discordrat | hxxps://gofile[.]io/d/DIybB9

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
22/02/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/DIybB9

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMDIzMjYwNzc3NDc0NDcwNw.GxAcGD.mnB92PW9-EMcDuoo3FjOhqODTk92OuERwKSEEc
server_id
1209136277253918762

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1872	flaminz-toolz.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
26	discord.com
55	discord.com
9	discord.com
18	discord.com
20	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530892072056400"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\flaminz-toolz.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe
1036	msedge.exe
1036	msedge.exe
2812	msedge.exe
2812	msedge.exe
5560	identity_helper.exe
5560	identity_helper.exe
5764	msedge.exe
5764	msedge.exe
1500	chrome.exe
1500	chrome.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeDebugPrivilege	1872	flaminz-toolz.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3984	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 2824	3988	chrome.exe	78
PID 3988 wrote to memory of 2824	3988	chrome.exe	78
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 2968	3988	chrome.exe	80
PID 3988 wrote to memory of 3412	3988	chrome.exe	82
PID 3988 wrote to memory of 3412	3988	chrome.exe	82
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81
PID 3988 wrote to memory of 4760	3988	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/DIybB9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff0e7e9758,0x7fff0e7e9768,0x7fff0e7e9778
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:2
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3184 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3184 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5556 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5388 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5716 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:8
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4884 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Users\Admin\Downloads\flaminz-toolz.exe
  "C:\Users\Admin\Downloads\flaminz-toolz.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffef6923cb8,0x7ffef6923cc8,0x7ffef6923cd8
      4⤵
      PID:3164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
      4⤵
      PID:2820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
      4⤵
      PID:2116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
      4⤵
      PID:2260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
      4⤵
      PID:1772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
      4⤵
      PID:2072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
      4⤵
      PID:1104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
      4⤵
      PID:3108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
      4⤵
      PID:6080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
      4⤵
      PID:6088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
      4⤵
      PID:5440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
      4⤵
      PID:5448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,554736455147944946,2355406203703544421,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3800 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com/
    3⤵
    PID:404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xd8,0x12c,0x7ffef6923cb8,0x7ffef6923cc8,0x7ffef6923cd8
      4⤵
      PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5488 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5456 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5696 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3212 --field-trial-handle=1264,i,719840633526539812,4293990789062825496,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1104

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
78KB

MD5
19fd570fbcbe2ec23fc46733efc7f823

SHA1
e3d392f2233ee6aacbbe78c0e6d13e14780ebb3e

SHA256
12da161cf24cf674a7d157e615128e7f3ee90f33f8c00cf9a668cb9a90ded738

SHA512
3b232e63cee0e0fc42f8885292f83a0011b417befa9fcb1c7cca5e8d54dd457cf93c87c22bab994f3b7c436e992743ef2ace2bff425725d4611ec561cc5f94a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
724291646dd93f288f3e91deae04076a

SHA1
c3f4e26ce12a7e085d856fb8d5bbf234cd38e9a9

SHA256
44717735cc61c8d54e2a373f53572e19ee372b9b2be98b4c80017ac2473192ed

SHA512
89ea417a23f99a8726a7b35d5869e4974f10c9dfd215f73d0f2093dae6f09fd4534e98dcbe05b702fa2875b07b20e9ed6d48bd1808d598eda3db19f948de4312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a6f6a3cea999e0a9df7f00eefed465d9

SHA1
75fb99348f7b4c110bbc2cc99eea599a2a4173ca

SHA256
93807adcefb0cd0d9c835ccb81b1387b481fe9e837ae595740ab5927734c4e0a

SHA512
638a6181d136978536b4694dde96895d1ec9405da9be5ee7f01e53604714d2e3f7dfddf032fe6f7e65594724aa568abc79d75d11f5f17311e688cbcc7ecbcf72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
234cd2a16ca1555a1ce67149a306e65c

SHA1
4fe040e13115bbfbbfebb49b45e8c7701f4b6026

SHA256
21f5d29446541dc1f0213204f154426fee621ba5746f8cecb81d65ac1890899b

SHA512
9283b81a48127dde3fdfa46e7f8c2399165e07a16ab16c59c20ed3737d89f7b17ef4f11e34f350d6fa35dd4deabb22dab00041c842ab90e5122c3c74c364e34b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
f74668f723ce084180634e041fc93786

SHA1
1848053868f48960cc5f30b068208d677f73b87e

SHA256
14c2a50f6bc1d5aeb24501dfd2f002a53587f04efb4514702c8546c55394e6f9

SHA512
8522e517fd711790fd8356fe991343dc0d27c5d8cc54a16396ec7a5686402c4e10c3108387d0feb23762ef07224e5832bb2772be4be74978c33aaf48eb476deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2cf6182ea828275e18477de4011ba93d

SHA1
85af21aeccaaea16996f4140ae7f1894561ae721

SHA256
4b850e4428b55a2bb6349105860e2dd7ae3a1f40c2ab67228eafc814a7e72519

SHA512
15e24bd05dcca00e9c81a3756742955f1ca835954fb4732c6cf821754f91984a4ad6fba7f4efefdd211ac18f1a1cac140feade953582709dce7af9b22d48e396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cb2c5c7ba7ef5bb485436f54f3d2ba1d

SHA1
1fec2e235d7d23354bd32d57fd2fb8e8490c512b

SHA256
a6c9e6b58e61f6e7fea41d8c8d7b50a70ac4f22596e224336795eb45467640e3

SHA512
da1809364102a2a0b1e2bdb13cb94af3831bbeae14ec17d164dcc037bfa22f21a9ee74e0d4e3ad94bd600efe7e4da79d16ed773d67baa7d93fe0a5fb3cce29b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
57a665d5ad4aa8784210f196420d1e3a

SHA1
5a626c9d508a9442c8b0cf9db730be1702eb941b

SHA256
ac5de46f773e77effdcde6b795ccedd04d1aeceb04029a4ff45b8835f7a9f5a9

SHA512
d7e7cd824221f63321737becc717312456821decc753fa67833a8564ec1cee403722fe6c417c463d19605b69bde0e77cbb949cc44c1705d04a082c37bccd50ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6b39d2bd7f11e32954a64dd367c44808

SHA1
f7195e06296327ceb46a4c6af4a83cf124f3abd5

SHA256
49435b808527a2be1272f0f9aa335235ea79c281fc6879c5140f926bbc2c8d21

SHA512
c62f7623761cc809e7f3c77ed9c8ab8aff6a05840a668796db850358e62a237261e2a815b0e018aa9a45fd97e687cce57d33ea9479fab5937fcd93a3021fc280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b8fef7fe1a0d8e8e6c649835cd4eeefa

SHA1
1c726ef889624815f89a2da5657693abc8c985b2

SHA256
dbb6a7c9a9edb7cecabac9e0c3211d9b731661ca14f8618c2277c10517ff2fcb

SHA512
2d4aa6e106bf34b482c4cd22c87e30c2fefc5cf8853a2c9ec9d5bf5bae8e966b4cfc38f2900162bfb6264b8f749fa288ca25d8b3ce856966ff3a38a67095e669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6e2a7c3d77a9ae6bf3d49e8663317a6f

SHA1
6cc28c54d8758adc4e6967bd1f5d9cca681c6035

SHA256
726b711447cc6d5e472d7ecb8cc2fdaeb9100b61f991c99cca2155ff45f596cd

SHA512
48c56c4f829b096872c34b532ecff8248071356a32fd44272c4cd3c23e13c574312ad4a4eaa53fc84df669ab605f9fc0150179c50d610b478a9a4de007e49843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d40085ee49077436bba041b3cf7ddd29

SHA1
43913f5b49b62421d51af487c4f53fd951ca865b

SHA256
4ed4d35865e4cd645d23441b455a9e4b1511609cc8375ee304bfe9b964e0dcb9

SHA512
951c89732df9b86044bcc76b3154dd84aa777e1c4d4164be52f4ade4ffbe3889a58715abf138c6c316924fc9a29a7be4af75e1d6bd7bce150cbfd6e0332dca6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c497539f8de6049eb6677efd46abd94d

SHA1
3a0f77bad9e50e100b6fa15c07df7a9095738c00

SHA256
d8508c737c551a8fd36b9690403025ed023f3eaaeb7a0c8f728099326baf6d11

SHA512
15eeedb34928a38f39a384c3ebafc9048a73fe1e49f02262e67d8983651ef1eceed65545f50613477328298f4e601e0b48ff0f656e4a4b6490ab7dd32dd2ea2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a339d6f5649450506faffb7bd7d5da43

SHA1
d171491750d6b18310a3e562ff51544e40b9c186

SHA256
29f374688fee145eb6129ea5be4ab56591e362cf92d785a16dccacf5ff942618

SHA512
d3a433fd60cebaa45ef6ea2e4e17884d6acd33c5ca379ba709cf92c599eb0b582ae47e77d656f63187c1d267179106a7f2bbe6b6550ca57fad57cded6e21084c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
78560214cbeafb6f9973b9c6713734fa

SHA1
76602c4ae2a6fd7b5a03a354e51fed5218bec5bc

SHA256
a788e566f6f2d1a0954945deb5356d384d376b298fcf0c3a4ca1eb88fb9564c8

SHA512
e1cf0a803d19b4c43fbe79831967f26c4d142bf3018f305101bc0322a6c6453369131cf5f95af7ab685aac02acf889ccabb7a09dbeda34f25195648f312e706f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582805.TMP

Filesize
48B

MD5
9e386826481d9ae7f3a1d99005404068

SHA1
b093b9f7b2400872eb63a34b72532c9fc3d73b40

SHA256
ae3cdd658eb4390fd940850591814f1210ca118c7d8f811e208e48d2709d8ce0

SHA512
204ccf20cf82d64b465894e8ce9da175ed5803552cb321bde3c4daaf48c74997c473a72f829df297fa063c75c6813c5dfb121cb25e025b34291867ced42de6a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
f920dbbf4ca11cf26ceef095e65a2180

SHA1
dd8f1bee47c71267cf723cbb02239b80a45363a9

SHA256
42b9d989c928a8ed040e0db4c5fbb31e6fdc0103318c7722f0d7b40a3e9efe9c

SHA512
198c5ca3ea3f5e80d74628467708edace92edb7b4c6d9352ddcc70a64a413bef76b70ef6fba99ec2535dc9ddfeab7d544d92f77bd77adb4d0cf30d67044f2495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b15.TMP

Filesize
869B

MD5
2a0530dc5a9c26f2ae48a14987258a62

SHA1
1d15b6ffaf16d9416379baf782ccb9f7fff4878b

SHA256
8c9b22d53c8f3f9452111bfc197c0b2f47d6585502b263b53f1c79a6238d6f18

SHA512
5de40aaff859c9e53d0b57d11db093f00a020567986cff84dd36c966d05267e3f8411097e297fdd17346c5e1f101e160067473fc08191e1ae02e5484fb5914be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33ec97bf97258315eeb5bf599dbd1e83

SHA1
dc5a5fca7bb4cdead8c341f5ab4af8135a461a3c

SHA256
202858a87759e9431cc1ab95c3f544df4af2c66aba4e79ab5f934130ef00eaf8

SHA512
c7eba7b948e01ff5a69f90082534ab3491b86215878123e1c0700495a5053f0bf2a0426a6ea93bc763e5ac4d3c2fb9ebac12e50ccadccdabba97af5143460ab4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d3c1574e06e9c0ed4ddfecf7eda00476

SHA1
e90dcb7eeb77fdeee2883c9c99fea03c50f80eca

SHA256
0b643c95e32e8cb6c8ad9a28231243f3d028db10560130aabe10cd65c62dace7

SHA512
06a7e8fa4859fd6902e842760ab1be755247ced2cb5d5b92fda7e25483749d2a65acc7ada0dd351c943711eef033f152137aafc18b5283bf3c310737b8b7077b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
201df2af40c67cec53ff6f87f2f425e0

SHA1
218d83a9daf4270e74bc8243708143d64ccdd041

SHA256
664407fbfc1e1598355ccd822fbc5fe259f92d48e68eb81dad3dd81b33d1563b

SHA512
4cc98bcbb0d3bc53709fc96bf25cbd19f538541ef3b972c2a2578c8235cbfde8eed649c80c110971664a6a8e03ba9cd76e5b04b036ce8adf8286d6a1c565a673

Download Submit
C:\Users\Admin\Downloads\flaminz-toolz.exe:Zone.Identifier

Filesize
124B

MD5
2d27d1faeb50cf314df832bfa6ef7fdf

SHA1
87b8a3c7115c7169a06dbb74c62e65ee9f0c9a8c

SHA256
160205c86ebebf597ac80a590318ea3ed73d72baa1fbf7059db91baa3df34559

SHA512
cdff2429ab0221e719c9e84ed4848404eeed0ae3473efa3d1c2a3ab216c8832c05e0b26b2c9a6fc81793ccd294b606a4e9468b520b08672e099aba5c0a7f231d

Download Submit
memory/1872-362-0x00000198C7270000-0x00000198C7318000-memory.dmp

Filesize
672KB

Download
memory/1872-464-0x00000198ACCE0000-0x00000198ACCF0000-memory.dmp

Filesize
64KB

Download
memory/1872-85-0x00007FFEFA370000-0x00007FFEFAE32000-memory.dmp

Filesize
10.8MB

Download
memory/1872-86-0x00000198ACCE0000-0x00000198ACCF0000-memory.dmp

Filesize
64KB

Download
memory/1872-87-0x00000198C77A0000-0x00000198C7CC8000-memory.dmp

Filesize
5.2MB

Download
memory/1872-84-0x00000198C6FA0000-0x00000198C7162000-memory.dmp

Filesize
1.8MB

Download
memory/1872-83-0x00000198AC830000-0x00000198AC848000-memory.dmp

Filesize
96KB

Download
memory/1872-415-0x00007FFEFA370000-0x00007FFEFAE32000-memory.dmp

Filesize
10.8MB

Download