hxxps://github[.]com/the-cult-of-integral/discord-raidkit/releases/download/v2[.]4[.]5/Discord[.]Raidkit[.]v2[.]4[.]5[.]zip

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/the-cult-of-integral/discord-raidkit/releases/download/v2.4.5/Discord.Raidkit.v2.4.5.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
1400	msedge.exe
1400	msedge.exe
1488	identity_helper.exe
1488	identity_helper.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 2872	1400	msedge.exe	82
PID 1400 wrote to memory of 2872	1400	msedge.exe	82
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4372	1400	msedge.exe	83
PID 1400 wrote to memory of 4572	1400	msedge.exe	84
PID 1400 wrote to memory of 4572	1400	msedge.exe	84
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85
PID 1400 wrote to memory of 1940	1400	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/the-cult-of-integral/discord-raidkit/releases/download/v2.4.5/Discord.Raidkit.v2.4.5.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe811746f8,0x7ffe81174708,0x7ffe81174718
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14945352381477560066,11921501237299845856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
56842540622ea7a1ac791b737a66d41a

SHA1
19cec33699a33c553ae310e5db21919bfaf71f0e

SHA256
4ea08abdc79568ee98c5a473ad1c6ba8f16c59e12337794f8f462d8ab8b0b595

SHA512
fda9943669f124a76c43288c24f373944807125fa21728693e3147ef2e2e49f70e7239c2723f4b994305a048cdb9667cf0ca5adb49109bb28b7b1835d4aebfe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
b12ee6b010e965ed924892682077404b

SHA1
cc06dbdc7cf807fb8aa0f90749f5f07c2fcf55fa

SHA256
fefc13d455791d6cc3d8bee48121ca6d7c21e147fd45c504f236bce95e0ea58d

SHA512
b4178d1bc5b95dbabbc5dd1f902f2601b39904279d56b725a9c4aeacf9c27860c02207b1409298c911976540a30eb194c469f7fea64cb3a117755e57a56c3e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
19c290b347488e53b95ce3784454079f

SHA1
1555f572aca7019916950464f7d43f9b4168bacb

SHA256
ec5b7b06b05cd11383ecb8b8ca7d37ab608bc4756b02aece913d2d8f60c0e4c7

SHA512
0704088983a0121c7dc7be6167d5ca651d03ce73a521d8f4b1199c1378ebd3f2171837a55b1bdf1493faa8269c6c83cc7fa0b68313da245a08e282a2932b3f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ffad2647a37426bade1a56e2aef1381

SHA1
71bf85bb35d231d9dfb19620ada4e276ed6b6614

SHA256
6cfb8e30db8a74c49abe6b758b566d64c0db3ce06afac372b331347d3408f8a7

SHA512
6d98b6f99416207759b5230bc4574776db673a6872eb0c1f980cceee4d1f51fed924468d25a1e6e24e8af0c9a9996f3143338744aa7869f911a98b27cdc35a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67e8da4b3f73481b01acead3a42a7992

SHA1
0aac4479c9ee10b4b25f74b602211cb90266c3dd

SHA256
910d21003a32508457e1798176b743c7df6cab26dd3bb5c3fd631f2f8a1d3b73

SHA512
71de9083c67dcf5dd97b87529a6460407b2f71560ec4af6ea97a7d7932f8eed5afdd10836e63a17cecf4f88d829c1fdd1cd4823b3eb6bb0c69c79d94e546bf68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e10733839d24f63c40d746a718425f0

SHA1
765700e662db5f6adc7eb64de22a571b679ba5cf

SHA256
a71ad2841e6878d6ff0755bb7109d8d3770fb35e3e414b29a58ac22aec0df30c

SHA512
a65ce3230813797fb5f60fb90c89721040cb427ac532c454297c2bfd0d6eb96a3fee4452875de17f7caf6388a960e70d6b68cd1526ef32d64a9498bc141264db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
950f2ffbac5fdf26c748bd7d92941a40

SHA1
c56ea4ebe7653322a85f03344b23195cb202692f

SHA256
0aa719d50fae4e0483d2ac1737d78c9c484c5d21a66901045a5ff42f36215caf

SHA512
0dd8f0f7cfe814af913c8e58043dfb6e68ea1b538d328ba67085c5aa7ca2c1cb1f4df95056d68b31d9754b98008b78eeb20b348c8878c0f8530a8b165b61ae71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a866488ecaa3dbdb75630cc69043727f

SHA1
4e00714fe91382bff3d27e68b9c0310dc7321a16

SHA256
49999fb570a6dbfea14e1018151c7da68effbd00608a92bd9d2ef2afb14f87cc

SHA512
9f658fa1bb650247ef2d9046fcd46a90b4df560f5d63b1ca0ca8f57f885ce34aa0183cf39f1170aad56e746aaa2cca609cb729df11495899ba2b13004d1688d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
0ddaaa997163774537bf9ef679ecaf38

SHA1
851b60ca92340c4ffa5ab343f0025ffacd316e5d

SHA256
4a22cab421585474000206689a237e421d272ba938ab7ee18455c05cf131d503

SHA512
f85c64eb07c66e169e3fba40e59fe8349269765ac4587dad13633daad70ab0312a13ac4a16d0de743bd7588385f75cbafa181b574922d7e17d849bee965ba524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
24c45300858c31e24b76bf4391df56d8

SHA1
bc3958aa429656eb5ab27967d0ddcafdbe73b916

SHA256
27a1efa9227e89e2ae137d739cf9710e1c1207ee0870e0f07810ac1b351fa93d

SHA512
84c1f8d2972d9eaa18fc6b94a2f0bbac098300231ced7de609908b354ee2eb1e590ee46a131630e1cbb2dd34299f7d29ed0d18f3aff911f437005cc2163796a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
9b7709977b00fc48c6a638a29c25e98d

SHA1
fa13a71ce05e14df66e81cb354d9e50439844cb4

SHA256
5b06817ffdb6d261d670e5fa3e572e16ff869bb2cdac0a5a6640d807c5b06dda

SHA512
56212af7c644e47cf04711151d9339894ef46a2633d16245cfa74a42f3eb18e6b248776dfdc7f57b610c61dc875d3fc5452e045cdcb2b75fca6f967826d136cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
3209c5c259f6247b294e7df97307a3a3

SHA1
d15b194bce68a3c4e9e928c8ec5d2b635706b07a

SHA256
98893d9b77456ee9800f5ec195ecd4c6453f1f67aa7300aa4d640e13146b4237

SHA512
40dd386954aa34f632345e3918678ec9f4ebd73f17f9c6c216d4dc9970184fe1fa86f05d9d882ad3b55414362a5a7b7352b8982537b15e0d492dfaf370b10be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
4e0c36581bd6d4fc64f046fa234cabf8

SHA1
97e71a5c50d8befb50f582d0468d4c889ea015f3

SHA256
988338d722d1c4b93994205c070d6c2e871687cdbce1fcb9c395308cd9fc012c

SHA512
7ce03b2399457bd0c226d3a9d40e3a7d784960a9738ddb18798f98180ec8cff5ac639145530d9d0725b55ab1c8b519ecfde3fd5073d9a0c479d3052da2313279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e5f630e2c9b50aa485e9e14aab18ff26

SHA1
d516abb4e12a3b201bb55d0f3304c7ecfb9c3799

SHA256
c8cc12c1dcea57567f7a952c54007e5e8be370123254d01008d7e3989c150bee

SHA512
d1016e5c0c4011228c8bee23ad73de87b5d07ac8a14a87d48a4c5574994be8a2a9450047e8865b4b073345a55eb21df0fb288e6ae51cba70163c952d0fb00389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
02bd2dc0599a0ffc7eed05c967e6986a

SHA1
a1df8cfd83c857d2db90d5f49b8c6e2d84f1d511

SHA256
ef4e65bd7e5fd044f91c4607128d9ccd363e4860f91723427eb525e2f25b53ae

SHA512
3b7c550cb1a786087f3656880ac3873d236d65723f5d60f906840c089ebdbfdc051226d43ee17abb4de5d6f5928bab931c9675171a3a35db6693169a15af4343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
06ad60c4765d4b5df466fcd1385300e7

SHA1
be85183d2927367f919b8f8c2f5ddb20002c0f1a

SHA256
8cfd81a3a1c90da20d14980817e277126604e59305e409677b0c49a46822c91c

SHA512
a903bad0bf1032b63856c44d9c587c130a1005821419f8376997965f719b31fbb67b0adddc839f440b39ba8175e07d6636e1d5df31a3698d79bb6036861c4f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
37ad43a01a84bde77873de1050091eaf

SHA1
343052662690e97809949348a1eb2c10c4a5c9c1

SHA256
6984e554d486952e8a4ac880273cc1140f5c27a1af95aa171b7c3ba4de3e762a

SHA512
ac92e47ef6963a658303b80a30a725b0357335852ca6088060b6a272eea9bd2853cb8ce92e22035d0487ccdc25e16b3c3ddd346555129293c955eda796405898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d9e5.TMP

Filesize
706B

MD5
6a4ad2714856b3484ba8832a07d80cda

SHA1
4918e7942e9223fdc73093a0c15657f4f44e462c

SHA256
a7416d30ab0a49b50de7d4f68ecf24cf66591673bf2474c8cc0c1fec9fd55124

SHA512
7760cef2c432c31d3b2b7a9e39024c8e0bae820db9d0ca8b8595528fcf4036ee14c9ce361dafadf6f9f1e9f8011b8ef407dd8077a0c8c304d9c939a0457ae48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79a46a7aae4f533f2525f89763d421cb

SHA1
d1afd9aa282b8fc1214232f87c71788c51d357fb

SHA256
43b9ff8dac3e8c19d52cbfb43dd117d3b3a1be14da40fd30a48c3333d8d0b1de

SHA512
bb699f5f1e20844e978d369cb83d9c429f41512948602a6b753ef684994802bc493bb0045742155c01f35d344fa47aaa364b242b8ba47521f7bd92a046de5814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f839a26a9f11996f35ef33f104c27f00

SHA1
ae1fb0795fdacb966a69e7b8a5a5ebc26462ffa8

SHA256
15df37c93538f3c521e1a9eeb860159c976c186e8f4fc01edcad300ba3ac13d4

SHA512
48364965aa0ed45d08682136be5f43959b74a4919cb6dd6272cdf254aed9e0570ce01d4518e681c4e744db456fd706334d8f6f34464d0aa0218f6bca8975cb9e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit