Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.upload.e...

windows11-21h2-x64

10

Analysis

  • max time kernel
    442s
  • max time network
    458s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01-03-2024 10:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.upload.ee/files/16338433/Password_123.zip.html

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIxMzAyMTg5MDU1MDA0MjY2Ng.GSmB4g.z7mEl4nRyHZl4zLjxgwZ_ERwgZQJEakPOZ1N4I

  • server_id

    1213023729379053639

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/files/16338433/Password_123.zip.html
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4548
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb49573cb8,0x7ffb49573cc8,0x7ffb49573cd8
      2⤵
        PID:3240
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
        2⤵
          PID:3552
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2844
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
          2⤵
            PID:2992
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
            2⤵
              PID:2456
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
              2⤵
                PID:5088
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
                2⤵
                  PID:3868
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                  2⤵
                    PID:4168
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
                    2⤵
                      PID:1200
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                      2⤵
                        PID:2756
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                        2⤵
                          PID:1608
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1684
                        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:72
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
                          2⤵
                            PID:2936
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                            2⤵
                              PID:2688
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                              2⤵
                                PID:580
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
                                2⤵
                                  PID:4432
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
                                  2⤵
                                    PID:3272
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
                                    2⤵
                                      PID:4872
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
                                      2⤵
                                        PID:4348
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
                                        2⤵
                                          PID:4608
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
                                          2⤵
                                            PID:1376
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
                                            2⤵
                                              PID:2740
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
                                              2⤵
                                                PID:3976
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
                                                2⤵
                                                  PID:2840
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
                                                  2⤵
                                                    PID:2696
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8
                                                    2⤵
                                                    • NTFS ADS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4396
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
                                                    2⤵
                                                      PID:5052
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6675720655645407718,15526387089445105182,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6828 /prefetch:2
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:1884
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:4936
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:2916
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:2264
                                                        • C:\Users\Admin\Desktop\Electron V3.exe
                                                          "C:\Users\Admin\Desktop\Electron V3.exe"
                                                          1⤵
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:1440

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          a91469041c09ba8e6c92487f02ca8040

                                                          SHA1

                                                          7207eded6577ec8dc3962cd5c3b093d194317ea1

                                                          SHA256

                                                          0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

                                                          SHA512

                                                          b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          601fbcb77ed9464402ad83ed36803fd1

                                                          SHA1

                                                          9a34f45553356ec48b03c4d2b2aa089b44c6532d

                                                          SHA256

                                                          09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

                                                          SHA512

                                                          c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          336B

                                                          MD5

                                                          90d4e96f162cb481aafebf24ac3c512d

                                                          SHA1

                                                          54481b0ad546d2dfa063c0e4cf8b1a88e6cb186c

                                                          SHA256

                                                          bdc8c102608f191d6cd26aa03d175646d669ed8c21bbb8040996abd12e9912fa

                                                          SHA512

                                                          f31e2f19eebfa5419f2736da7350bf23f8f2e5bacc8cf35267dec1e2705b084a590b733e1d4a62168e8bd24b90121d2fd69f734208a8ae5e78fc22be1d786ec1

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          264B

                                                          MD5

                                                          691bb596d6173a15a4cae7adfb4bddf1

                                                          SHA1

                                                          a027ccc73dbfd7d890ad7c99a1c604bdda5d146a

                                                          SHA256

                                                          228ce90b632cab4734f2007dea08ad5364e90463ddc063fbdf734cfb4c17be1e

                                                          SHA512

                                                          32086669ffd5934a4c53b54dee4fb50b906ac4e3568ba7d905ee38838928d83c6db3dad45fd15d8a0245f574fcf02fabda62a788ab5013feaa89cac877cced17

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          288B

                                                          MD5

                                                          202954643798ae0e0f9677d896b2f6ca

                                                          SHA1

                                                          e680f76534f2de82d57a5bd2c066816fff799595

                                                          SHA256

                                                          7f694f3fcda58e8799c21145f21c78c10c0d8f91d7dbdff236c0c158a15581b1

                                                          SHA512

                                                          073885d2e5aaf821af0419437d6a2a402599245b6857f2f115dc88162bd7a324ebba3b95f8b354e65a3b3c0479450c49d979c3243162c1203347781c5258bd0d

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          3KB

                                                          MD5

                                                          e8795d4e26d79ec536c464b19a8bec15

                                                          SHA1

                                                          dc5800c324259fbcf4fdc6d584cd9e020efe1f40

                                                          SHA256

                                                          32461bc5613970b5e0a4256252d4b565cd86b64380cc0d1b4909e445ccc1728a

                                                          SHA512

                                                          07a7e6332e8f1364a5993212b6f0c50f5734886219663a4eab3e0aa55c561ba973259d7da54309e8bec7ccf2b1ce3e6b2f11975ec201ba3f332b86456c5e9a2c

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          3KB

                                                          MD5

                                                          ea803ad9a7f2ec5cff12292ce9c21dda

                                                          SHA1

                                                          c81c956ee9fb2543245a086e18a28189383f3f51

                                                          SHA256

                                                          facc016ad321a0c73d7227728af68f6fe55cc6836976f79e89a8b1c8f5bf663f

                                                          SHA512

                                                          3374306202943f6e3aca725fdfe7d6f1c81123e292ec3ef2e893b3796b0d9e13e17d8e34c8476239123895f00498b397ede16ba6ecb1ca9c641429c60d1c28a2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          5c629a02d79c8e03602479887e207e4e

                                                          SHA1

                                                          84ab6b3d86535e541718d5db5ac04de369c1695a

                                                          SHA256

                                                          dd2496802a6aaf71760a7eafacd6b0d82e05931ff187a090f12960c9a85606ba

                                                          SHA512

                                                          6402aab9f0e92d3e0888334cbf7e8388bcf4f60bc2166009eb84cdb616612d8a0c73362601321fbbce3c7cbdd5dd97b9c23f26f19a2ce5806cdf75e879995a0e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          7390ebe5593236d86547387c743fdc9e

                                                          SHA1

                                                          1c17fc4f16984a2c5eb2c7a46fa6cc734dbd82df

                                                          SHA256

                                                          0deb60695d55ab29d43982c26db775c597bb68322866e187f9657f2899aba63d

                                                          SHA512

                                                          8add193788bae403c69a76856c8f0b755274eb82362c68b0676eeab7e66469196ac340e866cc5723f27de35f7c614c29b5ba741047a165e597db87478dd106e9

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          70244d01aa1bac7a1769adbfbabded18

                                                          SHA1

                                                          1e4ce5781b46c717781b02d1603e695989e2fd25

                                                          SHA256

                                                          7edd54ffa82c4dbf4df698058a9971562391ffe76bb7485d9fb42e5a62e75643

                                                          SHA512

                                                          43af214d0b99af63b9a3b534fefd0b2a0fbdcf9f087f3f9fa17692a2550ae5a4f1d9c43b7d75b9c944ccccbf67ebd954c3fb990a57f2fcb1599ad63755f4a419

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          4f9f9b2c32285ea01c49a9bf6f3c96b0

                                                          SHA1

                                                          9d5d9e6d0b5d1716222fbb0e7e79fd1eeeaaf4a0

                                                          SHA256

                                                          e7629ec4e29da66e1e13c29e45969a3f078117b489f9430a444f96bf8d2674c0

                                                          SHA512

                                                          b1a271ade21ac546d290bdba4311e2aa956a81df1e8379cc2f20ea0470b7f14752cdc1e0d0184169c78e20406952854bb9e6b3da5828fc659d183c33f5623baf

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          7c00290dda172ec21df96e8c90b2f6bc

                                                          SHA1

                                                          15cbda2c565ae9e8e06983e7d34c2f697a00d1c6

                                                          SHA256

                                                          4680d0c6765d4ae2728aca95ed78fa81e248bcd4db2e751c71911e13b3facd31

                                                          SHA512

                                                          ee7c5d5600d60f5fb2896f962acbca71abdcf8bbd8a0f7edae0e7afc02768a8bdbdffff45326c4adab469493d5b3e689e982c304466de42c4c2b580cff0cad30

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          4f5cded009acc2bc814ce9a55aa109b4

                                                          SHA1

                                                          38ce15e74a3ded9aa91943b897fab759149d726c

                                                          SHA256

                                                          475ffe89aafb651c6962f2b15a04f25925e2be8ecfa371dceb4d0687e3497b4e

                                                          SHA512

                                                          20b9529c8dedd9dcefb802d31d81ef2d71434a53ae4f749648952728449695510e76c8d39b62c3ca4f2dc0a3204c0120b6df773184a159ae067f32e2e8110d94

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          dfe77dd0bb6d4d285c3edc7115e7a096

                                                          SHA1

                                                          e83607aa909a181a280032e52f4193b7ad8e497d

                                                          SHA256

                                                          d8679709b9a031d7846f45bf851a33f4c70fe70424fb20852dca64de8852dbc4

                                                          SHA512

                                                          d60dc217760ef4580cf834c065e7156d87f12060a788f76380bc6a86baa3f0f2067e08d9cac6f37c19251e4ed6e1ff09e10114916ff7104fc1caffbbe66ec253

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5942eb.TMP
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          da6bcbc342de09a9c81f9921d67c9f24

                                                          SHA1

                                                          3a711f32ca3cdb8c5dd0d35cc407d4048abc3273

                                                          SHA256

                                                          32513d8654d3b61f6407beb6e0c5ff905404cc2daf40232d8a8c09c6d7de2909

                                                          SHA512

                                                          5684ab753e5ad82ecb1eaaed88e75f4e450de88317fbd442da2bf02781336a3fd26d1ac699cf631e6def620704d101d832679446c8c86b0f4ec262367498382b

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          6752a1d65b201c13b62ea44016eb221f

                                                          SHA1

                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                          SHA256

                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                          SHA512

                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          fad99835b7a727a72c8c8b4de007d8c9

                                                          SHA1

                                                          0597891546d1cac25ec375fce9dae2d1febe8d15

                                                          SHA256

                                                          36806c4da51633cc3677f01d919dd9c1aa81e8aa9cc43a611f0095b88c026090

                                                          SHA512

                                                          8603ba0c0efe2c33af76711b7a69e730e7e90fc66ccb4c1a1bd260763030495c2666938b9650904d26106c6e6b4438783311bb449aad605d36a06fa00b240419

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          12KB

                                                          MD5

                                                          47d79eeef0fca05546e69de74fe844b3

                                                          SHA1

                                                          4f706140e4c382f3251f9609bf0479f49264dc46

                                                          SHA256

                                                          947959bb84de9ad4be9d9792b77c9df4fa7dc6fbfae1600e3c61ae0e3dfaf772

                                                          SHA512

                                                          1c64c53c468ae7560b4a6bc61eefb5434f213b990d177bbf3ec9b0c4600a692dceeb12bfc0b7e5c39689df09e1e00e359fcf99d4bac5f10ce5830913efc3eb35

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          12KB

                                                          MD5

                                                          539493ece2f49e44baaff5fcee62f2e6

                                                          SHA1

                                                          face6b59addaa77bff69be04bda7010c2cbe2f17

                                                          SHA256

                                                          241bbbcd91552783b155584d258f89d3c499c21c024876293613a5461a9ee7a6

                                                          SHA512

                                                          bf0f2d3583b8c7cca95f9db145657011c13c4c33c48c0dd78aa12a6f3775c78a722609ee2316a06bddbd9130ca57d4fec67c1a631bebaf1bfe93dd0e0c5d06b5

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                          Filesize

                                                          10KB

                                                          MD5

                                                          75cf527bbcd6b85fc0b072455677c1a8

                                                          SHA1

                                                          92e3e0581ddd4f62b29252846d05b154a9e0cc4b

                                                          SHA256

                                                          6eab09d3cc8205edc177a19b139a20209c99e452299a1617b9dedc5b96c321ae

                                                          SHA512

                                                          05f597b2544c529e86a6409863e26eaea67e80be55b73dd11c1e20ab378ab202d8027df975fb42c373530fc250c10d2ad283be2bbc62e5e090ae6074f6e2dddd

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          4cd01bbaff32d2d4c39185b62b3a6c50

                                                          SHA1

                                                          05d5b5d96f56133f6d251870debae53b0b23f4c6

                                                          SHA256

                                                          4b66b5ed9b637a12bebb7ab5570ff9c92752ed362c2245b55dbb0349d980c737

                                                          SHA512

                                                          b875bd438ee96029eca2c351db17c5d3c20a53baf0eb33e52a6c42efc2c335b85c83eb54fb6d5c0688f5a11064afc67e150c9f2c0391be3e8ee6912cd62ce9e5

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\Password_123.zip
                                                          Filesize

                                                          28KB

                                                          MD5

                                                          1937c2d21b0532f78d54dcb6f1d7d21b

                                                          SHA1

                                                          4e6541a1b1c1841330423798a573d51283a312c2

                                                          SHA256

                                                          fcfb47ce2a68976ff255af5ed4eeddff316f5b786fd2f932e545400079e25afc

                                                          SHA512

                                                          05e13a51ebaa3840202a0053461d3a278404e5a428a177cc8e6d4a46419b8059204316ae121a77f20631888d0b949585075362f3e5f1b5eb41a20bf27a78ee83

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\Password_123.zip:Zone.Identifier
                                                          Filesize

                                                          185B

                                                          MD5

                                                          23d5b8036554767a7dae91ac34ba9abe

                                                          SHA1

                                                          5f4dd877e25f07325ba6f3337bb01f8f547c73fa

                                                          SHA256

                                                          2e334cc72261b5552f41d2870596eaa8c674e9e7edc89217934c022e52281ee8

                                                          SHA512

                                                          79578de166ff4d0f40904463785326d864573eb539b4ebe9c2f671e3c89612321f7c7b0e771f51141e597fc94bb4c1535e1c6d528603a70fccf0fa352e82f9ff

                                                          Download Submit

                                                        • memory/1440-358-0x00000211C1290000-0x00000211C1452000-memory.dmp

                                                          Filesize

                                                          1.8MB

                                                          Download

                                                        • memory/1440-360-0x00007FFB34DD0000-0x00007FFB35892000-memory.dmp

                                                          Filesize

                                                          10.8MB

                                                          Download

                                                        • memory/1440-361-0x00000211C1260000-0x00000211C1270000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/1440-362-0x00000211C1AE0000-0x00000211C2008000-memory.dmp

                                                          Filesize

                                                          5.2MB

                                                          Download

                                                        • memory/1440-357-0x00000211A6CC0000-0x00000211A6CD8000-memory.dmp

                                                          Filesize

                                                          96KB

                                                          Download

                                                        • memory/1440-372-0x00007FFB34DD0000-0x00007FFB35892000-memory.dmp

                                                          Filesize

                                                          10.8MB

                                                          Download

                                                        • memory/1440-373-0x00000211C3BA0000-0x00000211C3D53000-memory.dmp

                                                          Filesize

                                                          1.7MB

                                                          Download

                                                        • memory/1440-376-0x00000211C19E0000-0x00000211C19EE000-memory.dmp

                                                          Filesize

                                                          56KB

                                                          Download

                                                        • memory/1440-378-0x00000211C3F50000-0x00000211C421A000-memory.dmp

                                                          Filesize

                                                          2.8MB

                                                          Download

                                                        • memory/1440-379-0x00000211C3BA0000-0x00000211C3D53000-memory.dmp

                                                          Filesize

                                                          1.7MB

                                                          Download