hxxps://discord[.]com/invite/ixi

Resubmissions

22-01-2025 19:14

250122-xxppta1rgl 10

22-01-2025 19:07

250122-xs1xaa1jav 6

22-01-2025 19:04

250122-xrc4tszrd1 6

22-01-2025 19:01

250122-xpl9qazqfv 6

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/invite/ixi

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	discord.com
7	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{698E5229-24FB-4383-9A3B-80968228E39A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
1904	msedge.exe
1904	msedge.exe
1712	msedge.exe
1712	msedge.exe
4880	identity_helper.exe
4880	identity_helper.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3896	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 2464	1904	msedge.exe	85
PID 1904 wrote to memory of 2464	1904	msedge.exe	85
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1892	1904	msedge.exe	86
PID 1904 wrote to memory of 1388	1904	msedge.exe	87
PID 1904 wrote to memory of 1388	1904	msedge.exe	87
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88
PID 1904 wrote to memory of 232	1904	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://discord.com/invite/ixi
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6b1c46f8,0x7ffb6b1c4708,0x7ffb6b1c4718
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4148 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,10221255735500999561,8169666950838780103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4860

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6e69af06b45c268e0cc428778619e5ca

SHA1
0fb59968521fea97d7e1698c383fe772fb571789

SHA256
ddd1680cd8df6abcd4c49107724ce8706a53c4dd30570078ae535b604e4b831d

SHA512
1e2c90a0606324df93592e993fbfc45c8140691cafc3061ddb96c49ec60cf94cebdc46f3db5a7199a4e2b3933602da56958f284f74eb0e45cc9e537e47ca6509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c23ce0bc0d786e9c4af1170305abe990

SHA1
6246d6aec10a94af9967a4451a1bb1f8b5012bc8

SHA256
7615d7a94bd4da829206c37fd37b7b4df93ae489eb2d1133ae6a35f308d32ed4

SHA512
ddb896462fa33965b48921cd32d02ced41546840e54a5f6d3ea598f331f4b5973f4aa745a42b66255865d6f7df837d4efe9c8237d44c58aeabc8420a6a54359e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ebf7abd0d4049e2cbe133d3ef7a2c485

SHA1
41832d4814b14679f355616c9a8b823fa87cbd6b

SHA256
65ee12f265c2cf5de451a4d165f8b8febb4d23976d61264b68a35a585acf6fd7

SHA512
1d0356ea4c87d781ae45b0dff5cda267c0fbdb386054fcaf2c49614406322c70af3710181cedcc7ba590ced84dc0107ff4483fe5cd8f219009a3f8572eab8542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
617B

MD5
91c798fe2b57fe143a3478372d21e51a

SHA1
ea6587fb79522907e0108be19729e2090fed7bdd

SHA256
e93ea3b83ae293ba366ce183298c58508309dd7b15a32fdadf04659e291e05d0

SHA512
8871bde56c427b438fa02ee2bf53ae3c4234a5b59e30c7d193b9ef07c38da620381fdf616c99909ef85c43610513466ec9ed3dcbdf28a6588015a56c6bf2c91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec8002c5013830cd904f9fa4fb712181

SHA1
6de0afac4d7f4708aaee91ad99f3f83bf91b09f5

SHA256
e1f5a383f775554b775026191180ee463317f5c80a260d87f478ae1cb2ed034d

SHA512
03a33e2c36bab79836b8f665721cde7c5f23f032a93466dce5685a695e618c84a162da0da4098080de20f38efb6ac6292c73491284c06303fff7f84f9f4b4c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9742d09fb59872345817a1bf7661f7b5

SHA1
b3ceccf32b0ff8af64eecbced20e85818f39ac1c

SHA256
61a60e7aa857c24140ca8e17dc86adfd1f97185f3e2d2ddb72b3754ec262c73b

SHA512
372ac651d4a36c89bf1edf3ecff462b116a3c24c5f55118e0eb540d61b721d6b079f666ede5b494d026eaa71940fad71633c04f61aae18872b3e1a246d84f6f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95b43db778828d0a4707f2be75d7bff8

SHA1
756f88e6e1bb5b0836f622aa69e51b200f474489

SHA256
728808b7e591d0805b4ac87306087bb3f6fe75e95632dee39f4c980d9758bd38

SHA512
6ee553769c62833ea2f407627a92300b44da90d4956288ef08d0dd5f8402e756349a0907eceaf22bdd6492214ec9815f74569092191e7de83917e22fd51e5866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c6a35e20333c070c05716e80595c710

SHA1
163522427a343509cc4f436c360ae00e4662d960

SHA256
57793254ea7cf354778d7427dbd296c75b62505b694c03b79b2c51cda3affacb

SHA512
4c53ff41fb3cd995f76339564eec6627a3d736c92dcb12af30dbacaf6aca103e46eb5d8d1045c3372dc767c9f16f96e58516f0c5898cf24b1efbbf81b4bf1e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
f6654d6354a80fd65d8e556e6cb447af

SHA1
9ee5d66e6ab58dd549568b8d973daac402642ecd

SHA256
7cc23ebfa2d71066566e46f259699e785e459ab22d4674227900055e3759f3ed

SHA512
2798f29cf387dbf399f2c26c3206956a5eb564c0b773279f385bf925497bdbc148c906ae610d19ccaa269730fd50d693b5a5d920360a43d18389aea3d13f8899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
865B

MD5
1fecb693906def7ee089642fe0a7e5a4

SHA1
107642cc45ae5c1171d7ff08ea4dc01fb9300eb2

SHA256
4f62165d8ed70474f45092362b190f2f03a451a89d72cdd9ac7b5016003f401d

SHA512
d1f1fd5abd47be8b04650ecf9da2399fa8d72056fbbedd5fa7d3e60cd651ec5babad59d08a09313381a3626196571a753a16def9898e77e4908d228f8a748eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
867B

MD5
21c76d42bac94a4f530d4c595504aa16

SHA1
5068f461b0ba13107919add5cf2a989cbaa48972

SHA256
e84c36d5834b89407245384fd32a8c3841b94a88fb5cd0e0a06af2133af8a860

SHA512
4b49aa317ae25d6527317619bdccaa7797f7494bebcee01185a9d1fefa9850ecaececb1d88fd51e9f2629c7f1c2e10f67bd8cf1e7dd00f8f824e78ee09049286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
50e51cfb1de6b129ed004f9d8f3b37b0

SHA1
1672bfcc31b9535cdad127060ef9a6a4bfa35c78

SHA256
79314f5917068bb660086a4d4020a4101a31c49b626963d02d50dec77bc52f2d

SHA512
0b8721a9a7a63a33780c1e688c32120d1f44ab90311539667b30d6f26d73e0fef049557b3d9aa797f1b3efb8e15b3e6c3341510eb3fb55f21e854aa42c4c499a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
12fdcb3eb04493a79a89a8dc123daa48

SHA1
ef7304b964c08aa95f0dab581fcd6d331eb28340

SHA256
f706773ac08c5d85ec9c63519736baaf4c61385c0acf4579fd874c43cb5e5c4a

SHA512
a38d73d772d97ba38eb860d127919b9e32aa3dc0171fd449b4fa6d73c2372344e05cdd714a7f205a634928eb5f3247d7ae58e7af76c89f0eff6d68887ef2fed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
5c7da20610aa79f346e161cc488a4679

SHA1
1031da37d3118132eb7807265443ab82fced182d

SHA256
7df06e4d13976083a6b8374cabde0cc2c8e5ad7ebfd1e72104715dfd7ced9403

SHA512
72048b03493541cdc914a1000eced8567c7ae19fcb6a9992fe27965722ec585a00f9c216ca3a6da44400d4a5bd5d545914521cfc1d777995fd2a242895e39f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58170d.TMP

Filesize
203B

MD5
fc5c3eaac77b88c1150d4dc089b5f671

SHA1
fca35ae42774f500eef869844c101741de9be23b

SHA256
10e5bb8106caa48347c86ba511557ed1948d011af4cb070af6556d259fb34824

SHA512
9afce43543f3dc31b70d3c1db20ba52b0c7bad489dc4f8d88c23435aeed1bbac0033f5058d2ff0fab15acb2750124260945b0b7f74d03634c917cca4dda52d49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
83c4d5306b1c5087b0841994be2c291c

SHA1
e8456da42e0a314c7f7a23cd0edd38dc81d24a26

SHA256
409ecad82cde4340bc853705f2f7e862431d1ea8362d4e0be80ddc0ec5a8d8b7

SHA512
5327498f27f0ab9ceafcc85c982666ee33f980aa694d7439830ecc4b75002c96216e82535213bf4414ee18df6e69e58ed705535b7edad21a2767f198a5d9b696

Download Submit