hxxp://discord[.]com

Analysis

max time kernel
1467s
max time network
1437s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
23/07/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
9	discord.com
1	discord.com
3	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-95457810-830748662-4054918673-1000\{30EACEB9-DF8A-457F-B4E1-330C2720BDE9}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1356	msedge.exe
1356	msedge.exe
3948	msedge.exe
3948	msedge.exe
3604	identity_helper.exe
3604	identity_helper.exe
5112	msedge.exe
5112	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1340	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1340	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 5084	1356	msedge.exe	78
PID 1356 wrote to memory of 5084	1356	msedge.exe	78
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 2812	1356	msedge.exe	79
PID 1356 wrote to memory of 1604	1356	msedge.exe	80
PID 1356 wrote to memory of 1604	1356	msedge.exe	80
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81
PID 1356 wrote to memory of 436	1356	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc74013cb8,0x7ffc74013cc8,0x7ffc74013cd8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3316 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,17528909882516822808,15686961305669391665,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc52695a78aa4e8734d73b7446ba59d1

SHA1
15dfb5759ff566206ebd6b8a864e9e43182d7f44

SHA256
fc18d4b0cbcbb89e7f9cbe630c18c94ddecf8b59e74718cc5ad1f66fe638cf9e

SHA512
dbddeb1e9678141910933db917260164cfd07d5f2fcf3c7e82fc2c6db486be7dc47fb193a676e7a23d4ad6936c946ede8def1c555332e41a829d94c207cbfd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce971e4ab1f7a51b5b9def5887018d15

SHA1
2f280b61a4c3297a3129d59b84ae971e90fdf9d9

SHA256
12e7606eaa7e67b697c8b098266fcb8cb066cd9f8f60ce43ba8405102a63af1b

SHA512
5358fb373e7ef29ac278c33161fbd06b4ac59b24be16e4c34f37ae88383655a182e30fa71cb7881cffc3af5ab055aad25d57f53f3114e6d79b946dbfaa228594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
66KB

MD5
7e50a286cdf05aeaf1909c2d9f1d94b7

SHA1
9c1968b41cd9894316b94fce6a1308ae7662e481

SHA256
e44cd156a89c7dc26890106f8d8434944185f85a5ba3fda555426e786e6ffab9

SHA512
4b2f5618875c2bd689a8bc3b9660e81ea5edb30589355ffaab8ee7e24078cf987fab3085629c7d6760f855c28f059cb55ed2544e8868c868cfd07ff1b470e6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
f961ffc8ba9ee6229c1278ec67b8c0ab

SHA1
771806b5114025e650878b9caaf07173f14a9392

SHA256
40bf9b81b7d5c7a38ece872671aeac2488609c8f6291d74fc8f257fa9ec911c8

SHA512
81a971d0ab8d597d5546f3bebb00f171097209c104f24de4011af9b731e5786559eb966350447150661160d3c3ce80e1bc7649a437d2e1a025518e95edb7ea1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
304f10eaefe107d2a6991aa66771e288

SHA1
7cbddc3d1447da17837deb14d499023c9e02b459

SHA256
776ba9ae8f3de68b390bd10ff86b6cdb98795e3b33b41f46cbbc599b7eec05c1

SHA512
665686f3c9af74c22849953fb09e4e4f496e53a4ac913f51570938877dac8e5179cdfed02e6bdb0de33113964e9c0c7f058e715583f164a5479086ee4227daa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
3a4808135a527c41f4c22a4b7f021d70

SHA1
fba104c67fcf7e07c9b956fd83a58ec7844fa3bb

SHA256
52f93dd393570bdb5922ae04c95b92e259a43a51e415f2f624d69cc4846c90b0

SHA512
84d550d8219d5c0383f12fea0988e61d07b03fa087499878633477b481d98f7a01282df4c1e568e6cb5997a1bf1b84d3cac6353f9cbb5e4ed106934c8f0fae3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ffe3b8424a970efec25c2ee9bcf18461

SHA1
93f230a607cecc62ce6a454d5450bcf2c927fa57

SHA256
45f26bcbee72cdd428a6d22cd86af5d873107499acdcfb307531bc893847b5ef

SHA512
c8fec2080bb6a8818cb3e7b4af248dc80181f477e973333af0b85344684e6ca28e88028c490705a84c7ad6932500ee81e2d59359760a6804b767643b454f841c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
06442848c0cd9e10010aed15eaca91a6

SHA1
5913fbe3e28a668e139191154ce0b56d8b1d1b52

SHA256
69bd2d2dfc3d6ab4629a67f44e8e5e055116a1bab67cb7956ea11d0146b5026d

SHA512
581da296a753fa97bb05d9f7fb5f81386c4c209a7b99a17f41118e7b129fa1e9dd1d56aa95efd771456de2ba3ef1af7f44e8b417eeb1ac5fed82820148a9d0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
98b402927f4cfb84db5c5c0b956cd002

SHA1
d5f150005dcfa02d4437ea2dae5142ddf294e7b4

SHA256
87f22953eadc5c490731d3a4c341718c29f4f431559f8b05ca2720b814154271

SHA512
1022710973b722965cd552b73316d77ccea2cdd973251cbbd05e048e717ce0b92fe86309aecdab5ad197f3ed4d7902adaf18fdb44f207fe168ead098fb390d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
55c841e1dd6d24191b20d625fe7a30a7

SHA1
f6a5f00849e5adfea2c328c1388a9104909bf3c2

SHA256
9bf03e0dd26d4880128ae474fce3ea547d4bb66cde023f3f77d989616b2cd70c

SHA512
796559402b31f14891b459324458d2d8549070afcb0fd67d96ad7fc5903de17a29a90ecad1dfae4ca1438e439cd5394881a0b7bf44c6fb27eaab005f5690839e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5ee462e453cbf2e769843d1bd0f2d7be

SHA1
c92dccde2ec085668d090db4af19e8e709812832

SHA256
54de44016b0557bfd6e333cd75420d30b31247e20a712c8f9c66b4f65a9ac438

SHA512
1690e05f2e59dd6531b6ec7aa488a758ed6af426fef91f72e6251aef8354aa9a23d7889bb73ef4e459ac9b5f61907f0f87501761661825f0113007fddeb5aa4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
78cb2330a408246a940e7a488fdcada9

SHA1
16127c06caa3e60daaa18addbd0e5cd68c3377b2

SHA256
5323f5c79fb5761a1bc15e8a8e3e28c2cad2b60091e9bfa86cbd791ee7c4fb12

SHA512
553e1c1ad680dec4627cd26f13831d01daebeb018a90bc2824fb4f57c05ff22926331a7a1902b0f1e090cc87d0996d3eca94ff78d0b6cf89993ad765ae3e0b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39fc40d46650310e4cdcef535c72142d

SHA1
4dbbd1966138e7223835c77a1abe1e7a84de3016

SHA256
43b823fd9283cba8ae919b57baef819d3a088b02dc47a9ec3756b81d65d2fffd

SHA512
844180953d699f681857c122f77d3ad696c40a3d64bf743ac3f54316ce1b23d8d03c273e9129791f03ad82c84277119d550385e83d703b6fe8b47caf3371a867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a110167bdb469655dbbf8d5d1d3bfeb

SHA1
a4acd80c96ee9589bf91c82ebe2a98e4b2d1fd8e

SHA256
2161a4119cea6331d9250ce20c3a51cc89cd99a94d500c453c8ba6327b481a4d

SHA512
12bf0602d333f6f0801b5afcf409cd23611420d04585ac1905fcd55f2595d31847d81341b057d7ce19e7acf2ea8083ba8386d9689a09eb023fecb2f116bff2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c1c3ccc2718b37d01d40ad0e0900a63

SHA1
dc25ad26b09ee51da8a745f1e725ea8dc5a52a38

SHA256
3b01314b74b6282d45553c354b3b6913b57587583bbafe2771de80a4cdfdbf14

SHA512
a2973d8fc1b1afdfc4c1513dae5d308509b4f4daf1517e68ad859908e9e03716f0d807cc0bc456e7edc374a1515ae14b3fa14dd8e67b1fb19ecd35deb9c562c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f4bb88734da9d759f883b251b36f8ef

SHA1
2910c6c8f3ace7aee7c3d485dd598c42e1e47910

SHA256
0f0d40c5eecf742d16c1f054e5d47ffc054aad41d977d636600c5eb635630952

SHA512
7d9d86b665644c61a2659c5967b26077b09ca9fde4db0626e0a1b228a0e21c6bc2ca249f2d371f4a7dc906f2e00f59a62f4aab8165ce82344f20aba888beb1a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
899a6ab6022d85dafe7f0608db471a43

SHA1
84a2a13c0cf61b03aa447b21a80aa2103d0852ff

SHA256
c908798f4b5072c061e1f32c08aeafaa0053b933336e46430a78c23ba1e9b729

SHA512
ab3da5887e151d86bcacd71c46c234d58a676cc8e8e10445681b256606a57f96952a9d76ef4ee82c1e1c237caf07219842e72560fac77e7ffb81d128b69a00d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9ae357b12d5dbe75c5a70bbc26b7dad

SHA1
e06e23f60c803aad926f4b5c5fcfc7e2d819ec15

SHA256
4d84504f7943d00dfd925c3b5b569898b31f8aff281f0cf1c3c04a0e61e6b145

SHA512
eadb64281f8dfd72019d5996372e12c6850d89372c6c2f42dc6cc71598015c110ba92a86562aa8000e082297ee82487765e02bfaf5f4fac7d6a9ff650ba72ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cec96fe9aad0dd8cdc12042a342f0282

SHA1
ffb76ca2e1be15b70be6fd5cbf03c66cd91ad36b

SHA256
6234c63c3c2f8411962c706633db4a6cc07547195c56d7309d12cf213fec2877

SHA512
2b0fa2ffbd1ff37b4a57fd24d64a2a97c7b30aeef6e83de9b89554bbfae7e725b2de1c38783e30f8a3518ff0671686deb5a00a40e34bfe56c40b82a4b3c7a74d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c4f072f6cd59f4651f8b0e913558848

SHA1
e7dc1314779829d721aa13029e92750b1f433642

SHA256
e52be10f14da4162ad507cbb65afb5d22d24815f70027570d3dc75888760ce7b

SHA512
5652d1ba43e9e32a53f3804076f2dcc09c97ac23ae0bee5f5f07cfd4e9f422e00aa04182e8c03cccaeb423406b93562a4e51a191f5ac2cf0d0ee5c201dae82a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70d6b6a407e700e934a37cda9e4ec73b

SHA1
f85a535648d48379696dade4252eaaac57ed6dbc

SHA256
a476bdbdee65a70bf76bdfbf98ede8f093273632fcf097b7c52c38ef3399aa04

SHA512
f0491c6805e9bb7a153907d8b9355f848e4d83e59d37eb148c5cadae0577d890a22e8c432c3b50cdd30d91815bbe36840086bf9c589253a1156a80258cc38b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
814c927279cf2a047b8e30a9341f9783

SHA1
5e9f00809cde82cd6b54eb8db029df1398797138

SHA256
5a45cd43e925d82677728b332447094569946f8fe8559214274729183293ea9b

SHA512
89567fd51433acaefe0854b8f476fb000a261744decde50925bae2d8dbb4c3ee7c61cb0b56a314a96c94e31e9289742cd6b23d14059eb6711f07a1b851d09881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aea18ea59f7e26e64843d28a94bea209

SHA1
b4e8733818d605a1847d3a98dd6246f4e3888a26

SHA256
25a4cf8bf230b1a639434c1b768e54a0fbcd7bfee15b5d65aa033b4d61dfefb1

SHA512
439b74ab373faf71c6fc3ac53a8dbff39406de16d793fcef8beab3f4d712eb6f2bc6202a67729b41ab26595e6c76d9a27253da8c118e3baf623c355191ab5f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa23ca5e7944e91df34f0c7a0c232757

SHA1
49a5c501ff6f8e8323fc2c51b9e1b2a8f3a08cc7

SHA256
186592ad51ba67b0ac0635f8a82328c85eb928883d38ced8cdd094a697bb8b94

SHA512
db115c024a120921454e2ecf5c11cb68770b36962b89d5cdc029284312d28372602f8465979adf682dc5ea465c48313aec6471b7d2518bfd35c416b75b465ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e676f23c8bf9937a2defe5e2b18d2bd7

SHA1
a524951975f4de2fa6f245f56a56152544b2a2c0

SHA256
343ab22b4d248d54ffb3c5d8e15af9e42eb1c8e247314dfaf78e842eb59602e2

SHA512
364b4a1f10fcf5d0d8de203f7704c35c363be276538a53244bff8838ebf43e46afa2bd98ba29d49be699f0b776cc1c3f758b7279cb041fef584a145eb8cae3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99bb8b1e467ef2811c4af69ccd231b3a

SHA1
354170d2a33ad27b9be8eb8e5ec9ba416c8be2e6

SHA256
e9b933e241c99ae70fee11ede708feae6b801b93ecd5c9dc493259c41a0040ae

SHA512
067e5fe59960972848316458d4345667d932e71d5ede34d5084736997a937b2005f88c7c27d39fa0869661b089b770f03fec3a77a6efbc12402c29457a32f0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cbf68b604fb9328f78b802ab201b0405

SHA1
7164b584f32b8ba0e928e040eda936aacd34c3d4

SHA256
e31e80eefcdaba0de9cefee329e5f36a198f0b86cbdf3c11e6965c7c7191583b

SHA512
9e39563ba5d0f251d9111c9be6b51b63981f16528da20c4d99880297edb5ff1dd49a3af8a1604b13d424c8dc808e48fab5ac4cd5b94d66df6e34525d5245c7bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7db6cdc6564fb236cec5a466ba5d075d

SHA1
466ad3e6e5f2afe611ea8aa22612d31f72de642c

SHA256
c5e014f4c2fc386c6fcafe3538aa2ac46a2dc0d0e55fc90361288e09f5956041

SHA512
1ea8a59b54a936ef708d0455c02fa14da69751f5dc1d60da727d9eaef20bacaabfb4304889459745d8e8db99b28af3fccabf1a31415c2855c1a5ae6c9673937a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58269e.TMP

Filesize
872B

MD5
cc25da6fde48e9879a7cdaacd2e4c1a9

SHA1
fe8f8b7c24b40cd0a624cf5e148653a491cb61ba

SHA256
e6ec8e9a43275fff0a0b2ee65fb92ecc55799adf321a2b6ff4ee1163c9f3da42

SHA512
3e8b35971cb88e32381bd0d57b7cc420696b9b6bc81df7107afc12dbca31c1b803ffebb8a1cb3dfe010cd028281abdae76dddb67eb9f990b85f9b5d9cbf01830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e33be51a97d4f1442d97670637c8bc42

SHA1
7034d7f9c3780f4cc697362f2c2c2cae8dbeb57b

SHA256
6e782c787bf01666134c21bbd66e5f6308449d3673499a0ae8f72a450746a952

SHA512
4250a28c64b5a6dd041bb51bf0e7644a7efb667760bf3ae1a6e17a30026e9b2018274acd1db58e8aa80ac6e21235fb25c61307c7515446ed7edc738677bff9fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76e43042657a136fea36ad2fa5e6a9f7

SHA1
06eb8aebdb0098445f62452f7f65008e8412cf6d

SHA256
66d26c3003db970b4816941a1d3fb0883c230654174b130b6e230e4140c79b53

SHA512
fb16576c5ce2287dc99060abc927605c410283006c02d75437e16abffe18f6925db0b4ccbf6a6e9d68f92a84dfdf3acb66c006e8609ec35d684bfda69ef2df46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d9c8144b183b0ce775d17467ef4973f

SHA1
9ae4b3eb56f9818ee229bb3ea54245298a104493

SHA256
1c5030f4a05aac1cdfd29e0132334c2eedb598728bb938f5c5d3eb1ff9358377

SHA512
4d4b6dc934d5cc211858709e6448140da05e22232c5acbec4c1c32b06c67221a62c5674159c51cf04e6d92af66892f2262e4e50f7430cdd15ebb5ebee6271c7b

Download Submit