discordrat | 60728dff05c95a07e870ff5db3e7c509e2a83c7606d9cedd465e3556eb801a00

Resubmissions

24-02-2024 20:02

240224-yscecsdc27 10

24-02-2024 20:01

240224-yr2ymaea5s 10

24-02-2024 19:56

240224-yntsvadb23 10

Analysis

max time kernel
270s
max time network
275s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PSC-PaySafeCard Generator.exe
Size

217KB
MD5

e3cf82e6ef4d500a5b4bb3d0c9ba2e6e
SHA1

968952165941e4ae6242b77c52ff4529a7763468
SHA256

60728dff05c95a07e870ff5db3e7c509e2a83c7606d9cedd465e3556eb801a00
SHA512

190da0cc9499d87ef615e6b36f614df240a3e86d3bfb6ea2952ee407e0a45a2878bd35d2ce09223372bd3644fddd2929378a034db3eb6d5163e43d8e3806b6fe
SSDEEP

3072:QZv5PDwbjNrmAE+0IIpZ4RDlzKNpjAMt+lgJIft3AXsV+gE6+ui+NH9QlR:kv5PDwbBrwIIpNpjP+QZ6+uLN9

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE4ODgxNjUwNzA0MDQ0MDM2Mg.Gssdgm.Y-c4vKU30hG0gZbFd7kORZFoNCjnRRZbRdGrJ8
server_id
1188815612844191764

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2200714112-3788720386-2559682836-1000\{F49B8DC2-A90C-4D59-84D4-7AAD4F031F38}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4588	msedge.exe
4588	msedge.exe
3456	msedge.exe
3456	msedge.exe
4592	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4592	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1656	PSC-PaySafeCard Generator.exe
Token: SeDebugPrivilege	4856	PSC-PaySafeCard Generator.exe
Token: SeDebugPrivilege	1068	PSC-PaySafeCard Generator.exe
Token: SeDebugPrivilege	4592	taskmgr.exe
Token: SeSystemProfilePrivilege	4592	taskmgr.exe
Token: SeCreateGlobalPrivilege	4592	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe
4592	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 1660	3456	msedge.exe	105
PID 3456 wrote to memory of 1660	3456	msedge.exe	105
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 3644	3456	msedge.exe	107
PID 3456 wrote to memory of 4588	3456	msedge.exe	106
PID 3456 wrote to memory of 4588	3456	msedge.exe	106
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108
PID 3456 wrote to memory of 964	3456	msedge.exe	108

C:\Users\Admin\AppData\Local\Temp\PSC-PaySafeCard Generator.exe
"C:\Users\Admin\AppData\Local\Temp\PSC-PaySafeCard Generator.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\PSC-PaySafeCard Generator.exe
"C:\Users\Admin\AppData\Local\Temp\PSC-PaySafeCard Generator.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4856

C:\Users\Admin\AppData\Local\Temp\PSC-PaySafeCard Generator.exe
"C:\Users\Admin\AppData\Local\Temp\PSC-PaySafeCard Generator.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1068

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffa07d746f8,0x7ffa07d74708,0x7ffa07d74718
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4128 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3505053835081908899,3602247629735358240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:5500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

C:\Windows\System32\tc8fgz.exe
"C:\Windows\System32\tc8fgz.exe"
1⤵
PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf8b7b618672b2da2775b890d06c7af

SHA1
83717bc0ff28b8775a1360ef02882be22e4a5263

SHA256
ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

SHA512
eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91746379e314b064719e43e3422d0388

SHA1
65f1a2b5a93922d589142a6edf99b5b35d986dba

SHA256
0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

SHA512
a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
30KB

MD5
452cee87a193d291cf0394c0a8f961c9

SHA1
5ed43fad7737f776e85433d7fe7aa70d37eb4606

SHA256
6c31786e9b268be9d7e56b3e519845551550a8b0df4d3f55fbaf947378446c61

SHA512
355afabaa3be9194b4d47800be51e0ccecd9a857364fa57063b0866ee7595d33def0aed28eff297e582d16978e1ffb61921f3ee723e7c5e940dd48197b472500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f93e22ff0518c1d9566ac584d26cff24

SHA1
3b2b9ffa0951d2738b41261892406f74a3370945

SHA256
d41507a4de8c628ec71646da1e1debc6c942a715275581f1560729525c666c71

SHA512
ef8ebc05e2037537272654b67d75433a0b61b10892f78ebb0a59fbc497ab38beba5422eef1f58108ee6d939b96cdc3f5c49e811c430bf4264b6ee1543dbefec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fd2d552b1004972c5eab6655ce38e517

SHA1
44e2f8fa8ba240bccaabded0e4101d1201b45b6e

SHA256
4c25ac85287481f189b06529de2fa03485a56b2971991d7a5e876d5c2ab49b3d

SHA512
6f79681b75f6a3bb0508b471c49f72ecbe418f584cacb6a4ec0f45e886bd677f748826de1f5d7a28b347f7aaf5e5ae6b13c31880f98c9e51677b15b5e158d319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c2536b7c78f15ff100707706249f0de9

SHA1
36073e1bb5d223659ed35a8c0ec461674bf803b7

SHA256
5f7179cc98cb95b010f98e8871ce8419df1287996dd41f2565b9de570272a777

SHA512
b6f548047280e78130ae8c1cff58680b6e003b9d13d0772023412af954e306f0f6a554bbeb00132bad5aef932d46c61735681a0a2623575f94dd50fcdd69b381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fcc0b09fc655d72ad66769c28a84975f

SHA1
04007ca4f3f3bca7f87e31099d7ff3c38fdf04f1

SHA256
2abd7cd71bca26499a6c4e3d6f89b22f7a70ffa1050f3c5c22e9dfe2aee65cfc

SHA512
8a0b2ae8d9ac2e02074e9164a967170eacb8975bb05afce8eaf306448e2d20e3395ea710ad8419e4f45608cf1c1886e4e84d12e22f771aefa2e53252f307fcdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8462d2c2788c8c90bf8010f22a0206a1

SHA1
10624e800b8e3577a96c361df68e8ec21ca0c03e

SHA256
4a6641a09f9e73578f8b140bdf4fae7020e6cac60477466536a4ab2ec9aa4122

SHA512
5dfc44a712fdb1c4ce8b0757f1357a7822a192e0b9818e0415ed93fcc9346121c4cd2f7cc49ec5a22830db71e2e734372875f746384a031c30db42dd91ca0455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4aad85cbc0ece8eef49d0d0c71a99e52

SHA1
6f73f3e1edbb8479b234fa618bd878b0c218b67a

SHA256
6b284d734f4c31ff1359cb0c5608afdcfc4dc1b31da25a2a9b9b0a7d8727b827

SHA512
71531e7a7de37b4f3ca49d6f0a205d26669fd4a6dbc35ef443129777304815801d6fd1eb9cf0f5a5d5a4260c0049aa11c21b5d39aa0b24055fe19a347bc826f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ac527eaf71d98a5c8249b9e05f17c67d

SHA1
b05d0fb9e8c5c4bd217ca3d286a2df98ffa537ba

SHA256
c84355a40a5f377e0439a7399d2460c6eb185ba22cb621a77a56b5aba50c6000

SHA512
776f442b1bbaaf25a9002c72beac35a2ed858080944807b5700821fff111f4beb0d7bfdd323af16bcb8daa23f1b8f7a410dc53c15477c5938738c088c7ea26b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b49c1248b629a068af4202c131e81a39

SHA1
2517432489fc3ffdf2455eacef68a2e38e767fe4

SHA256
78e0c71d049f6e336af0eafe6f592382faf005a1bd161a1bc1b8933e86c0b543

SHA512
de9a860bb3fe51ebca05a01679a9150730c4222dc99e1cf4869d52c0c2000635fe6050a1ffd42a6d74e6a4cd48e483d3f80b405f6ded343bf952981ab42808fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
414d1ce4d4e0031da48a45276cc3dae7

SHA1
d819b09b2c010176e7a2a0ba5954802acd514c6f

SHA256
0132bf865e2556750cdd2a12c31b18a33f20ba511158cc333b172459d9beb993

SHA512
271b0edf85c73f7a2d2edff1a89a92aa40540e746071a26743d536b48214c0d0989b9fdd2bd586102db693c36135201f3b3be8236427592c8b4bde345c63d0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0aa04c9e61ede7056ace854088d6c0c1

SHA1
080bb83fbb416abcbd768ddd94731c791781b154

SHA256
41e0643cebf2b8f2dbf772d3843aeaf90e61dd019992c45d3eb73c11035015f2

SHA512
bfb04d1a70434797b60c092f5167ce7335a7a92b5a1738d2ee706be272756e827e70d1f85e3bf1be53518338f1696b18c97d41958044d0a3b8162b253e415ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c56e4999b5aa33d974fc4f6d8ecab3db

SHA1
c841e8a0e95f4e120f8cca012368654d6451f3b5

SHA256
83fc462df67b1237f1cf39f6f3aa30978ca0895882863f846877577abeb84bc3

SHA512
54c81f4cd76af65423b05a0aee294dfe1d2f7a1114b7c2dc81afff6423a4e65e646f4e19808412c1c9a21b2301d800097b47da7213f594b6eeceef95e8a98580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cc4e5f1dcd2f1889d9d97631e705201c

SHA1
5b8bd41ce949b16a0256fa5edd39145abed24eca

SHA256
a7e6c059097c9d1144cd30ac83120c5bddbd2d3bc9a270e532e521376f00a69b

SHA512
c6a969e748fa96489581c58828566fe34f421d0d69c9375bb2c6033c8eb5f69ed7e2d8015ce0d43409ab334c8d8b39e8bd97536ed5302ce926d8a9d210a8dc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a9694.TMP

Filesize
48B

MD5
a0b0c8bf352b3aa122caa7720d794497

SHA1
0f0ccfcbc7480ec11d4e53057c673a286c43fc80

SHA256
8e92351a01fadab627556992287fef0ae0edb35c9dfaec0ce667ab52b5f5067b

SHA512
edf95103a62ca65854e839eb7f9c1f13c02bab168b341590375cd7a688a1dc262e4273ad57ab279c9ba1147176f5a2ccefcca3f11dc61770764d38c7d5eb405b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae2b2966ed28191805493318e9ae8539

SHA1
5f65587db62162a0c02844bdac348f571055cf37

SHA256
2091f08e6b6b179d5de766fdbe081b0f5ab39052471e33f3d4ce7909d094dcfc

SHA512
988c9853e4f18dd45c72ceff1f7a04e0c1090472ead481c11c703de198512b6464aa123d1458bf1217c2fc78a20ce3713deb5986d556f6c917191920fa632452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b6acc.TMP

Filesize
1KB

MD5
4ea798cfa97507856c68bc41cf3ffc58

SHA1
7be6716eed11bd96f2a835bb63422218452bd3a0

SHA256
536d6edf2b581ad851667fa9990dec1bdad67cd38239fd7b10737dec6c9aa9ed

SHA512
6b96266af5690699f7952b9a4a5565772e12544e8814edf61de1bb3b3700eb58be490e077a1bd24a75789ab3a16f0f8e80e6db7f37d0a4d71e4ab472a30d6a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
34f88bac77fa90016dc97a92c07d3756

SHA1
a27dbc959c6fa691ca35fb121cb01cb3d75aa3e5

SHA256
a3f2470c344fdd4c57112cfb1f5ceae465da49399ca04d946bfd1b35603af75c

SHA512
da029c7802bc1c026507a5d697fe8316cb5e9071f3c190fd3c704c93d3897709e92a0dbb370d30e8333ac1de0f6b9864c9b171220a08d8f85c256b5c938de0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b058a9580176b7a60201172023479b6e

SHA1
3f6bd38d27caa863a6279695bbeab76bf07dc615

SHA256
da1f3eb74602c6aedc526ee7dc55c1e3ac08340dad048b8c0685c0a96696d14c

SHA512
1f95b6dd23f910ce24da79364fc864299e7476e6674dc92edf4a6be96cbdde0f0a681bbe339cb9b6b1e363da696aa50367a2ae60e0ae156229ad50fe9458c957

Download Submit
memory/1068-25-0x00007FFA06D80000-0x00007FFA07841000-memory.dmp

Filesize
10.8MB

Download
memory/1068-11-0x00007FFA06D80000-0x00007FFA07841000-memory.dmp

Filesize
10.8MB

Download
memory/1068-26-0x0000024B900D0000-0x0000024B900E0000-memory.dmp

Filesize
64KB

Download
memory/1656-2-0x00007FFA06D80000-0x00007FFA07841000-memory.dmp

Filesize
10.8MB

Download
memory/1656-0-0x000001B92C800000-0x000001B92C83A000-memory.dmp

Filesize
232KB

Download
memory/1656-1-0x000001B946EA0000-0x000001B947062000-memory.dmp

Filesize
1.8MB

Download
memory/1656-3-0x000001B92CC00000-0x000001B92CC10000-memory.dmp

Filesize
64KB

Download
memory/1656-4-0x000001B9476A0000-0x000001B947BC8000-memory.dmp

Filesize
5.2MB

Download
memory/1656-5-0x00007FFA06D80000-0x00007FFA07841000-memory.dmp

Filesize
10.8MB

Download
memory/1656-6-0x000001B92CC00000-0x000001B92CC10000-memory.dmp

Filesize
64KB

Download
memory/4592-21-0x000002B9A65D0000-0x000002B9A65D1000-memory.dmp

Filesize
4KB

Download
memory/4592-20-0x000002B9A65D0000-0x000002B9A65D1000-memory.dmp

Filesize
4KB

Download
memory/4592-23-0x000002B9A65D0000-0x000002B9A65D1000-memory.dmp

Filesize
4KB

Download
memory/4592-24-0x000002B9A65D0000-0x000002B9A65D1000-memory.dmp

Filesize
4KB

Download
memory/4592-22-0x000002B9A65D0000-0x000002B9A65D1000-memory.dmp

Filesize
4KB

Download
memory/4592-12-0x000002B9A65D0000-0x000002B9A65D1000-memory.dmp

Filesize
4KB

Download
memory/4592-13-0x000002B9A65D0000-0x000002B9A65D1000-memory.dmp

Filesize
4KB

Download
memory/4592-14-0x000002B9A65D0000-0x000002B9A65D1000-memory.dmp

Filesize
4KB

Download
memory/4592-18-0x000002B9A65D0000-0x000002B9A65D1000-memory.dmp

Filesize
4KB

Download
memory/4592-19-0x000002B9A65D0000-0x000002B9A65D1000-memory.dmp

Filesize
4KB

Download
memory/4856-10-0x0000017FC5E00000-0x0000017FC5E10000-memory.dmp

Filesize
64KB

Download
memory/4856-7-0x00007FFA06D80000-0x00007FFA07841000-memory.dmp

Filesize
10.8MB

Download
memory/4856-8-0x0000017FC5E00000-0x0000017FC5E10000-memory.dmp

Filesize
64KB

Download
memory/4856-9-0x00007FFA06D80000-0x00007FFA07841000-memory.dmp

Filesize
10.8MB

Download