Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05-05-2024 17:59

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    bc36339d259715c4fb7c681506bdd215

  • SHA1

    a5f892fa06e4a96ac5eb043f6f7a2d562aa54b94

  • SHA256

    6138ff42dbc206690422ff11ba68758b52b6b12f49232b3aac20fac3176347d8

  • SHA512

    5de9fcfbd4c55358e84a0808c083b6a9e00bb78c3159eb10af4d1640fb7b03cde2099b8a7a914a6a52a8fc9ecf9bc0a84a4662127772559d98877ae64bc32732

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+LPIC:5Zv5PDwbjNrmAE+jIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIzNjczNDg0ODUxMzczNjgyNw.GYx9r8.AvmyPnn0sb2NoZijUdM4ZGOUfHrS-MmxJNKUeg

  • server_id

    1214787742026702861

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

  • Executes dropped EXE 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 30 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 57 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3900
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1152
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1312
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbaaea3cb8,0x7ffbaaea3cc8,0x7ffbaaea3cd8
        2⤵
          PID:5048
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
          2⤵
            PID:3596
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1692
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
            2⤵
              PID:4696
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
              2⤵
                PID:996
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
                2⤵
                  PID:3076
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
                  2⤵
                    PID:1296
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
                    2⤵
                      PID:552
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3700
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1168
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                      2⤵
                        PID:2356
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                        2⤵
                          PID:3376
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
                          2⤵
                            PID:3848
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
                            2⤵
                              PID:3620
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5540 /prefetch:8
                              2⤵
                                PID:3672
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
                                2⤵
                                  PID:3324
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
                                  2⤵
                                    PID:1040
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
                                    2⤵
                                      PID:1940
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
                                      2⤵
                                        PID:4660
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
                                        2⤵
                                          PID:4200
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
                                          2⤵
                                            PID:3760
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
                                            2⤵
                                              PID:3460
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7016 /prefetch:8
                                              2⤵
                                                PID:636
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8
                                                2⤵
                                                • NTFS ADS
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:1636
                                              • C:\Users\Admin\Downloads\Client-built.exe
                                                "C:\Users\Admin\Downloads\Client-built.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:4840
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:8
                                                2⤵
                                                • Modifies registry class
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of SetWindowsHookEx
                                                PID:4968
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6400 /prefetch:2
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4324
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,2325692019519753629,13526458823167557132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                                2⤵
                                                  PID:1056
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:3668
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:2112
                                                  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:680
                                                  • C:\Windows\system32\AUDIODG.EXE
                                                    C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D4
                                                    1⤵
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:3692
                                                  • C:\Windows\system32\taskmgr.exe
                                                    "C:\Windows\system32\taskmgr.exe" /0
                                                    1⤵
                                                    • Checks SCSI registry key(s)
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    PID:1136

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    6e498afe43878690d3c18fab2dd375a5

                                                    SHA1

                                                    b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd

                                                    SHA256

                                                    beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78

                                                    SHA512

                                                    3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    b8b53ef336be1e3589ad68ef93bbe3a7

                                                    SHA1

                                                    dec5c310225cab7d871fe036a6ed0e7fc323cf56

                                                    SHA256

                                                    fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1

                                                    SHA512

                                                    a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    576B

                                                    MD5

                                                    07eb75989fcf86c77d38ada3ca4effe7

                                                    SHA1

                                                    6117a51a4f9af809f24797e028128daed5966f9e

                                                    SHA256

                                                    0c813a16fe8c53009821276179841aac3400ed25b57631f4f21027bbc0ce03dd

                                                    SHA512

                                                    badf51a75b35540de4f677473bc66d1258b94a09674ef5ea5c4dc82e66cc29d1fb7aedaa9f1e55a1e2c9dc9d52dc02a33b1b08f0f17403f248b067bf00cf4c88

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

                                                    Filesize

                                                    41B

                                                    MD5

                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                    SHA1

                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                    SHA256

                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                    SHA512

                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    392B

                                                    MD5

                                                    efcd841135a6ef78e930d459c9064da2

                                                    SHA1

                                                    d8a16d331de6167113b718adc89c0e6a02195fc3

                                                    SHA256

                                                    e62eba47eb6d48fb8b294b15059fdfd9cca034de8216ce84ec64b14e72aa9ac8

                                                    SHA512

                                                    c34aa49aef5b6175a67d6c6266f162f62eee554a66800f85948251ab9036c9b05c705bd04c3911985fb520ec8e0a39ae0e0d878a0c957a710882e1a9cce49a02

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    111B

                                                    MD5

                                                    285252a2f6327d41eab203dc2f402c67

                                                    SHA1

                                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                    SHA256

                                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                    SHA512

                                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    111B

                                                    MD5

                                                    807419ca9a4734feaf8d8563a003b048

                                                    SHA1

                                                    a723c7d60a65886ffa068711f1e900ccc85922a6

                                                    SHA256

                                                    aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                                    SHA512

                                                    f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    91c0c246a61e9e3180cab84d09f51a9c

                                                    SHA1

                                                    cf96ffb3b861178d0439d0ef73a2d06566d332bd

                                                    SHA256

                                                    22148b2108a8e46c716cd3400805f30f4bb6cc32d272ece43722e82a749d0ad9

                                                    SHA512

                                                    ec4f380eaeeb17bda7b27b7f7b31e91eb149f9c111bea30eb90c77114efa07f6d77658d20fac2698f52c053589054b82eb06f6647c650281974947e3f3a59f38

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    c36487544fae6b775b18a35feb851d3f

                                                    SHA1

                                                    3ce7326574113db10bfe49e7ca201ed49aaa62da

                                                    SHA256

                                                    a327d0c7418ac401ae0714b5efd120362678043321d1b2806a097313de3ad013

                                                    SHA512

                                                    884a5a1adc6a39a2fd93943d830ddffc7b990485159c045c2d6d5d715033ccb25db319eec93fd892a8025edfd3cf3fbe1a2b5f3e08aafa1f4835d9c2911d1a7a

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    87733e89fcbf8b7ee0417a4204a51cc0

                                                    SHA1

                                                    865515172cfe2bd208f125f975977e851a08eb99

                                                    SHA256

                                                    96a912dd8eb4621ecc84e7a99311f3123a3b5ec5080cfbf9cfa0286f543dfe48

                                                    SHA512

                                                    8ae87477d041d1e33561ac45441a7cd71a7f0e1548152e30fd6c62761cc039a246983b97d397d2e2896152d333d03df29e12fe67620101ecede6f1cf8dd2ccc3

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                    Filesize

                                                    72B

                                                    MD5

                                                    f143b025a5924eb96783a42aa919224b

                                                    SHA1

                                                    8b057ab2dc024262caa2b6ce8541e304a3d7d613

                                                    SHA256

                                                    6fde880b785585ab6c12d6636bf2f47e3249af7091a18e366a4fea3f5f942945

                                                    SHA512

                                                    54620ed49aaaf69a44d9351e284bc489d4847f8412929cb17110ffb80d3e19bac2a2efba59c2aeec6ccb2c1fcb7fca4872d58f9b83de6a396512747edd9e5368

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583c97.TMP

                                                    Filesize

                                                    48B

                                                    MD5

                                                    96d0d51e4f03857f9c3e3ca2704deed2

                                                    SHA1

                                                    eeff5c96a4e1558a4c4bc14bb088f3ccb835719c

                                                    SHA256

                                                    ac8614811fef69371acc5c3961e41fc02e2dcc902fd956f551676e74ed197a6d

                                                    SHA512

                                                    4e9a5d2776aac80eac1b9a5091b411e8a6da07d3785e0819bd5120d9214e029185bb4f50d84d72b360da5549e9ccafc77bc40700230cf17a20a8de87de2cfd24

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    46295cac801e5d4857d09837238a6394

                                                    SHA1

                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                    SHA256

                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                    SHA512

                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    206702161f94c5cd39fadd03f4014d98

                                                    SHA1

                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                    SHA256

                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                    SHA512

                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    12KB

                                                    MD5

                                                    91072cb2203dd5724d69ccb576cc1e02

                                                    SHA1

                                                    a413639c0012f2b77ce538f2ea4ad716cf2778da

                                                    SHA256

                                                    6936e31e065bdc2c50049e79327669caf384db7c89ee01eb4c7f17315439a99d

                                                    SHA512

                                                    66c1b21684dbf088be6b2d931223e3fa20a183cd25becf720a4c1e1c7b486ed64368a95ff29474827415c7e6a4bf8a9bebc659fdfedb509d806792e3366fbc5d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    6deb59e9df09c1a8f7b8853169f1cc1f

                                                    SHA1

                                                    127feec7d55b3b465af09727d528ec36d3071349

                                                    SHA256

                                                    7e3e196121e95cf974aea9edce8b5429ea5838bc4a8cab8e206b14483af0557c

                                                    SHA512

                                                    84766b2d6c8b89592aea8ce1fbcdf409106bd011ff1d24201b93c372969dd74a8ba863c0bf243f68c9d248ddccfbdb7d3bd12ccfeedaa7ed1de85c40b70d67d8

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    12KB

                                                    MD5

                                                    818cc437a551bb34085be309371041da

                                                    SHA1

                                                    d11659deb032dcf0a0a02ca74637632d5775b592

                                                    SHA256

                                                    cf033777792ba18a42a5ae60b4ae5c91e6d8f6fddde1e41fd9739522b519011e

                                                    SHA512

                                                    ea7a00d26da7ae3d0bf93bb4c44ba08294df26a09d8efa86d3f0e7735b48feb5b77905208d7e13e02f29d9baeab98e443b032e32893a7f983950e267ea78caf3

                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    2f686552f463dacb3a39e97d1a410c9d

                                                    SHA1

                                                    e4fe9947c26763394b6cd14fa1df940c9af7de73

                                                    SHA256

                                                    6cad84b8c5018d81884c058a9c3482291eaed55fe439371ccf677519652b51b6

                                                    SHA512

                                                    9eb4a075437e51691420c8c25c32a905735c686f6ae2206a852405a3eae902fb6f66e23b8b817e724505257a78c8f174481bdd4b6f229d2c899983c77826a449

                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                    Filesize

                                                    2B

                                                    MD5

                                                    f3b25701fe362ec84616a93a45ce9998

                                                    SHA1

                                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                    SHA256

                                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                    SHA512

                                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                  • C:\Users\Admin\Downloads\Client-built.exe

                                                    Filesize

                                                    78KB

                                                    MD5

                                                    bc36339d259715c4fb7c681506bdd215

                                                    SHA1

                                                    a5f892fa06e4a96ac5eb043f6f7a2d562aa54b94

                                                    SHA256

                                                    6138ff42dbc206690422ff11ba68758b52b6b12f49232b3aac20fac3176347d8

                                                    SHA512

                                                    5de9fcfbd4c55358e84a0808c083b6a9e00bb78c3159eb10af4d1640fb7b03cde2099b8a7a914a6a52a8fc9ecf9bc0a84a4662127772559d98877ae64bc32732

                                                  • C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier

                                                    Filesize

                                                    52B

                                                    MD5

                                                    dfcb8dc1e74a5f6f8845bcdf1e3dee6c

                                                    SHA1

                                                    ba515dc430c8634db4900a72e99d76135145d154

                                                    SHA256

                                                    161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

                                                    SHA512

                                                    c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

                                                  • memory/1136-610-0x0000021CCF4B0000-0x0000021CCF4B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1136-607-0x0000021CCF4B0000-0x0000021CCF4B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1136-605-0x0000021CCF4B0000-0x0000021CCF4B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1136-606-0x0000021CCF4B0000-0x0000021CCF4B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1136-608-0x0000021CCF4B0000-0x0000021CCF4B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1136-609-0x0000021CCF4B0000-0x0000021CCF4B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1136-601-0x0000021CCF4B0000-0x0000021CCF4B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1136-600-0x0000021CCF4B0000-0x0000021CCF4B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1136-599-0x0000021CCF4B0000-0x0000021CCF4B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1136-611-0x0000021CCF4B0000-0x0000021CCF4B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3900-4-0x00000259CC030000-0x00000259CC558000-memory.dmp

                                                    Filesize

                                                    5.2MB

                                                  • memory/3900-61-0x00007FFBB0AD3000-0x00007FFBB0AD5000-memory.dmp

                                                    Filesize

                                                    8KB

                                                  • memory/3900-3-0x00007FFBB0AD0000-0x00007FFBB1592000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                  • memory/3900-2-0x00000259CADB0000-0x00000259CAF72000-memory.dmp

                                                    Filesize

                                                    1.8MB

                                                  • memory/3900-0-0x00007FFBB0AD3000-0x00007FFBB0AD5000-memory.dmp

                                                    Filesize

                                                    8KB

                                                  • memory/3900-1-0x00000259B0650000-0x00000259B0668000-memory.dmp

                                                    Filesize

                                                    96KB

                                                  • memory/3900-74-0x00007FFBB0AD0000-0x00007FFBB1592000-memory.dmp

                                                    Filesize

                                                    10.8MB