hxxp://discord[.]com/store

Resubmissions

09-07-2024 12:47

240709-p1pvzsweng 6

09-07-2024 12:44

240709-pywkrawdqf 6

09-07-2024 12:41

240709-pw5ewavbkr 6

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com/store

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	discord.com
9	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-771719357-2485960699-3367710044-1000\{89771CA2-3399-4308-A9D7-5A4CCA5EA441}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2812	msedge.exe
2812	msedge.exe
1436	msedge.exe
1436	msedge.exe
4376	msedge.exe
4376	msedge.exe
1536	identity_helper.exe
1536	identity_helper.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3048	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3048	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1592	1436	msedge.exe	83
PID 1436 wrote to memory of 1592	1436	msedge.exe	83
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 4308	1436	msedge.exe	84
PID 1436 wrote to memory of 2812	1436	msedge.exe	85
PID 1436 wrote to memory of 2812	1436	msedge.exe	85
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86
PID 1436 wrote to memory of 2620	1436	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com/store
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd2e646f8,0x7ffcd2e64708,0x7ffcd2e64718
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4200 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4184 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10044187175477783321,10532616396694695671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1080

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbc957a83b42f65c351e04ce810c1c11

SHA1
78dcdf88beec5a9c112c145f239aefb1203d55ad

SHA256
7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128

SHA512
efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5b6ff6669a863812dff3a9e76cb311e4

SHA1
355f7587ad1759634a95ae191b48b8dbaa2f1631

SHA256
c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906

SHA512
d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
148KB

MD5
606f4b7cc53f8b6474ec89a0085a7674

SHA1
4ad0df5aee28c17abde80814dad904b1e37a4f88

SHA256
c8de65ee7b29f147b784a04600bfaa21a0515feb783c4e9ca111accf8a78e4e3

SHA512
47d141a81cfce3b8246dce0a21a9620fc1910c6257e79f6260ea2b062fb5d6575bb23ca04401ee80de5371fb3a18678ed0e1cc3b34d036facd4c712aaf99dfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
543KB

MD5
aa1c4c4526b00fa159b008c0831bbf42

SHA1
ae5d3cdd52b570a68d4c7fd5107ff8261d395126

SHA256
f5c010de5e860021f5f9274af4bfd76ad850b3199ae727eb4ad80d80710fb949

SHA512
4b726459fcdf1f7944453ada1e69399d480832eb89407a7b28919b3fc5d0a5fd0391ae594cb38fa863406ffd01182e07e0acca64531391d99dcf8ac9624b9604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
1.8MB

MD5
a15c12580edf7f5561d8c065d93216a5

SHA1
437e197ad5dc7591e5ba6eefcf1427513cb9d3de

SHA256
8bd2234206e32420299b813c5a7d174970226c600f71334021463cf56cfac278

SHA512
43f42ca4cf717bd56c9832f81faa3d65c34f12af052a28bd87213acaf7bc17af1d6637562a030267830b8d07db04d9084906990d2fb773780f3ffa0d9ced6800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
770KB

MD5
ae88898829735b481e426467f2d923af

SHA1
e799ca467ba5cc766e7790730bba1bcb97dad877

SHA256
9d52596d0562415b21f32b1d3845f97942700ae72604a7e7c942646894885789

SHA512
76ce5110084ff387b0547f904bb22ad140f7aab21ad9de4079fafff61cb0d66e56a8dd4aaeac93215149203c5aa401bce82f253f6b2c4425fe786881b57b2f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
53KB

MD5
40d402fb2756fcf851dfdfc5a592ab3e

SHA1
1d66ee116278f23f5f4fc1d51d2ec5ae645d44b7

SHA256
2cb4f74f2e7b2bc38b5cc2b7dbdeff7e9f3751459781c3b92a409fd2f906786a

SHA512
e091bca1030ee9397e42d52c9dd10c21b972b5c952a22c2ab3478673e8eee3fb765e3ae6ed780c1ce413e27a0a9149e36449c86281f20355dfdc2f41f627895f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
07e0385399776c33c1043a9b2ba04f5e

SHA1
474de3dd5a0faf86f2336d181582f5f2dc225e78

SHA256
8e530a621c2b37b8dd827272faa7e90e8960bb556fad50c853c3e763ba28bb1a

SHA512
d2f52196d0818d6172c1d2495c725a929be64351996a2016c3d63559a518f2a1c513fbd816bf9ab31e1e755e616b41b1b6010d486763f5442255d8a27ee564e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4cfb650fd8887a6ba850fa50a0f99c97

SHA1
2647f24d74ee3f6d3ce14ddb0f4133d1c1bbb697

SHA256
76129206332b18747746b8b38b1a2b9142ca13c2379cd3d7787f00c4bb6e0630

SHA512
5536b978bb5e55a5b4076c234e60be4cd8226673fb8e3e2e7ab973d9381a30fe44403f35fbb218d3bcd803fb15b0a00d6ef40a38b800df3624deec228735d207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
874e428856792229faa8b8fcb136c1b9

SHA1
8e79147741f346d3503699ee732d3c144f77a73e

SHA256
30711bef164539684cdd910dba89a53a706cda40350f36c3d940328e5079b92d

SHA512
b2110efa0523c62e1443f6afc926ac8f9f51aa5f86a38770072f62f9274312fef8b8b519cfb5cc173f32aba1716758d65d1f752230d85fd0c379feac77aabeec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
846B

MD5
2394cd0c8ea1bf9eea682b2d7bdcc080

SHA1
eb6b60f8622668126c26f83005107719a4fb1993

SHA256
9485e58867514689a460def4c79de6ab652ff66b77ced55f0a9541d7ccf335bb

SHA512
a483a155f694502d88f39705018e4ea86b3f2e0f014a37c092eb358f37f254603ea14be8e0383dea9274678641f49ed6370da84cc8e8464ba9d56f7be18fc36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90c80ed35233395dc0b0104fea605fab

SHA1
7017b7b83e042a5cb3d65f78d1f832384e67f694

SHA256
abcdbaf47aa91655b94ee1fdf199a2ce3289a2df42f50215ad813440e89282e3

SHA512
7faf2769e505ce2790fdde86ba7731882b764d7aaa13ec860dbe28f6d1e0ff5df9714ab2d26cf46cfc68ae01c06ce71a63b5c19c7f24bd6d60a0e9026c772fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6533fae76d6ccd31a82e1a0969397eb

SHA1
11b86b9e6f63aeacd07ea19248731674cd115366

SHA256
b7c451b3364d587c1923a9fec3289b595eade2e8577abb7ae9883b51bc74e032

SHA512
796a52b5257228d9070ec8839a71ad733d32f056bfa8d59359f6050860818e46fa4d22f381479d1c8c4812930b58209979c77361945e06852d055a4015c258ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f52a858927b048a39a6198b14582877

SHA1
11f79a2171c0017f1da5c2ade577d1f4e9b4e24f

SHA256
36060047a38ba2f86157276635ce632c0dc42ec4c7fe21323b0ac2fc00d3244a

SHA512
f8a45661b89c4aa3a4817dc1496faf6c3df3466cddbdd6d7e054c64bdb2d504370474dc8cb3beb3ca7284d483ba3c1ab185712daa29c0158bd07c3232b7e1515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
f022b772d27a97c30367086f94259114

SHA1
80b7df2ae4b42d0ec9033963c0c69ba37028c534

SHA256
d9f1e1aa39c317fd7083b9639a3832e7cac80fa89121ffeb9745a9234cee4ec1

SHA512
da6f18a8ca3339e5a64427b9ebab7c340620364d4837cfa2933e025719c9017fb9adecb8dc46568258ef59828f2fc2c19a1bc74422bc76ff7ac5e9f15f4ced2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
670e9ff1d83953956aa8702db80fa349

SHA1
7e882d8a6934527801285482646fd4b574101e99

SHA256
05f1fec98cb5545d241f7e2f10992a5b907d1835c8f8df37e12d29bdf9031705

SHA512
a8f3d6f9219e37aa10d3bc3e616583a666ccc42db3659e374a8efa869e33f6b51b4be8799d7eb83e2c1269af9318e02ba93861049152e0a2857103b390dae5e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
0bc7a720e41b6be53b8837d2c0debe74

SHA1
e9c778626a9030ac3c44957a884828d7aacd8a2b

SHA256
a89a53bc6aab89f851cb0bdf9a9ddebea9ac48f14a527a5615938287354e9f1a

SHA512
20717ba96f3f63fbb3f70369b507a5919a656ae63c24f66754cec93c22a2f38d90c80f0b7541b8e88e9b4d2752eadf5913dbeffd5b62da0d1fd719a2520e1cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
9e7731a6dbba1f952e30179835e85aab

SHA1
dd1ec21c9d061747efe439f88c42964ea0aca3d4

SHA256
e39551761d55d85972d3968360156d623878be6a12f657e4e78f8db652188949

SHA512
8b6901bd1008288cddae0c5dc26dc22345e02f547382e6ad7c73a74faf3d026a7f8ea01292d7b72e8ae6cfcfd15e712901a21c327b32fac5bb78e94846a6fb4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
e09247650286659d1723f5058b4af6ad

SHA1
d7edf105f243dd529b99be3af1a88cdbccd1eda6

SHA256
38cb1f716b21492804aad0741d28a70f3a57da749a854553f8be7c350ff901e5

SHA512
603455eb95d834669bec1acbf17752e6d69ba688d6d5a410f7a78d3be5964323cf9649258b96aefd3238451a2fa46d65c84bb8445a506d596c82985f91b9a66e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
64fe6116d32bd19b5dc91b9b6d727b49

SHA1
13a3783af0975cc92aa5467c3bb30e0a5dd4af5e

SHA256
982947c60c248f5a74ed75be5e92b83cb722ab0544273f67ebac7a44a4e9f83c

SHA512
c86c9cf71c251b99bcaeef36ba19cfc1291acdf61254993549275ebe19ccc79c7e6e796ac1c4064daaea22157ff3f974d001540f8c9d249972e4e3b59b19f4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
3578e5416f14bf74b8085692de08d51a

SHA1
5cba47d2a0fa2753a60bf5044e54479bcd29c46f

SHA256
5784849b86d50afdcd3c29223f2f93d69cca14d63dad73630b4b354401e8602f

SHA512
089c8600a8bced0a650eb986c8e8d41b5a10a3debf23d8320b3f13e429a20857cc528b6db917cea799c76551d14ae72a0773ff6b0c619ade0cb3aca4a3cc6461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5831e8.TMP

Filesize
370B

MD5
f51d0719dd0dd2b0b246687ba6f46723

SHA1
3bbfa846aa4f062f6c7d05a315ab55f93c725fd1

SHA256
cc0c1ae95c0cc2914739b404aace21d6c10288020f63cc6a9b7139cdb83ee4ee

SHA512
43f7d73630656f3b336418e1b32192e426298514edfa99cc4ca58f6511c46882c4acec4e4134d05d92c55510fd40276d25c62a472a937f7033e24dfaf8180120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000034

Filesize
17KB

MD5
9d94395346f6683bb6b116c66d2b643f

SHA1
62e3103ae9b8d5eca5b64a2feb18d77ce925c864

SHA256
8eca00f18dc0287afaf00f6404d330652a4b1a810f7dae73c774bb9b01dbd982

SHA512
7eef3ff363f58c948a44a88a648be00a788d9fde4e133a5bb136856972243fcb287c32bbb12288c20c2621a19570dc5fef994ec6f761fe7b41337b3e1ae36349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000038

Filesize
17KB

MD5
a2a8d4620524be9eca7f61eac3fb3c52

SHA1
68caf758966594d7c2de8ae9430a6b21d76eb82a

SHA256
39f3ff198c8f282157f3c4fa3e41ac5fca9954a9780c2b4cbac94e69aafbad3a

SHA512
682efab9a1c9709d6d66bd86c73624160108df4eb9cad89fac62e2371ce3078cf4f7303c9b2dbf37705f4e0ed5fca1cf2a8be8fb504d685ad2b10dc7d9dad59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00003f

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
566b7795a054335cf73d1283107c030f

SHA1
b0c0bbcaa91ad11b6e0ae4d68f1c5c3a3fab1faa

SHA256
b4d993eac2c309992f58c9e114d54554c52f40ff4face94be49a16932374727f

SHA512
f16b2f086549d47454d169b54df89b77464eb50b53eb097d7a096de252c168c9f94ba4ef3c2681768f85a0acccebe3eea4c7a5702037757df732a201928bdff2

Download Submit