25cd0ae3c71c3730cbf33cab16f97b7185a280a0f8317fe367247d07522866529d53c2364f6d1baafe9da4b82bc8b510359f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36744bb8a71cb6bbfb9e170459dfaec8

SHA1
d4c6f028b96a3307d74e67af4e42f81a36504aef

SHA256
071c2820b86578edcd1be787a5669c9f7b0c78e6e3974882ac3647b6582c3546

SHA512
e003f989408b45bf8525f80d5aab6972b59932622879549ad4282f76ce408f17cec262d3c5ac17ffd5e9b352e5651c4c5a016a2651c5e68b480a45fdfee57943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c4b0e739f0e179430076571802436619

SHA1
4590e75584c0c820c8e860a1caa009b2c7bd920c

SHA256
c78bd110267ac1a53bec482731e8c16655eac03352db62159aead05562a6e0f5

SHA512
31d675ebeed67272ae0c6032aa4b7f5cee29b38c3867eb95546e9910050cd2a15abc9bdd771bc0530e1b187a15e5dddb71bb927461e34da931dc5c82fad2a421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e44b41ffed544f7bb68a5ca37ccf53c2

SHA1
1c0182bbcf5cec692f5cfb9bf6f91a4efccf9542

SHA256
bf622baa955eeb29f3364e8eff6aab8ad8d10cb5f0d76301a0350d4421eefc6f

SHA512
1ed169806690da00d5c0468b55f13890b4c70fc7c25035cf249c6c4ce508f1861d7aeece9d467491e1876d9bddb1bdca1415d69e2cef72e2b0c3efb049a9e3d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
beb719f52729014daf4d5e8e9e49cf34

SHA1
4d3681a06d30c3a2006f7b91e3bfc8b775ae635f

SHA256
6881edca4fb95c65832f70091814ec426da4220c17de5474104eb6c312b9a44f

SHA512
d0bfbc991f29e34f1779553dbe05bf872214111e7888ebcbaa553b9e2103608e91daa841cea8e9c80b9b7da2cddb72dbc00ce250ee6e989f6b15c214d4e2c323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
feaa337853c8e8a55a52c5e961b240e7

SHA1
8348d253676887125683671400e874d3935dd4de

SHA256
4f1c985207eb8b6d9e4b2d9a0f0cbe60f09cd686b9f399233e49b719d460d6f4

SHA512
d7bd3eabf9f5a087cb6e6c11ef569ce7cfa33d6374380967fafa69a042221674b3c9874327992a1f5e7b2d23f7aee1edbddb9c6098009ee1fe2922b08648ed94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef42.TMP

Filesize
370B

MD5
60d58991a9a70032795d9bc1995b203a

SHA1
aeabb98a89e652975313cd74a17bb59ba84e0906

SHA256
fbbf2c8c0f3eec7dcefebe75de00e9cd97c85edd260e52d5e178fc810fe7ca88

SHA512
46c803caa0bdd8013d42a4f12ac7b49eaa00b19b337e6ce41e9db8b6751a44fa5594fdfc1c419f870293158b3635182dcb7d99128482fff31844afaef34c9586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8bcca7e153b22ce53ecb9f228ed921c2

SHA1
3c61a757f1606133d8c9f21ec9efd67735d4d44c

SHA256
954fc806c9134b9039fa1f9170389c7b4feebb0578473a1f1e04260e9fec08ba

SHA512
fe192ac354ac4ea5ca05219174a0f417355546ac4c79120160c3cea8a8e789e2a2a7536165f81d53a2cf8461e20323b4bd34183e4b39206b1fb9da3baddc0511

Download Submit