hxxps://discord[.]gg/6P52v9uQhA

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.gg/6P52v9uQhA

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
10	discord.com
12	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{29EA7E47-215C-48DE-9452-AA74400AC557}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
3440	msedge.exe
3440	msedge.exe
1220	msedge.exe
1220	msedge.exe
3660	identity_helper.exe
3660	identity_helper.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2408	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2408	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 3812	3440	msedge.exe	84
PID 3440 wrote to memory of 3812	3440	msedge.exe	84
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 3128	3440	msedge.exe	85
PID 3440 wrote to memory of 4972	3440	msedge.exe	86
PID 3440 wrote to memory of 4972	3440	msedge.exe	86
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87
PID 3440 wrote to memory of 3244	3440	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/6P52v9uQhA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9105146f8,0x7ff910514708,0x7ff910514718
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4084 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3996 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,5820758561018205867,893049419201232880,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3672 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x394
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1fe66a20-f71a-4aad-ae5d-331c6b6c317f.tmp

Filesize
6KB

MD5
9d3a9ccb135a6aa8300cf2bfe51cf6c4

SHA1
765e4b1c7519f538ae9be130636483175605da6d

SHA256
374becfd8e04eca1395f7216c7dbaa2c56f1d887f6a60198b0e8e546eb0219d4

SHA512
7275fce737a3a182c25b7f7152b7152869f76520140d8d2335b670e91262189965a1df73c35900e2614f1fee9c5e4d96dc43ded7689a423dfe23d39082a537ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e4638f1ff726cc19e530629f5389a409

SHA1
657381bf199c6395dcd6afb5bb38a323a8bc92a9

SHA256
c46cfd67c49966cb317a66b8a457cddd97a29002e975368ccaa5a6e4ecc9ed2d

SHA512
61bc1a48686c0b1badde627ddb4781b43136583bfb1e7db5a37c314b6d5c29fd863200118cf47187100d1915b5273978cd39b4216b0ca62c3b50efb5c0db4e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
835B

MD5
2a625fdb86ecaf55a4db5a26eb21e6bf

SHA1
a456f9f18ad082facc241e8468c0b2c1a42f9795

SHA256
4c5d8d3c9edf7e49aadb8c5905c03a252a8fd36ad7ba3fb0fffccdb3f638b5e8

SHA512
55fed2f5ce6c9df05dd0f1091ed13a02bfcfdc7c7ee7bd636a05ef1439a2c263636116da3ff2211e25e239f4301ab554de16fbb0b69b5b93c22f68cf3a10329c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22f9616935e4e93582192efef2d5f910

SHA1
e7868f4dda86ecad249ede7df40495bd283eddb9

SHA256
84f6535ebe48dcc12bc77802c7b6c03f35e4ffebf28d4769bd8fb1281c824d83

SHA512
69673afb3f19a6b9ab0e78288e8ffb9daa65d0326da576df40b003b928d6d88790eb6779f90d4ad29e1ce00d334326b173f705523b61669e7a0ae266ad01d920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d5ac0110abcdc67fc005271cbb72d8f

SHA1
05cdae3b983477a4fa5ff28827c67bc7865226e8

SHA256
a0eb9034ee0df70e0c629fa9169ae3db477f0808908432d82f5ec41b7217df7e

SHA512
fbb6ad7121f78fced235541802da498cc32fcabdad8c8608e23c924b5eea5886c404383958d183aeb53acb805e617482a28c6ba4bdb5ed3883190965189981fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
931f9234746154f0fc8ac63c58f688be

SHA1
29c5a9319e5d6c2118f08f197fe2339d7e1d1dfb

SHA256
e2024989e7143e533b6fee5117601d902a3cc6b154a333706743f20c96f3dc7b

SHA512
14aea732eea708d548460989f44a7a26c325b36868193f842b18992f747281d7069aeb29962595cdb23ed15d5bbabd32eb400864a67a69aa9d51e8bec720bc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b6ee4199a6062e0acf8bca5a5ff0609

SHA1
2d4be2e5ba6d60a5475a532d317cf0539beea415

SHA256
10e827573b53fc0610d4c9ea5f137e4336d9bd5b3895b1edfd3792d6709f1c93

SHA512
c79b31c585518b010552f30d896dead4074d27e7cf7707e9465f42bdc330f291835059f493f5c73941b752133579261c73467728035f12e67185ff1eeb549afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2508b8e59ad89b03be79491b09ad301e

SHA1
f7f6bfcdec01df79e5dd7e4a2043eb1efcb23800

SHA256
ed860d02cb69e00e7e2034e2279635ef1b86b4cb2ff02f0a8bb061e8fc54164a

SHA512
86994930bbf4a50c30a645b070a16a139d17ea25de01eb2f326f772f74e4f238de1cef65c8054a38676c919f1f0b8f4182a5ec5fbf26210ca7f5ef44d05fbd18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb4f5b63e7b29ab3dda8b16b7a51f4c7

SHA1
1cb9f8a7e3b665e28269b4ec245b20dfadd88d03

SHA256
123d641e310742b5116f569bb4acbe31d6de3dad942a26f8acde9addf88ca1b0

SHA512
bf19032905ae17fe35ca275eed5b219ee84fb9cd20304bbba490543365cc335be838a4837bf4bdbfe339b72f036427b2c90beed636829467c453007a80dccf50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dfc1.TMP

Filesize
370B

MD5
3fe62eb111e13769066f625d3f100776

SHA1
ef0fcd57048a45619f9f53844da7b5ad4f21603e

SHA256
a4b01410bca34815ac2c9703839dbd9d6d7e5f59d90ddf5045f4d508b854ed3b

SHA512
5b8663eb41c86682f63d88a88c69284ff9e3961bc107fb4dabc53a64d066fbf9711df847abb79732b25bfbcd154732857e2d68ce2b6702576329460dca510a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cfb630489e20c23aa571fdb9e1c4272f

SHA1
25a3c11ed9a84f33491f5bb11fc7cc66c73682a6

SHA256
9064a918327959bb4eb36c32500d906bb7c4f288727272d5fadb2235a2827ae5

SHA512
98fdf8114ae32f84b778ac20031a8f78f701dc46c430452402f73c26c7e8b6830759c25487676bd44887edf84ebcecc00e43a29ff617bf824f89365825dbefc9

Download Submit