hxxps://discord[.]com/developers/application

Resubmissions

28/07/2024, 21:31

240728-1dcspawapr 7

28/07/2024, 07:18

28/07/2024, 07:17

28/07/2024, 06:57

27/07/2024, 21:33

Analysis

max time kernel
1191s
max time network
1152s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
27/07/2024, 21:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/developers/application

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
7	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-126710838-2490174220-686410903-1000\{DD610614-5A19-4E35-B282-F4A502565EF5}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
656	msedge.exe
656	msedge.exe
1284	identity_helper.exe
1284	identity_helper.exe
1600	msedge.exe
1600	msedge.exe
5056	msedge.exe
5056	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 796	656	msedge.exe	82
PID 656 wrote to memory of 796	656	msedge.exe	82
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 3720	656	msedge.exe	83
PID 656 wrote to memory of 4992	656	msedge.exe	84
PID 656 wrote to memory of 4992	656	msedge.exe	84
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85
PID 656 wrote to memory of 2848	656	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/developers/application
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8a5a3cb8,0x7fff8a5a3cc8,0x7fff8a5a3cd8
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,18245705361113142004,4689869563737611477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1ff2a88b65e524450bf7c721960d7db

SHA1
382c798fcd7782c424d93262d79e625fcb5f84aa

SHA256
2d12365f3666f6e398456f0c441317bc8ad3e7b089feacc14756e2ae87379409

SHA512
f19c08edf1416435a7628064d85f89c643c248d0979ece629b882f600956f0d8cd93efbe253fa3ec61ad205233a8804807600f845e53e5ed8949290b80fe42d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
562b59fd3a3527ef4e850775b15d0836

SHA1
ffd14d901f78138fc2eece97c5e258b251bc6752

SHA256
0a64863cb40f9d3b13a7b768b62e8b4707dfee1d3e86a07e999acb87bd7d3430

SHA512
ef9fd3d83ab85b18cf0e0d17e2c7d71936f783e3ae38005e5c78742560332f88be7c4c936d4dc4179e93fde0240d2882d71ef7038289c8cbddbfc4790c0603c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
36KB

MD5
b46305f2adb20879a3056c400db1dc24

SHA1
ff5b669b349c279e19bee7caaeb319f0b235d5b5

SHA256
69be9deb2ce4f506429e7aa6a454ee0f42ffcdb690cd794f5652757fe17b9124

SHA512
bf532814f777735b66ca10dbb445e44718f4e304dae2c213d7c03b917d55c2633aa26086e1cd433d6a8f18d3929572a25836560c57648267ef9ff2d854c051bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
99KB

MD5
4b653b4fc2245dbf0c520c5df41ecbb9

SHA1
2ca5913d9583ae42e164af8ecd4e1c7b59a1fa30

SHA256
2e799ff4c6db2a830e7cb535063a18a910383e0d448a4d57b5de737a28133f58

SHA512
b6c77cca32a04e3b801f63f7e8015038e212eeaa1907a76820bc4f1f594be84dcaf454212f0613646e583970bd860cedf4c6d3ab558a440167c3efd10b185b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
566KB

MD5
56e378667e25d13f6ed6cb7edcf1b727

SHA1
c2c6b28dd60d47a94b7e53f7988b5d51335c85a9

SHA256
e1df875857fdcb2cae928f662ae83772f909c55cae905dcfda1afe33947b9ade

SHA512
8aff1f10aa2e703a8aa42c1ff16333ab772d5948e5444f839fb7a50e97dde77665940d5294585da774c656afad8346b833d52a6cafebd2f108ffa84f1185be07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
761b04621863c57a6694605573954954

SHA1
38304837cc3d7e7714a8ea572f779e81c4b7f619

SHA256
f5f4ece85dead768ff225f3e27bd4bce8abd48911d6df83015b998e79eff688b

SHA512
a2cf54f5b71ff83c4ce6b0342034fbfa4e6360653c43605658e3aba112cf4ee135a17500b426eaace376717e6cb695195fbace3c775fc6365db345c50a53df94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
beb40723435f9d90687859d70411da85

SHA1
9c6214249d69722b269c7d3f263e24227dfd4486

SHA256
6f59a14d9a64015433782861870cc099db4cddb785123ff0a43bc6c567f96e10

SHA512
3ddb4260a22f1b6f9c770e3db28afbf9952b0c6ff3f56bdbd176a5d68dd20710e53168019adcce2341fc0481c3bcd5597fa9346d26b4dc1c75299339c5d41b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d8afba4fba1da810eabdc50fcbc4840b

SHA1
87ca5604739904298d16af400715090af8b6a8c6

SHA256
747bc50f8cdc498fbe0697755675120ebd650ef486a89617b5e512719ee1395f

SHA512
f82799ff2cee71e12e1003cf5f785755537e837b50fd6e3d8212eacb1eea30666a6c955ae9833e6641b496e9cea54806335b8ee81019ed0b26d30df68cf9a098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
979B

MD5
7af5738abe9b470953b5622f49e9e360

SHA1
02e65f474884d566f1d6b73ca47c1653b6e6fcab

SHA256
273a1bf29fbb7fbe4a096fc7e8bd4039f3d6f4510bb9fe5c40f855fec859de59

SHA512
9a6d8c221525abac4647115ed8cb774f0ac083c81a52165a23b02b1b7e8fe20c2ef5bb26248db0b6420756ccc1daebe899ee3eada859cce0e59f8bdc421b6b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1010B

MD5
8aeab4d0b682bf7877cfacac049f4c51

SHA1
f045873e1151a97580dc9489347e7acea90120ad

SHA256
200416d3668c9d3cb2ad987119c3e2e26047609b8570fac23c6f07c66cd43a27

SHA512
143c38929e101260cde1bb530065a165fe1b94bebe3fe131286f3f1dbe1f34b8b9fdf5ef32ec8f51d91cd4dec58f19443482b13ecb66d9bb9fb52189c79d8cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
979B

MD5
956ed11d3fc6a524215a0abb30b3f080

SHA1
3e32d91c70d5127d0e284adb45e32e98274b6a05

SHA256
262134029c6a5155a8833822babb42bcb7e5959dc7dd7df4a2f73b86f99e3a81

SHA512
f40d34aa3640a91b72c3fad2bb396a87aa68fbea6e05a57e1f3fa4de1c76fe489ef1f3bc0cf89760bc4318b31fefdc6a0d431680063d6e46a36e16e299fb1702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bd7ab2ad9e2f33c95411ffac2ccec45

SHA1
50db00bd6e06ae1af53f86124fd89085319add9b

SHA256
0369647f60c7fbeda55ed096339215e122107711d734b8522c5d2be08ec24a69

SHA512
e16ef654cff03e2ca77cf9e9fe4630dc1bf7758bb167955915f5bcbfa11dd822de41bda1cfc81774dc17eaed611421d3e30e024e409c65920aa140450ee20ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
effe2d372002569be21723dafff5593c

SHA1
3f765718cf1a9357ad5178cebec52256d2765b12

SHA256
606de3db4a2d4d72ff22ff3e3e4f2678b192918de5272ff8be20a71f1e4628bb

SHA512
db6480edb56f629f722aadf676a63929a6fc139b466cf4ec836abee347a8fb629910b1e642bf0fb16e50b176ca6b37845fbb6253da8c305b8bc2deeabb87296e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9bf4cb6b535fb9c04760d0e2cbeb216

SHA1
6e86e21c1cf336ae3e3b2bab8ce482a24e8a58d9

SHA256
93d02188d37bd5e5b350e0a02df85385257e0081c78055bb6e48f0712583dbb9

SHA512
c72785d7ec76bd6903c213c55ebd24e978818fb28f512d694d8e4f69cbbd2056550f50ee32c4cc68c4b876a0f7c92676b527e18c80989de55bd8221212fab947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25f1fe1e26fd6ce35b797cb19faaaaa6

SHA1
88592f4196c81ff76048b36cdbd518bb2f265afb

SHA256
2f1ea7dd96670d3c6200c0ba0ec33fbf3d3808fe95e67be9054d107727c5dd68

SHA512
80d5d3642a66868455e703e1c9f82ae04b66c2ae0af43a8f0147a1b69290ba65802897e43810e58fb7277ac28acfbc649b1f0a155b86a9817b996550c05a9116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6bf45b794f4eaf03bb46100d3af3248

SHA1
db9a9fa5661a1b20fc9de6d9076c2863e135dddd

SHA256
affa79bb3407ce7fa5e2f6afd6e54b083388548f57151220c398dfc544de1889

SHA512
40d5f2435f3b33584c2dbdd35dc000687e7505d6ab389b38116da87b1b68a7c2af828ce52261c56862ec4f3d41a4379d18c09a46c6730803b66ad365907dc153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2e653b43324d9c54078e1fa3cb78948

SHA1
eb22fdefd01d8215b4536defec2615aa11d9b9fe

SHA256
22947924e142e37163699265f26b9468317b06e9ecf1a1ae18819aa988724ae0

SHA512
90fbc71d8162b9a815b62a8939da533e6c81f1b5a3ddfac068bcbfde8ddb9d90682034dd34c411ed6bd36b2c148b500771735b012f4021c379ce8118f02d8ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
700B

MD5
8e6f1d72f108e45f6ac1f6d40013fe38

SHA1
f63d091336ad4ce913e2952047a0c3d84e6f27b2

SHA256
596ffe0e77ddf6a9da5b70ca501f6a822f98b632e1d6ddc16c70e2a85f86cf57

SHA512
d558d00b3a9cc3162fec2e2c540d012ab6b862b1683650da6f75e5a25a411d919226d7c4af25e91052db3cfeb84233e3179d4207ffabac65256940fab019a2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
f430c8ba0772a3e587913b585cd00008

SHA1
000ff3b9fbb1af663bd5fbecbbcbf7fb4b71d88f

SHA256
95cf150605b62e6cc8b6eb7588a8fb853ce16a04ad19b2fa93db82453cd580cf

SHA512
c8a4dba8c7749c1d79072c4e83ac3610e6d07ecd3aa78f83a725f8d773bcd64202730af70b1bf78e86e8eb494f65e61e39f7d23983edff558d7b9f5503551c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
0c0f3bb6f0bbea48a04db18c97194f42

SHA1
11d5e23fcffa626eafb72dd9a7a613871e64e8dd

SHA256
3bc39044b5d32c4b6c64da3d3769181142fda0940c4b3835e29f723db999c581

SHA512
8d49181f227c3bd32317bdb5ca62cd5adffd9e2ab035ee6803f8c3aa0c4dd66fed637610559c1975de4018468c5cf2b7e126d65cc4dcaa387cab6841714ceada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
d0e462772b55623cbeb50ba29167bb25

SHA1
82171e10131d953ddea06a07c78c9ede1a5241c6

SHA256
60ecb47549465fd3ab0af204de7227485b76617f8e7cb3290dcc28bb204b103f

SHA512
fccf7e8b94ab54e0e2ecde185274b961265273bac477beb4ea3ebfcef4e56254a53bbde95741c82a2ae673d8e42b43dd47da489ad2dafe843170593faa3b7a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584522.TMP

Filesize
368B

MD5
e154573e00b920fa61da4a43d23fae65

SHA1
f523fd9d26ec8bba0699d7712d162b925eb4e0dd

SHA256
1ee0d14607e16149c555ee35ada4bb13ad2f8a2cb58fa201a88f08d50f222334

SHA512
373a61f2a7fa1c91f6dab832848bbb47124b5eda3f1f105a112d110bf6ffde4f9990a01db3f5700dc589944d8c93a894fb69e7203f3c98686d04c7f232df497c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4931e5920b02b5b62efcd478bfb8acf6

SHA1
90a6066957e7c380411dde5e06c3ee18130d2768

SHA256
a5c5b2531bb9be5c3c3f5a84161d5841dd91eaca91358d276d4e6d01988f821d

SHA512
986793f58cfba880df9b45dc4a46ed47cfce31e2737b000d3945ecaef95e9c636ee7d26dece85dca1581dcd3ee0a38640ca94d2b182222676b01a357f6199247

Download Submit