Overview

overview

10

Static

static

10

moderation...d).exe

windows10-2004-x64

10

Analysis

  • max time kernel
    210s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    30-04-2024 12:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    moderation tools (discord).exe

  • Size

    78KB

  • MD5

    4c4d3c4415c523e94804522e365bfbf9

  • SHA1

    6fca89e7b3c2e69148baad9ac913f557685ad026

  • SHA256

    0565c2824d912d8281ac34175e04ff2a1490941bb5c9e66f0186aeca13941182

  • SHA512

    35395200b95c7cea62fcb5868e40bbe6d9f782054acba79910a6369a15f1da459fa3c73a6e960c01e98ae6f47e83aa989ca9f65bb67333742d27abe35c2bdfa2

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyNTQzMTU2Njc2MzgxOTA0OQ.GRpG9J.aPe136YfhqjqpRwyCJB28fIUGjaFzmwZIfy9CU

  • server_id

    1224716393812066444

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\moderation tools (discord).exe
    "C:\Users\Admin\AppData\Local\Temp\moderation tools (discord).exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4752
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4588
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffff98746f8,0x7ffff9874708,0x7ffff9874718
      2⤵
        PID:3408
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:2820
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1992
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
          2⤵
            PID:4672
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
            2⤵
              PID:232
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
              2⤵
                PID:4568
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                2⤵
                  PID:2072
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
                  2⤵
                    PID:4000
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
                    2⤵
                      PID:628
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3164
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                      2⤵
                        PID:3080
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
                        2⤵
                          PID:4284
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
                          2⤵
                            PID:5236
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
                            2⤵
                              PID:5768
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
                              2⤵
                                PID:5856
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                                2⤵
                                  PID:5956
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
                                  2⤵
                                    PID:6120
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4468 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5184
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                                    2⤵
                                      PID:5132
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
                                      2⤵
                                        PID:3992
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=1048 /prefetch:8
                                        2⤵
                                          PID:1160
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                                          2⤵
                                            PID:2360
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
                                            2⤵
                                              PID:3604
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
                                              2⤵
                                                PID:2908
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1276 /prefetch:1
                                                2⤵
                                                  PID:4804
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
                                                  2⤵
                                                    PID:5716
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12435240081850067711,8733302604707413561,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                                                    2⤵
                                                      PID:3540
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:4844
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:4700

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                        Filesize

                                                        152B

                                                        MD5

                                                        2a70f1bd4da893a67660d6432970788d

                                                        SHA1

                                                        ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

                                                        SHA256

                                                        c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

                                                        SHA512

                                                        26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                        Filesize

                                                        152B

                                                        MD5

                                                        fbe1ce4d182aaffb80de94263be1dd35

                                                        SHA1

                                                        bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

                                                        SHA256

                                                        0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

                                                        SHA512

                                                        3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                        Filesize

                                                        6KB

                                                        MD5

                                                        c31ddf7d34b85ed7fa428bb7d3d5014f

                                                        SHA1

                                                        cbc3b8e424e26c71480a15e52c49fe10c2d48eb6

                                                        SHA256

                                                        3c1a0d81a2773a5639f57a0a2d8f555a7a9f3469515ba0edc06c7d52baab550e

                                                        SHA512

                                                        56131315b1c5f3cf48add41fa002d8435518dfc3058c7949a83994e108ed3404eb2b5c82ed1924fd3ef1ef2e69eea0126ab717d40f506cac5f7b22247c7b1871

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                        Filesize

                                                        6KB

                                                        MD5

                                                        94d64d5fdaa5764c7b6b418761fc80de

                                                        SHA1

                                                        f6ee3753ac9cc508c3529bb1400c3eb33a4ef68b

                                                        SHA256

                                                        ff4fbe606bab80af40cc690a65f4157e4f0d39dad9e6f08dddb512b2da0ffaf9

                                                        SHA512

                                                        56744f6b02f5db6a9bf6c4e987c49996e7853dbe52457dc0c72ea859b70e786ad06d675a71a25e403cb3bf925d2297fc7a5822f5bab0d5e5f12bd9454db10c66

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                        Filesize

                                                        6KB

                                                        MD5

                                                        f29c7c23365e0c6fb3f99c89332560af

                                                        SHA1

                                                        8bd18e4d7c2d6a2ac9dbba6406a46cb803ce1d1f

                                                        SHA256

                                                        621c1e8daaa65d0c0642dc4a07a350319a9beebd7df49be2dcca7265cd23aa04

                                                        SHA512

                                                        37ae8a9360937d522c114dbedcef96f923444561b508bf1d4aa791930ce34359d1e41004653f675d5c361577877b34f22aa07b732856d9f22a0f8cb94ced50a1

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                        Filesize

                                                        6KB

                                                        MD5

                                                        afdf9760921f4bb1b2f96052db0d74ce

                                                        SHA1

                                                        f3113320f13de6cec1cebbf5135c4e1c715069c5

                                                        SHA256

                                                        c97c4d68a0e6f7eee917084af7baa992868fa5e5a4f49db74618227ccbf15a68

                                                        SHA512

                                                        d5455c94ffaa5311c2c6950754e1c5daeecbc8ab9b5077d10be55b573bfdbf4d4921b003e90df237bd7fa0471333bde41d93acbe2d10c46fc85d7f929dc2d37e

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                        Filesize

                                                        7KB

                                                        MD5

                                                        6f5e0c416926d9fc9fac889d0942421b

                                                        SHA1

                                                        d5e129b8deea778d829630901c8184225b744917

                                                        SHA256

                                                        7fb0f06926789042adb041d6b3a9a30cac3fe199fa19bb24fcf55e362cbce726

                                                        SHA512

                                                        a066ae63c5ffc0357cc79b35c801adb0fbc5760bd56c0df3ffa49321067226a4fb8378fda0833a9dcfb4f5b02454b13dde10b315c20f059807a8df39c3bca4fd

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                        Filesize

                                                        16B

                                                        MD5

                                                        6752a1d65b201c13b62ea44016eb221f

                                                        SHA1

                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                        SHA256

                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                        SHA512

                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        d0971007030b3718a18dfd1ba1f30a10

                                                        SHA1

                                                        82bf851b1418c0416e11f93fe56ccfd9b832dbb6

                                                        SHA256

                                                        a0ca2739b57a3cb4e0dc5b41d2d0acbe8e79988eb459dbbb3dde6b51ff6b0c9d

                                                        SHA512

                                                        a778775315d8e15e56a136dc75aff7258c542edf211a0bf1c8e663b27239dca2c4b0532a79ff8fea52495b73645bbf682c426e879c2bc3baf52542d575962b0c

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                        Filesize

                                                        9KB

                                                        MD5

                                                        eb1bf21ee7bbb856f40087699abf0155

                                                        SHA1

                                                        3fff951d27ff9d82cdad641ad18e702dffdac6f3

                                                        SHA256

                                                        1ea48abf1e9a22f5ee39223543b5474a890c90400a5580052acba5adb260f175

                                                        SHA512

                                                        85b917030cbccf542f02414269739fcd6319c0f862b5d2635991e9071b67833896d928a95f592449324e4a8e24ccfeba265c07829c470c1539fa5affcb48d8c5

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                        Filesize

                                                        264KB

                                                        MD5

                                                        25d14e67b7268ea9bb6e78e18a2b54c0

                                                        SHA1

                                                        22afc1b374223b488da29bab48733f012323d16a

                                                        SHA256

                                                        6553f86cbb19a9e12461068456eb1ddd108c9517d3b95639bad1a407d870576b

                                                        SHA512

                                                        2d5fd9008374b110291ced670be4883c6c6ac721b4ef985f540fe2b719bc86a85e162dcd4a88f1878c27118e7a55e54b204cb1d4934309d044de5e8674efa752

                                                        Download Submit

                                                      • memory/4752-27-0x000002D4EF290000-0x000002D4EF394000-memory.dmp

                                                        Filesize

                                                        1.0MB

                                                        Download

                                                      • memory/4752-30-0x00007FFFFD770000-0x00007FFFFE231000-memory.dmp

                                                        Filesize

                                                        10.8MB

                                                        Download

                                                      • memory/4752-0-0x000002D4EC7C0000-0x000002D4EC7D8000-memory.dmp

                                                        Filesize

                                                        96KB

                                                        Download

                                                      • memory/4752-4-0x000002D4EEDE0000-0x000002D4EEDF0000-memory.dmp

                                                        Filesize

                                                        64KB

                                                        Download

                                                      • memory/4752-3-0x00007FFFFD770000-0x00007FFFFE231000-memory.dmp

                                                        Filesize

                                                        10.8MB

                                                        Download

                                                      • memory/4752-2-0x000002D4EE3D0000-0x000002D4EE412000-memory.dmp

                                                        Filesize

                                                        264KB

                                                        Download

                                                      • memory/4752-1-0x000002D4EEE30000-0x000002D4EEFF2000-memory.dmp

                                                        Filesize

                                                        1.8MB

                                                        Download