discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0

Analysis

max time kernel
42s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
2720	msedge.exe
2720	msedge.exe
2312	identity_helper.exe
2312	identity_helper.exe
5256	msedge.exe
5256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5912	Discord rat.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 224	2720	msedge.exe	87
PID 2720 wrote to memory of 224	2720	msedge.exe	87
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 1908	2720	msedge.exe	88
PID 2720 wrote to memory of 4228	2720	msedge.exe	89
PID 2720 wrote to memory of 4228	2720	msedge.exe	89
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90
PID 2720 wrote to memory of 3828	2720	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/Discord-RAT-2.0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa26c646f8,0x7ffa26c64708,0x7ffa26c64718
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3154215611967346018,7742221254984239367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:5448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5676

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\65ecdf0d-ca42-4d54-a6e8-3a052171da45.tmp

Filesize
874B

MD5
2fa4628c3ebffb19cce3d4ddcbe70a7a

SHA1
2d208661cd130819293ddab92ce8a4412843abdd

SHA256
16ae8252c70893544a83ab0477f54fe3b5c2926e763ac1aea3137a19dc4448a9

SHA512
34993886fa169e8569d1e0e74c9f50f974524c39b3a9a63934527f0c0441a70a482fa54da5b26f7ac85aa6f0fc6dcb38385927069b8672b6e9b18cee67039666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ff7ee196677480eada3a0de74510f459

SHA1
60119b6ac41c62901dc7330ef3124a4853a82e1d

SHA256
539c77b13f29497fdfb8a4be2aa1dd12b39d0afc9e07e5eccc6e9eb1357b9cc7

SHA512
0d34ba033607d1f1ce59fba0793f011d7e7f51106d46466ca3514e7454c09787f8e9455d4f2348300eb317493214ea0f6120613f6ad5c9de32ee4d46b841f51e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66286ac0f7529348b8ea2e9eab112023

SHA1
c949092348f668f62679333635828a4326f63d97

SHA256
69d1f995e18e3575a6e671b9b52e92a557117bc548adb4eac24dca02eb9f8ba0

SHA512
d56795ba5b4e63aa3bfae868c1359285010b835d50738341ad5712fe875a844c37c802643bf12baa0f246c5abdf1c96d943f43cb7c59fcc4e87cdf1d9a46b660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cede393a961b9bbf68148aba8c351905

SHA1
14b2afdea6ca1f983c79d4926bcae342760bd1f3

SHA256
f2829af8c2308920caf13cd13278867e861485c40e0293711c2e20cbde7a9822

SHA512
43a343b14f1aa918ab4e15a95a6cb9bbd68e0fc73f4d11cd9065a5ef76187a1cdbc84144ff9fc63b9d92e80a98be77b44666e1a0db432e3dd92debcfcb0c6f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82d050d86d6f72c19f489367075899b3

SHA1
4c1645920758dcc2b59dd308b871bdc2d9b1bdf0

SHA256
cc4a8f8eb2d8cf66c8f4a112112b0f436904dd715ddb7af98c3719fe6d9d64fa

SHA512
e23fe823a674df1a2d0fce9df7b1f227765a9001ed807e4e455369452245dcc6d58201b4d51766500121c4401236a6870b9021efb11c92e56c0216da0fa5aa48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5798e4.TMP

Filesize
874B

MD5
6afbed10dc4dc67f149adaf2dac6bf47

SHA1
a321b3b75d576250e27e94263fa2a3bc879eed13

SHA256
9fb1947eb906707dc250d55c14eb642d78f436427d02711e5872ac6122b40dcb

SHA512
877a66a79c7343fe135f26b5549cf987011f8896520de410eba962d9dbfeaecb7d0bbda6f8ff0fb719dbbfd9318bfc7ac787f0f2ccd2f6ed578235eda6d56d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2acc754bc2dfbfd492d97cae8a88e1e

SHA1
4bdb984519723c1adadcf69d18c9b21d0141b548

SHA256
9b0324903f1768857e15b14aff423d00f50f24673b5b729d4108ed8f8ca3b443

SHA512
07d68522362f8e83fea99bfc16173e9f758d436ece634d52e30122686670e0a733ac56bd33ca01c3c320cda4e6204b1b103da80b1d65478abb461433c309c3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c804de4f1577ac5098f13c0615f90a24

SHA1
029b638a031bb303bf923dbb1e3771260dbb6301

SHA256
76b80bb42c6341e956329d22c63d63c8fcb2685647733dd4f5f1ff101e4be3cb

SHA512
e85dd73c42292cfe9766a89bfd4e14ef30471b44c0440642fa05d743747d654648d5e4f16ae7c04134eb92dbed6929a8bbba33abf957130d3bf3e5c79c98c016

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
memory/5912-222-0x0000019012170000-0x0000019012188000-memory.dmp

Filesize
96KB

Download
memory/5912-223-0x000001902C820000-0x000001902C9E2000-memory.dmp

Filesize
1.8MB

Download
memory/5912-224-0x000001902D060000-0x000001902D588000-memory.dmp

Filesize
5.2MB

Download