discordrat | hxxps://mega[.]nz/file/vIhFxAJI#KQY67nN9V8iOV9-oGEMynAN-QnS013Wj3XWD8A4kbwE

Analysis

max time kernel
71s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/vIhFxAJI#KQY67nN9V8iOV9-oGEMynAN-QnS013Wj3XWD8A4kbwE

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMzIxNTQ2OTUxNTg0MTU4Nw.Gzn2dv.TGdD10yUa7ZZs7OvhvQ65BdJ9OfF6HFElNkqdA
server_id
1213214802600525834

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 2 IoCs

pid	Process
5540	BluestackFix.exe
5248	BluestackFix.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
239	discord.com
244	discord.com
99	discord.com
101	discord.com
112	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 168923.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2036	msedge.exe
2036	msedge.exe
1536	msedge.exe
1536	msedge.exe
4772	identity_helper.exe
4772	identity_helper.exe
1932	msedge.exe
1932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	5632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5632	AUDIODG.EXE
Token: SeDebugPrivilege	5540	BluestackFix.exe
Token: SeDebugPrivilege	5248	BluestackFix.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 3120	1536	msedge.exe	87
PID 1536 wrote to memory of 3120	1536	msedge.exe	87
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 5000	1536	msedge.exe	88
PID 1536 wrote to memory of 2036	1536	msedge.exe	89
PID 1536 wrote to memory of 2036	1536	msedge.exe	89
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90
PID 1536 wrote to memory of 2936	1536	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/vIhFxAJI#KQY67nN9V8iOV9-oGEMynAN-QnS013Wj3XWD8A4kbwE
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb704d46f8,0x7ffb704d4708,0x7ffb704d4718
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,3732349297151228440,17563301886254545051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Users\Admin\Downloads\BluestackFix.exe
  "C:\Users\Admin\Downloads\BluestackFix.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5540
- C:\Users\Admin\Downloads\BluestackFix.exe
  "C:\Users\Admin\Downloads\BluestackFix.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2616

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x4e8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5aab6ffe5bf3e8a8ef3fa55d71df0598

SHA1
0124356db75f45af130453e111d6feb2b43117ca

SHA256
486a5434f519f1fe323d4c2e1487ffeb40f3cd5d7ed63e440be9247f139d55c8

SHA512
b46663b137c7e7c77ff3ed2ce486339a20ff6c214398d14df8262eed4e7018a46cebe6a82d85c6d70abb9851272b021e25357376f88dccfda6dd440a6bfd9beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d3bb3322d8b8ddbc6afc48ba273cdf9

SHA1
5b153f26eb5863d98ac72ddc94d34e68aaffdab0

SHA256
a8b4b0c39a13aa62a3f528331510cd8e8df5c201550f8646456ee9adbda1943f

SHA512
d90d02f257567068025c166485274c118de64e8996a09ed6a9e20d0d38f3f2099668af16995e0bdf58c94a6be61a17fd869879b92ffe559ab8aa29778262043a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c17afe984e3b2d3ab4974b2f4fa0a17f

SHA1
6dfea392a264452d9f79d5bad0680f73cdaa5bc0

SHA256
3c872c74d880b5dc4078998f507967cb49d9c47aaf859e470843337b64ee8cc3

SHA512
3d2c45cca2b619843a1d83857d305f263e1bdc3fc46f86b5a66cf62f6f2196ecfe611aea322a628d380cde7a1216fb0301c7114546811ddde9d1d5769cf09da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c84ef2bd16f2c3aa431ec67c98c6cd3b

SHA1
fbb7ecefd239b6b41ad7fb98ce0a5b209a604efd

SHA256
8cff2e215c1956b164c345f930ab8e6ae6b2192d24251b22fea0d9b0d5ed7100

SHA512
0c4ba22e4d371b21e43a3dd4929c84c7ac3e34ce9c5115e559e27f4e5dc5178a8215e68f88d0355ea207328af0a0428b089674ece25f0ee4686a8078d6dd82a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ae32.TMP

Filesize
48B

MD5
b253d7dd21980d66c75ac9dce43f8e3c

SHA1
ba725bdaf804e9c15068d27fd9250f9db9afde04

SHA256
c91b6911352c5690bb801f5a93cb8b65826c20af7b6f8161536b4552c0128d1a

SHA512
2bc7d70c987cd31c5c9895c9d0a241b2afe4f66c0f4619c8ad6d95c9f9dda882999fb7e6a8623779049ba81cceb7f5a668a1029ca74788ae8ef22b2bb7237fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d9d6985f-de10-4bc4-8706-ca3ea922053e.tmp

Filesize
6KB

MD5
75c9e1932c5d308c05231aecc3c889ab

SHA1
46880af8539a0f821c671df4e8838d744022dabd

SHA256
803de0cdf079bc9e9c0c3c8285b4df7a427a2580f7b3a44a7bbfe90f08b087ed

SHA512
27089f5f9c568ee12f65ce12fe1d06507459aebe2a18cd74ee314d019882c0716010ff517fa3146bff1e64902f24ae3fe0af290dcc4b1f0d4c1e72b483eb4bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1da73bfa32c733a146612f0c43eb1de

SHA1
5b96cea22e31a0c16c3d01f75fdf2f47c9e58fec

SHA256
8a7623800183a957955fa944eda14cfad8a1a2f3e959fa7ef583be3278937240

SHA512
fdd8c5a912d12fb50987ddee7eebeded5d139a4142d57c8270b80dce56bdbd64a12a56cdcd21cfb4e462234eed21c08d09c79cbfb09787d184a05a73c0dd1231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d298e13e8b4e90c7ca538dcda3295d0f

SHA1
1b04a84ab6d495805f17b78afd66ba67cd1830ba

SHA256
02d29faf004a33430702498a1bfff7c9ea0d25c2555a5685d2d9f4b6f4f0ea6b

SHA512
f7f8eb3239acd1a208b6ce53070edea80990f9ef0052c496a9f6fff6895d55e4ae5b065a23c6d485bf854f22696cf4144930bdaeb346489fa87a264ea135a9e4

Download Submit
C:\Users\Admin\Downloads\BluestackFix.exe

Filesize
78KB

MD5
0f6e652458a3a3374d8fd603163d811b

SHA1
8a546dee8ca4f76c0675a0c95cf1e311faa3f454

SHA256
6ffd88a2de38e3272945a434fd763ddd9a6285372b171765d11a26b9a81e0a85

SHA512
a7cc2b6a58ebd836570121e1b0e373048ba7c4e44c1c02e0c759979b0bee8c0a8d8ab75d7a313bfb6dd6b22baf2d85f514f9c219168e10e98d9d0d1ef1f7c91d

Download Submit
memory/5248-236-0x000001B8A7D60000-0x000001B8A7D70000-memory.dmp

Filesize
64KB

Download
memory/5248-235-0x00007FFB5C900000-0x00007FFB5D3C1000-memory.dmp

Filesize
10.8MB

Download
memory/5540-180-0x000001E870310000-0x000001E870838000-memory.dmp

Filesize
5.2MB

Download
memory/5540-176-0x000001E855470000-0x000001E855488000-memory.dmp

Filesize
96KB

Download
memory/5540-177-0x000001E86FB10000-0x000001E86FCD2000-memory.dmp

Filesize
1.8MB

Download
memory/5540-213-0x00007FFB5C900000-0x00007FFB5D3C1000-memory.dmp

Filesize
10.8MB

Download
memory/5540-225-0x000001E8558F0000-0x000001E855900000-memory.dmp

Filesize
64KB

Download
memory/5540-179-0x000001E8558F0000-0x000001E855900000-memory.dmp

Filesize
64KB

Download
memory/5540-178-0x00007FFB5C900000-0x00007FFB5D3C1000-memory.dmp

Filesize
10.8MB

Download