hxxp://discord[.]com/app

Analysis

max time kernel
1778s
max time network
1800s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/10/2024, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com/app

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	discord.com
9	discord.com
51	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1287768749-810021449-2672985988-1000\{E54A00DB-AB1C-48AC-8755-834EE30D8072}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
3968	msedge.exe
3968	msedge.exe
3892	msedge.exe
3892	msedge.exe
1828	identity_helper.exe
1828	identity_helper.exe
3888	msedge.exe
3888	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	844	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	844	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 2920	3968	msedge.exe	78
PID 3968 wrote to memory of 2920	3968	msedge.exe	78
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1432	3968	msedge.exe	79
PID 3968 wrote to memory of 1692	3968	msedge.exe	80
PID 3968 wrote to memory of 1692	3968	msedge.exe	80
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81
PID 3968 wrote to memory of 3376	3968	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com/app
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe178c3cb8,0x7ffe178c3cc8,0x7ffe178c3cd8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,3377170759888178199,1691614314192557385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
32ce5af280f3963a8dc1d8728ae82e64

SHA1
c4fe0db7eb2a6a7a8f832a1bcdb1b9c817c3daac

SHA256
0f4f51b0e64854a5e70d037a9a7d1f247d0585151e2f0010b1d44384d277a705

SHA512
31b0f3a08d7e1e0ae358e15fdf6a9ffcd9367197dc10a0c0dd49c180cebfb9f4748c351dc20f13cdc69738b55416b46b5957fef395cea01c0355b03bfead108a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
179B

MD5
c88a3bc77002a075b95198522f195432

SHA1
dd6ff073c9b7fa86d1a461013165a7251443e777

SHA256
8f8c6061b94669fcf151b9f8f1c979a33ad38d597be893f375bff44ad1b3556d

SHA512
e3facaf13afeab1a90a5c15f31288611e7af177fed3e4474aefee3560c5e1129579ea74857f5a3845b8f04c117e6c5af45c87df5d0b003e1259d918b7b0dff1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
408ebe2d97d22132616564a947e0622e

SHA1
b568a6a714e3684b95774d3de73889daa4f6a38f

SHA256
1d53087ab6713df102f43215c931095514f9f021099ed06172775352e5f8e689

SHA512
3eaa5dab1cd3e0bd72bde19e4a4ec0724a2df347b912f3b5e8152b5dce5b14fe55ac7392b891f1e17f8101a3dd8e8d040fe2f2220b2bffaa20e113c2820e13eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df24a4f52bacb7b7bd635f4c20e63d21

SHA1
111774d80f5442839991411234d97aa09fb197e9

SHA256
79999076676ff2cfe62cd93a70120b2120ca5c9f62f313de3d491c6502202337

SHA512
da13b43f53cd9a7aa62cee669daf8cc88f1e4ae5bd2601e0c8ac2679fb1f6364ca471d03fe946c19a1507736b8bf6f2f81ddd68fe6d5dd4584c4ccf80582ccfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
7e520c9f6b9d0c1696af6a8603143994

SHA1
a33292fec88c4bef110a57322cd0a93855944b36

SHA256
1a8321b6dff249d461c0f7648ae91968406bcf393d397fb43773d7cc5735f57b

SHA512
17f4a8404ca6960da64bc2c0221b7afd10b7c79a5e18c8ddb079d83c95ff73893078c73dda37745399526c87f4aaebc8e153f009cb7e6c51cbe52c27016f786c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
2ff1201e8c4f707d3d8e6a12d6958f02

SHA1
c31c64cb6823bbab0e06699997e16d0ec484fe86

SHA256
eafa1493dec5b7d080472b29343a620103ecaa7177ad38dff4176ad00f780e2c

SHA512
2c1c6f8f9484c534d1b6b12a39b42616aecf7eb44dd2333f61e69e17c2b89c62ec839c32f4495e6f05539eb075284d24d4f93b319ddb97160b31fdec9106211c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4b52c968fce11b37002aa3858a2e27b6

SHA1
77446de0def790bad41313a2c04f3f53bd61f3c2

SHA256
ca03c051ff86a193ce7d787e8789224d0197107a3f9a0e4866bdb82469393170

SHA512
cb05be2535cafd402a60378cd4a2152f2e2157fb37b1b971772ecf6f20042d34fb1aeff7cdbc5a67d278970d057f83e1aa645bbc90a3ca29200fa827b1f629cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4c4cedd87ab495bace8d7dc9d2f2782d

SHA1
9c7516d03c520f7610f5638d99ae034cede7962d

SHA256
cd3a9c09dfa7f7660f3fb51f0e408ebdf3461c0d7d804515c996726b3f0248a7

SHA512
b73a49d80ad962ba8f4e25d0563319a143df9c5af9123a499c0af3507ee9f03b457926f98fedcddaa58595881a7b8cd336e5ab7d4321a0b274d2a7c6428bbb8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
acbed3d011bfa26bf4a8637af80a3b87

SHA1
109a999dd3d83242b6e52b9469f08c52be48330c

SHA256
397e0e0afa0a43db14719717c19fb65adf4a6b11080123fa9937212bb1393005

SHA512
98054a98d04459bf6f9adbf6658cdadb3e3c2c5ed15a10ba6a03e4d3f53cb826da205596466cc9e78515f31a219acb3e6323473bf90cdc2a1e159fe705a6fb65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
f80d856c1422903282b92dd08340d26e

SHA1
e241059e447e0ab1284784d197628cb3011452ed

SHA256
7a0e35b41f1d47928a3fd7d9cc0920e5aaceb2bb92a5028c3c118ad700210ef7

SHA512
8075a72085fae6f8ac290523fcbaf339de7a596a32906dd4fa2c1580796c60264c64967e13fe8d320030f67ed5cedb9d0a357d4ac9ebf2bd0577aeb8b40c848b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a5eeada287a368bf14730d422d6608bc

SHA1
f35c7ab06449449df32a7a6917261bf823e7291c

SHA256
8a15dca3477875373c5ff7e77b8fd0dcc2ffe1cf8baea6bb5b77a59e82b0374f

SHA512
208a072c2b5ea5e258e77596df50ac7ce03f16ef9e1676fca1e93291a7ba1a35d7f0bae3250bbde0dd0f34779768a0156575cc2ba3464783b398fbb1d8a4a585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ca62b.TMP

Filesize
370B

MD5
669cf3aebb060da16a2e3f04b0ebbf37

SHA1
4ca545f292df72fb28e90bb3e378e780c118de7c

SHA256
cc08e912aef6a4512ab39d140bf38298e6921a364ae7849a6027dbe1e34fa547

SHA512
a58adec25d33a7fed8dad0ab02f5603f2e8b399d7d7015de67f66e5160d6cb0e6b6cf7d1a71d53501f4e4fe0f7b9f95f1ee1e3001a4c640784e368b581fb619b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
416c282c1abec70c9262bd8e9ecc09bf

SHA1
c7eb6fd4be78bb36b6f781be4b2499597c066eb1

SHA256
49376174cf51f30982ca5fab78fd65efad6d13686894b33cab1513a5a58a63bc

SHA512
10ae2e27b32477c1cf0e1a15d11b1b491007a16e4a3dbd20bb681d8f5e61b782bf428add31a3182337009f4fecdc35bd410e0032023ca423cf281b589c7c9031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
41ea92df0f1617a2641cb3871c0d5fd9

SHA1
a4b7ef606a85cf363892fe6cb11e9bfec33e2e12

SHA256
1e0d951512a71f48675b197372455d4814adcd9f1d05711db405e98aee5cfc0c

SHA512
519310751022c914b1d9a2e2e917370d2596451e2b6385855caf796bea1d184ee1b26ecd7287c3ce9dae95ba662e69a54985720d4051c00642988b735d9cce2a

Download Submit