hxxp://discord[.]com

Analysis

max time kernel
245s
max time network
246s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
28/09/2024, 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	discord.com
9	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{DC5D4F93-8947-4FF2-B676-351C883089FA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3340	msedge.exe
3340	msedge.exe
668	msedge.exe
668	msedge.exe
792	identity_helper.exe
792	identity_helper.exe
4744	msedge.exe
4744	msedge.exe
4120	msedge.exe
4120	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3712	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 4924	668	msedge.exe	79
PID 668 wrote to memory of 4924	668	msedge.exe	79
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 788	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	81
PID 668 wrote to memory of 3340	668	msedge.exe	81
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82
PID 668 wrote to memory of 4772	668	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe42c73cb8,0x7ffe42c73cc8,0x7ffe42c73cd8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1612 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,14722602724724034531,3361085623737735499,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3364 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
29KB

MD5
444356286cccfea4af93ea948d834e91

SHA1
9b27c833884d69282c6b5fbb28c58ec09380d5d3

SHA256
6b21d50de77ba9249366289cfd085c0da5f72dac8471346983f2f17740328f53

SHA512
5d4c85cf8c9c98ebbeb5e05dd06df9e71062eb030b197d376bd16c6bb3e58e9fae09dd70c1338017addd2645142d76fd1389e4ab5459a7701580e267c160c7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e87a5b55835e3424e5aac42c35f51187

SHA1
8cfc9d2abbf582683567604f3e48342a13b71ae9

SHA256
1269481cac9de073bcca82d924d48362ae5e2345681af176d2c6b0e99d47ee4c

SHA512
f5d4dbfe186e9a629ff2d8a4cd1ecfbe3de1c563e3342f5897213d200a7d51d735c0e060caa205594e8cf958c1a9524bac7e832266ddc438bcfe4a0db432f449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9d6bdcde708f57a1fa58834c93ca86ef

SHA1
370775d96209ecd039c88a480de8827c6321901b

SHA256
ab946494d36ebbaf07b32b6a86cab2b00579cdf55c1b68ee9e7f7590398cac03

SHA512
cf45a3d9dcf56f2a58cd5e1a09cc47899d8a41adcb1524f3fbaee16587a705f687ac6bebd8a5a292089153d894ca6e3a003b8c8b4f4a1434e895b833ee2d894d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3c509de6bb452a18ad7481a1053bc59d

SHA1
1966a0d423344b2178813428a030ce0af6ab8402

SHA256
939d6abc1b35d1b50284e5b83d15d86c8233eb9364fe83810b88a5b98b0fb7df

SHA512
8c03c1eeffdb42b5d7a978322a0bf7e5e44eabbc706e9f60899ccc2899fc77f193072c225f0b85d3d6a68e2aef0631be14d1242150d5cb92d04ec3fa64abee50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
36ebf3ad5a706327f6efc7bdb70596c8

SHA1
9463c80f3f9d5b976c0fa772839d0d16b57cf3d9

SHA256
4da75c04cfc75fe3b99d0307fa86597040156695f18106f4a328a81ff9c86af9

SHA512
799c1c8c5f0feb0eb9be67ce895db1be7d11172694d82d856213f6a6ee88af8b58b0eeb5de3932d3cfa233d55540d9feddbc99b4d2e0cf0b674999e2173f1106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
a93549c298f22829980e4dac7a43500e

SHA1
88014193181622d08b423d21ab5973b7ceb9a3c1

SHA256
6ff44c896d31c29df8e0264022bb724144ed09b357ca011f51fbd6d47e01e9db

SHA512
83eb3e94675a3c7afec53b470629708265224ef335eec746708ee37d0a89c1f64e0a0348fc8374cc818b8c7310ad5e01e0ab4c0388b70ccef69978dbee40afbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
231f5cc0ab70228ccdc5541ef4149ce1

SHA1
afebbd6b6c00d8f40e8fedfc66f632a9b2675337

SHA256
d9629ea48c2d2a6ac2566214772089946b6c9c93f395becbe6c532019dd3ac49

SHA512
b0d3213410bdc090a5a4224036aa7e36d497489fa9ceb646657cc2d1f9ad2607d0f820461abc5a9f8ba053b4c7adeb697e697f2a1d1bbce2368569c576954ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2e9a8650c38c6ecf6db75b7f66f2f2db

SHA1
71ef120985942a4f7fac6c3f1b57fd48eb0a1586

SHA256
97409a0684d96dfcdfed1b465b2840ad2cf86b20371604f90a8a29c1d2a89f90

SHA512
62bdd496227a9d7847ded7f55db6c07057f188d0a6528a11eb82133f70e7fee0bb8d307f79ba1200371559aabd5a221fee07f6a5d8937738186b036a39b07256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8aa57c6ca1863ace2530a2b9fa8b2d28

SHA1
e1b58eacdd4a1dda35e06ab807f24a9d0525402e

SHA256
c7443a5cc8009b9df2bf80d7da9f0f1a85704915eac024ce03423f2c77179bea

SHA512
1ca0826d2b0ee771e1564bd17cfaa1c351d358607164e949783cf75b98e493dde9161cb20dfe6bd63987f04197d4339921df9e8f3ad1a9e3b953fdad64037863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
13daae8fb681cf7c4ee359406b12b4c3

SHA1
6d3ca2ae2568051da1cf2713d5aa204b8e0f7bee

SHA256
5fd6483dd6786d98090517d17de547af5ffa0763a46c730b50468e174d135fb4

SHA512
fb2e561d7ab0b82e61b256573aad59385d42085d0acaab6bbffa5994574471356b36fa82ec36174145d5a7346baeb471441ba7386b635db5ea7861286b7af920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bad71b8a56fd7ddee2374de41d997923

SHA1
f70deb294b57396aa2a66510314b7cff8de7e30c

SHA256
ab558753da3c929e94c28ab539e191e3f4a8b3fadeccf8bb966e8340a17ab4f3

SHA512
90f3fe8e48871ca54f3c7162f8c79a4a1120e8db1034039ed741994414993e0c36bd9b7210093ccc15b43d9e1972ee1242316e132f51b87754397b8b5366e67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
266b4aba5f77f056c1cf977c290225a0

SHA1
9315463e851a78ff63b6767c331cb7e0f8591e58

SHA256
1b2433777f7866f40db8236a5cad52ed431d2dc85d744f877039dd3dc9914d23

SHA512
888989fbbeb26002370735e85ff7c00123acae9ee045268528e1b19ae052c5e3d6875b511981e9925dc241103bfa692e2005149adfd0bdb19a29dc4d101bacb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7ebe5ee90c6803dc6ded35df5422bdb

SHA1
75d8041981332811181444a8e4171af0cd83ad07

SHA256
d5bdd20c208ea057a69479336f0360d1f2f12b039db4e82fbd3a334f11dd7f85

SHA512
b49215646d2ac5a9aa6b4699c434142a39325fac62aba8a73cb90ae13eb3f7cfe37fb50553cd8ee86f401dd466fa1e8329ca222bc4f871376c62be06fbb93df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e0c563d9c1cf601c0351ba1afd841db

SHA1
aa126a154be012ceaa2991f70a1d0593a5cf3cb0

SHA256
97879e983d4d98a8d9c7edfe9a61cc0a4d13cab27a2da0d3051d176837043f3c

SHA512
e92a29d81f0ae116b530b01ca2e0d6df76d9ac200d106833ca899fda49643877a065d085ab61b6db9bae7aa1bc8976089a4f15f43153b69d3c5a7c41b483b965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6114b79cadcb2ec8eedb2b82db91190f

SHA1
ad59b9ee357002b9871f77b34dac4733399ae406

SHA256
0b7bb9c473d5415dc6f66b08b628bfa11971b2f1715ae1d8439052db78d6ee52

SHA512
d338e7988ab97058884f07f73f035171ed1a9985fb5103340f50228b1127c9669afce50e947be4ceece1f30cc9c7f1fb1f6841099d3a405f1be015f86b84745a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
03ae41bebc739d79e7c0f30ead88fa30

SHA1
ac431e6ef70e9d7636d0f0b0152d4a7edc6021a4

SHA256
bce941de1fc0c62df282f6d98a066d9d65b544eae035d04a1c3a4091821d2862

SHA512
7b4d5b247af8fe1b5d9e66dac00ca93f2272cb7134d075cdff7cdf8b34c1396003d5d7681e5afbcc7a3dd1423a7fa46dc423697360fb19609f0dfcbed949e6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7f490e7a7d02c422dc056f183bd3c12

SHA1
6f524d51291f800ad8a409c807ffee21d6fe1e14

SHA256
6abe5edbc0f75515c0d54b9da875fe84f625158ca632afa7d76cc2aebec1da6d

SHA512
27d7f31133d902e0a9f7787178cc53610a5b328dab7825930775161a3762d2a4a57f354dad5694e6cf31c59d8d94ca69372f426f208545176d51ca065b498625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
550e8ab3db10c989099cb67fa093ff6f

SHA1
22aa11bc4ed461889b5fb15bcfc714634a87d766

SHA256
169837b2d0e92bdbab7c2a1e232c9aa78111a27e4f66e330b9c3daf51ca84b9e

SHA512
c9aa00f2cbd6c3edc9ef99d4c6c88cab35bb3dc3faa40b21c47feb613a3f9716c103d2e791799d83be8de0335f0aea5e25012f96f0ea05e0080c400551cd815e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c19b82bca1f76f58ee22bfca77da292d

SHA1
7d2c41b59ea898f86957ec7836610bba55c71ded

SHA256
8425a57e01f91fd93b49e9a047044cf7bad2114d85259f096bbc19812e3a3de9

SHA512
228ffd94f75405a5affbe46efdb7d1fd3681b47a7c2af403ccdc3e9d70c15504a9d554128878035395405840f5eea78660904acce6eaf6511c4feadc63820a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67c42be540b26e5fc2e33db48c4e1870

SHA1
eee218b8122970504f3202826c54475025e80171

SHA256
00fe2b5765d9c897137d8df57c0fb2de24e35ea7ad38d51dd34c52865b09014e

SHA512
b540e390a1df62834ff57ea2cb9942d4bb8de6bb89019ba316b329bdaa4ea82fe7fb6ecdf4f900ff83150f603dab0f22d32eb1c99fbbdb95a7ec79f107d92984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61d8da61fab506207bd83bb9edb95fc9

SHA1
c59431bde9b6ebc2212ce51c7892c4ff2661c2d5

SHA256
99d69a38a012b64ef69b8c7a7d0bac362560312da5c284ee4f300591318c8e97

SHA512
eff9402dc0df53b3736045b0deb3c38e4b94fe69b316f25106b03e0966bf4695884cfd28750e28d0b5c10d5dda6e9cc127a096aeeafdc44e53946aca2f28c5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b65650ce775786715b030980e5f052f

SHA1
88fd621232e9c2cfefd8d2debd616c0d98c0b7cf

SHA256
44aef487c5e6c29ead61d21d46e559b8915cb6d6fc5d24468d8eda99b95f18a5

SHA512
273bd25458e952c98005bd02eefdb2715cc826ff2b5d0f545e9535fa05bd38344671a86fe5f3746e77dff4d313d4d65373c8a3c234a07b1a015328f99a6ec832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0083c2bc6d4d6924d7dd96c6705e638c

SHA1
e3793746c625005e2ef63d6e83d6a34ab11eb77d

SHA256
0d2848efb3e9de96976b4169856560866d86f8178c7c60de0ff69e03ed5ca548

SHA512
5e14f1c9d639858316a612b5aacb13be88ac71e8abe42236e3f21c3a34f554cd3a26e9114d62cba0d2980a49ed5537e15245ec06bf9d9f0ba6148b90ccaf1cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a8dbf35ae7c5f56d5153fa75af3b098c

SHA1
7374cfdb27fc2b5e643940f1251cb6f802289c06

SHA256
4ac38cc1598679893a648cccf264538d6af87e9abe1a2137483700d189b99d6b

SHA512
8d52c2a1465e7331c59cbc26fc3edaca122853716e8d5b0c3e2e51fb62d6d4808084aac12a95330b02a7756cb4154293599021f624b2f4eca800fa73eb279015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cdd507f4b3ed59e8c8db75d41ffe9a17

SHA1
b301284bdf3469295b48e50111899d1da11c40c5

SHA256
898a47a7832f1e7fa852a2a3d4926407faf80c3d75eb61944c34652b19fadfdf

SHA512
444fef8ef22fda9b5b30278d1a68fb4590a71a2f9b428c3c229cd5174b436c71c29606038059e70f2ea2e9ea77de29519f908f01b80fdea080c972930fc187de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c10be2c56078a179838ee01974688e7

SHA1
9ba052c86d9a07aea66afa114e69f41a46294ad7

SHA256
b6dec728423f9a8f0b028f835fd59a8a0904942ecb3512c9e460416cc3872860

SHA512
b72c8fe98e6e832dd32d2f05a31e20f9522c77f221a82da86005e74aa10999e97c1d1ee116f09bd4a3fde31d0bcb76000ef688b9c88c7fdcf5b9f7fcf4c0b3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c06d0fb56cb484c8c994cb0668d45355

SHA1
d4f328c41070d6ee168d6c5cdc4459d4c072114c

SHA256
2c99dd79de73a7f3548fc9e287cb0b28c20bb1f7f0dd7db12b35e276b9259add

SHA512
3b570b084f9f2663612b5f5a3f5cc598b3fe5682741aa773670ba79b65f36f0383ee716318a92423b7c689d35e7fe6b54b388da2648586ad65e20d6ca618319e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20a8898439cac93bbbf801d20a6c6fac

SHA1
2434cdb2b940999fc8b2f0b0c04105859ca471a2

SHA256
ddae4f04ee1f527aee89fd5e881e8d29bb6e7337234f26eadae5b0b48629cec4

SHA512
ccfc6856b418f99bbfbb3e29971117de0987c2e258703571584f0679fddd71da8ffcbdfac0d253848b20a7138b8982d354d0047c3f23b4f389198ae76917f565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92377c50afcd68cbd3c68fbc977f5c1d

SHA1
c95a307c7f50981e7d13fd3eb9caa962634d80b7

SHA256
75646ba929a60ab437f2c52556e79860c267171aac6b0786fc8744b5e99eaefa

SHA512
77bd5a78d5c77d50d266a06105743f963f8ea18e7eca399811a001009530752572b1e3a8a48bfcfdae2c771cf08382c9acf8168973b3b72bc5908138d142eedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ea6d8d817174d29d1ae938a7b08afc2

SHA1
8b4448aebf784ac7652f8a00ee245988f1d04939

SHA256
164e16ec0928027bb03a8fb0f6dbfad0550e474e97d8a656cf9f691631517264

SHA512
2894ede20ba4709230b9e8b28392de13a139794bd16379913e2093f446c633a604cc1eca85bd114035ad70a122421886e4f89e1d64609b26127d4b98b5fb243d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6364d83b1ff91b9aa3d74ce50c265a58

SHA1
0d2c5b463f72028e7b28db86cd968a43b33367c5

SHA256
605d8ddbea9ac7e52098a51f288eef883aead28e7cbd14a33966030edfd06a73

SHA512
e1e26037045ed1b5ad4ab3cde7c582dfb8da8a6b8add771dc5aaaf6850f00625ff7abf1bd2daf917b787c37af61e424df841872a97ed7df1d596b52ba2861cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58122b.TMP

Filesize
1KB

MD5
7d0feaecd1fa5f18b319ecccc20b5738

SHA1
5ac2b6e811a5b7d0b9ec279f3774232c5b53e0d3

SHA256
b632d5db0ff4ccffdff8cd0dd2df9524bb41d6a6839b20f57939b7fbaa4f2665

SHA512
45667f4fcd2a64eb6aa967fe21eb43c32a3888d9e18a1c31f74f22b83d78e010c294c99e7554f42f894cc75a0425fdb540a07d4b5777dc8ca1df58e10c21d1e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ba79a0c424b86a90c195811258765de

SHA1
a1e00bf9fd5ff98bf260686e3000a435f02dfa03

SHA256
49db3279ed39f12dd4a538552ec52f6c51ab90ec6dfac79adb56da791cc137e0

SHA512
b95ab2491648e85294828bd0be959219b7c45bc582d191264419844961c57500a98f0db90e004044e938e1896995c62270827348d4117428a43f9a313035650f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8b70135f4ecf19e33fed020e879a89e3

SHA1
66f92991f05fd50d98fe15617a7283e64cd82aae

SHA256
500c6fb8aaa748308aa450b48eaa5a831c0c7df5c7bd314283e03b13fba86efd

SHA512
5411b399f05d2ccd4c5107dd9cb356fc3f2b950a3fb59d4c627188ab5d21d24dd590d06b81c26501b2bf17807cf388914561eb4b9293e20b59dd08f835fac767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0ae13c98a52708369e744c103ccadbe

SHA1
5447b8bf3d38f65cae3379be6fee1d7f732d4d8f

SHA256
11f5e920807f5184a1d0f6692174549414442c64f43672f71cac5d1336bbcdb9

SHA512
197e452d11d9c8d1d6f70ee876f5741b8925d8d96154d2ec385984440bb551bca6caeee468ce0307908e04e1499c48b6eccf0830ed23165f5908873ae237def5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit