discordrat | hxxps://ufile[.]io/f/u70pr

Analysis

max time kernel
300s
max time network
300s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
12/05/2024, 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ufile.io/f/u70pr

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzODc1NzE3NzMyNjU3MTYyMg.G6LdN3.nkBc131_NVaXO60EybCWv8g-VLDPOx7adUKlIk
server_id
MTIzODc1NzE3NzMyNjU3MTYyMg.G6LdN3.nkBc131_NVaXO60EybCWv8g-VLDPOx7adUKlIk

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 1 IoCs

pid	Process
1060	Client-built.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{46B1B1E9-35D1-496A-B5A9-643CD018E034}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{D5298F82-4719-4AC0-AA6C-DD5463C21317}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000099835e1a3c92da0165f917944492da01a49286e75ca4da0114000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Discord Rat.txt:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
1784	msedge.exe
1784	msedge.exe
4788	msedge.exe
4788	msedge.exe
3000	msedge.exe
3000	msedge.exe
2172	identity_helper.exe
2172	identity_helper.exe
4916	msedge.exe
4916	msedge.exe
3616	msedge.exe
3616	msedge.exe
3588	msedge.exe
3588	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
4948	identity_helper.exe
4948	identity_helper.exe
4220	msedge.exe
4220	msedge.exe
4820	msedge.exe
4820	msedge.exe
4024	msedge.exe
4024	msedge.exe
200	msedge.exe
200	msedge.exe
200	msedge.exe
200	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	2528	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2528	AUDIODG.EXE
Token: SeDebugPrivilege	1060	Client-built.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 3092	1784	msedge.exe	79
PID 1784 wrote to memory of 3092	1784	msedge.exe	79
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 1832	1784	msedge.exe	80
PID 1784 wrote to memory of 3100	1784	msedge.exe	81
PID 1784 wrote to memory of 3100	1784	msedge.exe	81
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82
PID 1784 wrote to memory of 692	1784	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ufile.io/f/u70pr
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ff8b5903cb8,0x7ff8b5903cc8,0x7ff8b5903cd8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1172 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,984492437421637672,2662643620507300851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3268

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Discord Rat.txt
1⤵
PID:3624

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
PID:3640

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Discord Rat.txt
1⤵
PID:4420

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xc8,0x10c,0x7ff8b5903cb8,0x7ff8b5903cc8,0x7ff8b5903cd8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9244160384429987218,8088243464116417287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2488 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2528

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28f0e60dc74d005e6f5c1b5814bb4b5

SHA1
7198cecfa8e8d80534d1917cb655f3f530c95c2a

SHA256
04d89f9425c632ba7a1d61ab00fe9dd05dd2b7f1328f481e8c63f8d95fd9c37d

SHA512
7ac21fa1a45261eb5153fefac821f04704998141f520a816545b9013e9e2e1a6cb9221a9fdfbbcf8ff63c5fd2b97d9472152e364051e5df19d44bbadc006e464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4be1af7006af2ad9a5c7f32028cb8757

SHA1
6d3055c3f2603aee94b291d06966b337d08fe887

SHA256
6925cdce16e6cc9540ef16dc531cbd144f1f38fe17cef9daf0951b526231b681

SHA512
2b3030a6dde6e3097a0cff8addc509b197a3638d9dffe3756e232a4a9f315550439b8e14c841a18ed3b6383655820da85d0fba4f599121ae94cbfe7f761841b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
12a58c74a641687886b11e0c21ff6cc4

SHA1
54c8089fd5a914e131591d23b7f35dd364b6346d

SHA256
aa3dfc1f3106dec2cc41a7c41446c298166d9f76a94b4a72e0cb1f8d44d9473b

SHA512
c1ca2bb9eb52865cd0e04ad9e82ae33016deee4881d4637aca576a3e3e7dd7c71ff9f82a96b0beff11cffc2a38420dfef20bb53e144cc544a9eaf02c4e37416d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
48284407ed42b42fc8089adde6a15128

SHA1
e362f3266bad03b0f4e4432f673fd711c66176a0

SHA256
a3f1e1f8e3ea8db0228c788f99993522abbd4fc42d1b6345ce649411dfcee60f

SHA512
455faa2b548437dea0be9ce31f83da074a4e4a0ed53945f526071ae74a88987295149ca2bb2bd721f2c86a1bab3bbae4b5e087cacde52d8911d6129e96ac4a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
9d65e07e650ee6493eb1514a4bbb0db6

SHA1
7e6b34e09112bc663021f65f7eaf16a1ef591562

SHA256
567db4de9aec348491a7112986f81665af26ded58622932b74976221c9eda54f

SHA512
8a4604e65a15f5930b371d9e4862066262307d914f90cf2e87e4503a39e252a7c7511b629ee6a7521b0b06b8eca26d30ee4153670532982816fc3825a38b8bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
59KB

MD5
b4e48f5c4fe618c92044bfc69435db55

SHA1
7b23505407c2b73886aa34d786c30642ed5bca25

SHA256
38e41b83daf8039e787071dbb7ced17bdfa2902fbc7902539e8f68c7752791ac

SHA512
1a1e6d58e0d557d7bb88f497176b9d2951db6fbe9f833ccbfcea4a509045fc8e460ba300b3119f1cec21256527739680a785c4e7e31d7ea0026a7debc7f841a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
17KB

MD5
197cef2b112eec494ff9e6592e25e4a0

SHA1
6dc19f3be734045aad52c4e798b2a99b1d5d651b

SHA256
37b770444e9bcca771c5df2afdc84510a21e5b23ec835380414a101d549f6e11

SHA512
126048ca21fe7f7155d42f4fc0301824e5dbdf156252096d215cb51409807420340c433051d619b14f1153faf5c2889bd50773fcd507d12bc24ab4cb27027a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
31KB

MD5
55560ec6a66011e78a7b59f71ab661ec

SHA1
c8c45e1dc152ac04a8d5cc7f3e57644f2214a736

SHA256
23fc1cac88661bd884c9ba60e88c8e915a1c205e5e792d973bcf7f074cbb907d

SHA512
e4ac0c9ce8a47b98c0ea7b6c533f4fbb4c1ad60ebdd855ce3acf99fac8fcb1e3c71039a964ebad384cc00eacdb4654c4bee1e869aa1339e24e0776ca129b9370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
88KB

MD5
112cf4fbf99da3139ed5ac2ba49ecb8d

SHA1
d976ef4f9f6bd0bd3ff22a1d59a9b3247ef131a5

SHA256
58ab41c65b6ecf0bff001400d21f895846539696fd03e93ac7ca8da0fd445735

SHA512
df5a00f35c3a1067b7631961ff6ea56cba578fd6073889acd3ed2cef05f6fffe1e319ed5dcaeba7729aceb26f1a58e8d4c354fe7c805b0b5ae242dfc105d8722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
73KB

MD5
b5cf8ae26748570d8fb95a47f46b69e1

SHA1
07bed153d47f9129a944ee54dd72952deed074c8

SHA256
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0

SHA512
f08b9289695cf530094f076b2df4d2b0e1a1daedd00190d123b4179b2c1a1b5e8b2bb988d86fc6dc9eee117d88a58dd5b6dfe7689586c17068f5d2da01904d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
48KB

MD5
698faff59c042bc291c16816955e27a9

SHA1
3fad58f86907690fc8ae77146704ab09471dc6e4

SHA256
4ded8de727632cf688ad6a68b10907b5b5a695852b9d439157101c0c46f51ab8

SHA512
5e8882c7035c470efdf64ff5407e8fe5dacec2342b5437e9ac05bf83f7cd92c4f8e95018af4bbee142434dc3a4d0d6707af823beedf7b3a958a3012306f1d89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
102KB

MD5
f3c3f7bdb9737d637dcc91a01ac754d1

SHA1
1ce241553620fa97d324b6d71df1ab3b9bdf08d6

SHA256
05235fe55b06985718061e3c7af945bdad42c2c961e0770e0ccc3f6b7a745864

SHA512
ef70a3f5fc747e288bd672a70b3e1e73f8a19e9fd995b80f833d9f861b2fb5b66e82a50ed5c121a37132056d54ae624357dd140ef641f5d8198ebfe34b455dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
24KB

MD5
f782de7f00a1e90076b6b77a05fa908a

SHA1
4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1

SHA256
d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968

SHA512
78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
7bd17633bdfa037632e2ae0514462d31

SHA1
1be7fddb17c224b7ddb4c09a7da59e104a2b536c

SHA256
2695e36ca3de6a26cb7e506e6a097f79ddcd9f666373b76a201dbab3cf89c2ca

SHA512
5733739f692ad48a29d0f5bb3ccb4553856613a162b79751d34217ec2ee4e4f530a5cb95c43847db63a5600564d1e76e1175a482b37e80ba4ce831dd99efbab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
a983c1e8541308c0a6ab30b50b4c90b4

SHA1
a080e1621713f32ae8df966abbb48f1ae819c6d4

SHA256
b9e397444e0cfaada97ec61282c8abf2d42b5b3571705e1ec7ce1b35803f7021

SHA512
6301c4bbe7db46a4420731e3e0cd2f129ee162d93536b485a07b8571343e3aa61ed9c07ce5caff01a26fb859467fb7928864da0ee7fc84f68634ee256cf43a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
32KB

MD5
d49440f670021a0f62b1ab52368f0e68

SHA1
ff0409be7b7b0aca5454570fd65629caedd30365

SHA256
9b45784f7c55ee9c7dd054e3fd1a5f994eab90093e50000b8170f0c1195a0499

SHA512
fbbad51c430599c8913d7437b1d3283d3755fb8d5bbdab08ed6ee87380df14cf1c71f16ab85c332d3033e696e0f0cc441153d584f79f3fb2ca6d1539d7028103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
f967b3c4562692f07f5fdedac85c4c51

SHA1
38bbb9559ee7dde925dede00cb989a8bec3612a0

SHA256
7296aa525137d8d159e85c65491c820c7b68e6db0a5caae818f025842049094f

SHA512
0315f4ad863e0a778fac45dc52334a173b1f83b2dfe3a75bd56bdfd91ff489418cbb66d210f006f1b280e1441b142ed64539397036b04716cb9e36e610341aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2e24df926cacd78a5ca3e8db5b61c372

SHA1
24481b5b35be90f27395255d51eaba7b2aa2ea72

SHA256
c1f166f9bb1678eb9550075daf60ae9f8e591cf03b4020b66e660d79c1b49661

SHA512
f70202475d42c159d746c92dff810732090063825bfea0452c684f90fb57c04436056b26715aa724e49c0787ec94214990e94d3575452afcaf6cd8c8f61d3d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
d85f899897d303674e9e0a9a21b77a27

SHA1
128b89f785679f0f8c389a5af53659f25e0535b2

SHA256
5907d97756d0cfb500a94b86c10b8ad983d1c20d5a9fee33d97c54d24100742e

SHA512
7fd807b3a7065149f565dbeab34521a96f3b753561c1ba627e6ea52e2b48851ab9f78816e245fd6807d91e9f44ca3a275149e7b414989962795921cb792ec328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6KB

MD5
df85895c9758478a56fd3d33d7aa7f0e

SHA1
f5a353875b7644a3a9ea036d1025e79b7bb1fdfb

SHA256
1c1ca1c6236ad2202222cd9f85af4ebc4d01c1c61fddad914d099b0cc1cbdfcb

SHA512
c6d15a563169b36b574aab8bd38452c620eec182b6453f95c42b97be82d6fdef38d3c2e4a8511ac489e1a0a0fe0a7da3e2900f85e239e32f8041a5f090fc5b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
d8df94d47ce2f4693c76483fc54c3d75

SHA1
8efb5803546cf2cd6844fe626328e6cad53a8e3d

SHA256
aef633e82fa62b77d762abc32f0bdddcd472f38cafb31b09dd9d9cc285b0a953

SHA512
d3246fc50a569b81014d2d434d3cdc635d3ccd6536ffa4c26382599704ae7620d383643fa98ca5cd662a6b9445e845d1bda50f8b163863593c8b07684d2f05e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
21365c536f19dda14c445a166c9b3eb0

SHA1
2f631e71b389d1301614524d0ec5df985d4266ab

SHA256
6c26755431c4e3bfe918ce01d7adf92868515ac9bf2d55b629b63614247b1b6b

SHA512
9849c73bc7514ef9be46070f5f14f6027ac3c67b91f58d1da1d77e3ee1848663d04a49df7ebeee7551f98f0564f47b8ccedd146a21c2f7563be6fde7038ad47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3b6f97a6a52116104fefc753f809d71f

SHA1
759b19493e4b1d123db5aa6d0b2669993a3fb859

SHA256
f49b1930a38c7b70d43568ea2fa763dfacb4b66f527a1bb7396aa7226b4a6ffb

SHA512
05ce58252d1d3180bcfb388ff4273e8a1d4be843f87627a7b74f54a7a8d26b87bb7ddf646180648db7149b19ea48bb62c4af13d65d663e8633933430c6d8fe93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f26cb16c499bb6a1eb75ca4ba7ab1b06

SHA1
b542320a12a1b938b93bb62b85821cd5cbee4fe8

SHA256
e94358102532c01699e46a502eb8f91a6a3adaa19eb2a3418a0df4547b95eaaa

SHA512
a09843d255a1bce6ada589d35963b92d8aea2e4579d7330ea0ae598307bf18f33b9267c10ec39f80081062b39be860dbbd4887e909bb23de93db0f6917b05574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb2874c59890d9879f5d6c1958025dff

SHA1
918fd4c0e1fe545b71288c1b622b137c5d56c909

SHA256
2964316cdc41c0dec4cb422aa2e08e4d85fa950f51499ffb0b54ff2a38fa79f7

SHA512
69dc26c7ac83c3c58ed32e9ab040282a11a195e3471739d12abfb6d4dcf42796b126f9ef5adbe32347bc2cbc878e62c3cdfbed35c1990b3e7ae7fe03592939d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2b381ac02dfe523bcf6f7b30da9d6e51

SHA1
343b43330f143dad1c08adb8bbd3057f63a35016

SHA256
d2c5c6883daedfb218311f4c90db6fcaaf2a2e788b12811b5fd2586d0f63d4a1

SHA512
732b169adfa1c363da4727e66999bfe8f5c28fe0cc9cfa87c35fe78850cf058c25c06ef2b18e8296713b8e02679abd1779f7263ecd7139974e24f079a726470f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
61033291e27ce264fa78b8e5f5af834d

SHA1
ab5009864f918dd95339d3edfa74046f33b6b8fd

SHA256
09482467af84732d59af726a8067a5c86030b1e3c13fb765455051ace2abb2d0

SHA512
d32a84e3d5026772678b5acdf41d40ea2a45689b6b5d7f45b82e54c3c84fd615dbf6317f7afb452dc05cb6d19e1f840ce03b4f0645011c592b365e1a8bd0c674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f1240bf916610f74f298f98de84bf118

SHA1
0e7c141b6834504cc648a09d29740bc0622329a9

SHA256
37d6932f1c6f84ac23514647d1b0ec219d1518cb598008100753ba0e40b5651b

SHA512
e3787443664f6b8d5f7159fe96d3c388360f4e9ed4f7e767320779ded01b4059e56dc286f5560bc92619db654548c00adb63115c2e40cd4d7938fcc6e8fc56e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c1c4f96f5fe581fd5f4504392967bac

SHA1
d7e2a7dadacee263808ab1fc5e6571acb7b9ef35

SHA256
e00220b14a5d5e13e9dcda55024ea1113824ff843eec027aae4142f62251c884

SHA512
aa784fdab3bd57f9c29c119437e07871b440d96504d6be3463e3f2922e60f30e5fc48fc09f5fe10164fb29ec89cf2ac90841a95d45caaf862774d7d9c8cf94f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e5a1b484e8f0cf39ad816eee3367929

SHA1
077677e6e9dc823f5ebc0e4addc325699216ee45

SHA256
4268886a6aa16cd573a9a9f5fc169e35c36388755f45562e1f0a43c32c8c2fe6

SHA512
79e00f67841c7d0e8217dc4e3333049f3cb9d84b67b9c2cad217ead25eb1096d92656b0bd33b1fde7caeb727fb833a1befe652199716570ac75565bbdf3010c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f3a40382449ff951b4432774191bd984

SHA1
a5ccfb150ffb490af6fddf7a8b58fd6940fb04d2

SHA256
7f45713d1dd6b1f91e0511d5edd284938e7cb0cd86b508699e9c870d2dbbcca9

SHA512
30a489fb1d4c4fce25d90fd2726529e40bfadd4db7ea09fc283df268bb7178cae4a940462cdae7ff2e8cf3d2fa5f5f26849c43d89bfd90a7f31b2fde35dc9384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
88f4380543e86aaacf03973e42151e75

SHA1
f3e551d8e1dfd80be7e65e966bfee497dbfe174f

SHA256
f3639dbf161f3de17f58fbc61f8cc04d376384d781cd626c351580d1d7b992f4

SHA512
c16a7c66d62430f85ac14a3d8bd9c0ef18e494e70907a209d6ace5fe372189308f94c45d43101f36301e32b35f12ec0ec393c8d5193374270cfa801b09ccdb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
0692db9f2e1b3a6764c8cc280dd0c226

SHA1
fcd36abfc7219def1fb527b7e74afadc1c93dcbf

SHA256
0f451dad8449606ae0ec124298434eccda819b01c0fbf365221c0003219277dd

SHA512
47a191d3a2fdd9df897cec02dc11048f3f1d41cf91cebbe20db065cc482de1e7e993555930784f0813733cc5b3249cb5add76fc7af2a6c84545220377966f654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
f8286bbbd72168b994ebb423211a93b2

SHA1
0661a53a8897f3cc218ab0101976b645a2b0058c

SHA256
5da30c15821de1d9a453d161e2d0279ded146961c337e6866f464bca52144f95

SHA512
7a97864c10e24b01f04f39c9906b81f74c463958941a8f3aafbe0f5d94c1d7a6b49b514c646ad690fce5a925af2442b2087816e92b00bca061d9abfaf1dc19a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359985629495263

Filesize
21KB

MD5
359537c289506c9b9d61371b82436e87

SHA1
f5f315dfa437c1f9fd7463212396ea2ce480de4c

SHA256
7ea3f3c0cd5c5a7c4d29d43914695859d1ffecc070ac154bd5c5907470d96140

SHA512
d7eeac6b007dda92c576dee185c239b7a23753451f027d9bdee5cefe3becd7028179d5b098ce83ca83aabfe3f43732fdf80f6f67cb1fe4cb839912aa925a87a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
e2c328d77e46cef5e3166e0687359105

SHA1
d099dd33c8573fedec94e0a08b2fc9182af19f5d

SHA256
ecc02584feddfd2340c6ff46a491cec46220ab9833988d7f20d3fa99d7fd2375

SHA512
2df3e6132fdea87054fa6171ccde6d51c7b4fc1db3ea0df1a18fc8442bc400fd1ac38b906dfc25a5bd97b9a6855786cf0bc4c53e1c01949875c6f1f925bb4c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0b168403eeae5a2208dec630c7b85e76

SHA1
eed04007901e0a01fdd9dbb51e5e5d64d14b0089

SHA256
f56f9ea051b96be3a09c15caf54d919e02c6e07eb94c297704e6c0ec86246e65

SHA512
4b0932c7ebeff17b2988893feb9953ea4fbb175ae716fc7961449657f3a4acd8b89ca108f3e9b084fa32bd1a86e5ef0fd00059b04b925481872cfd3c8fee8599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
27caa330166258d6f4e4a117f0bf1a07

SHA1
56ce5e9678c62d0ca7234b8e851f5cc652c305fa

SHA256
aac391ed89c199d4709c5b9c4746507ac9fd9de5f13e2f856df43cf4c0ae7006

SHA512
88b1ea080a5c3f8f47577efee7683ee8fbdb5706f23fc46c7a6adcff106d88675fc021400507ebf439eac89bd12460094301ea39518500f6741782c303b84afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2cc160ad1298ac76da7f9a85f598a543

SHA1
9627bcd4c3f108af48bd6df325a4e83e4b9b09f8

SHA256
e9cc4393163fe1bd40cb2fd8e3a17ddeabf8771f1d7242adcd1b33ae51344623

SHA512
431ab061ae38e5c14e261aeea0434b89997be1d1e631ef0fc3f7189e99f155393a587674bdd7884e00990fa39bf7a90f9b7be1b4951cd304eff3949b51adb554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0e43d78a7e966a62667bba19aa2320fe

SHA1
46cd3ecc7508ddb75e44d7cf3dadf9fcde1d0c79

SHA256
27ed3d1e60f0275ede06f7c8a616ac5339eb8b44443e597bb582eac0c6b5ebad

SHA512
3ed8cdc9e262dc8aacd68e1f01a061d407aeae9d8bd751e08f3b02a79f72b091d658fd2ce77861174a23c3e37eb80c6a68697b9b4540c282544e4c4c0c713ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
582e000cf8814ca380b5478e5cec072f

SHA1
c7a2cfeeab67df91b38ed4a8e9bc4d7d845f895c

SHA256
5ed7f3e0bfd2f51aadc137ebcf2716fc3844458faeba54f0d57fdf5873e3fe34

SHA512
a5465be05d33d1a92c085ac409b47220532025daf4b9737a39e2a98f4352bad9e31f5313917c8895a7080c8f492545726f0b1a1541fb87171a84d6f52b8b8f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
50b3931776b0491a5bf38bacad4715bb

SHA1
6377f9a02efcf13ae917cc98368b8c91c9e0ae32

SHA256
5f2f627463527a4595d56b10fca222e98e5b5e0e78080566266637eee06f35ae

SHA512
0e328ab9455950443eaaca6a296b416efab9455a363868e650bef3fd44762d0ab91d813e98479bd86947ccac7537452899aa7170fd636cfb5dcb5beff308b711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
702ebc4b75400e02aa754c7ff1dc6f1f

SHA1
ba8d2a9d9e1aa00f55062d5991d86d86ae460e83

SHA256
b2bfe701ad0cbdf11a6609d6aead49eb8f6b9c1ce3377aaffc34ad55c371be77

SHA512
f4e29029f6e1ef9c7b9e4d2380456556f9e431249b516ee5e7a04a3d62aeb83d7a801b68eb91c6f8f61fe8388517577162c24a504c9268087093f791ccaa9b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ec54.TMP

Filesize
1KB

MD5
9b1a71ea43c23329a4e7697aa9025f13

SHA1
f4103d29af1798be39bb9de7fd25643a61a38e40

SHA256
81881c882176b1ad940e31b5e6b24810ab00b7c842f7eb1c5aacc0a8d330aa31

SHA512
c0d20ec16ad6ce2358d234d1fc1b8e4204226389e671c9e835c35af138b45b93caa8a0c86e842c7f1083fa1b64c92519f329def305db2cdc282a7379f4bc5ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ca2642991f6b5fb70639e09b18f864c1

SHA1
8a22d1e7da8d8618ddd870cc63f54396a77796e7

SHA256
5073c38ef19653d9656924225da06ea785bb80c52d0c8d727592db0f8dddc3dc

SHA512
934403e049298daf15089995919b79d972d1e949a86172c1b7b45af622547930fd479c4e6eb843d154209340409ebfb40e397838be4e654ec8013d5deac59ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.5MB

MD5
864a38068dee1a7ad1277d709faa77d5

SHA1
004119de63c72f9d9ecd14841cac31a5722f4518

SHA256
928eac857c6d72f71cb48d5fa924b9d79bee13b2bf24854ae50e923033a84afb

SHA512
40a7385c9a155bb3410187cdb2139b30354cd362c5431baa801fbc735ef0f0e05fc5cb4abba153162b518ac42cfcc6a418bad78f34487b03b8decfb837cc7819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
8KB

MD5
e6d6a782e2da9d2604b333ee2e00b116

SHA1
4671b9c6dd3f7431e7c6112a1f0587a25b164590

SHA256
873fd46064bfd762cb68f38913154b5f6fb3fc6dc41b9b0f1d754305e8c1a206

SHA512
ad22f8e18c358ef0f429aee1a901f0e52e510367a471f8d3808407c970a47993974b2648e36fdc7b8963963ea7101ab764d8df9eee001c5b10b72d5331532896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
316fc1a6998af253414bba6f5722e584

SHA1
02e49ff2acd45621e19527fc790c74a51a87ab63

SHA256
4b9cb9f7311fbae5192f1f677955ffc46d8f764b137c9128f7fbb54150f8a121

SHA512
60c5ff44e65a8ae3fbc311ed8a1d771f391fc768aa59befc592a94dfd304c0e11c72601daacf3e8195c64add9a40cda6ef8403821c74e55bac6f2c780d86d1ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
ac5f6d1d60b53332d46150b0efd5ccf5

SHA1
95d7bd34276f53d3992b23ffcc872429f2e562be

SHA256
42d99a3584ee59bc40ad95d48f36013576ae103022b3f1ce6ff31cd6ebeec404

SHA512
5b7800432753ccb04ad8a6c071acab1ce7cf90a2b3d754e2d9d754a749e543a55506279218c43de61ce7a6bc4bb4ac30453b45f32b37b2be5ac92f19337b217f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
67c16d431cb09cf4248530cd7dbad00d

SHA1
bfc69106fabb7ecac0bf28dfdf1940cbc246693e

SHA256
e1acb749d32ff87cd598389d9c982f99716f75a2bb4c4a47da594549783b6d25

SHA512
f692740bab0359dfc18cd2a530cfa2a16357e21073ebc78b3c25a3aa4aa4b7d80702ed8d5397ae649504b59c85104d48b560dedf740d1809d1fdeb9284339d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e05e7c4dbdeaa4c18319c08dda8b6d2

SHA1
36adeb4728e1f36b25f396bb1380a5a878f65ab4

SHA256
1f9e16554b7b1701c6d272ed1f7f45ac166d9107d23dc1a4e779fea45eaf21aa

SHA512
3aaf3bf5470cd2c003f3a72cc022752ec4fe9268714bb3f58520130637bd3ecd4429aecad774ceeacb91df4c407564332bd9be28381c0b924e3342719ee5cb01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ed8668b67391d7f98b1d29bf9c55c72c

SHA1
fa3efaf09be27a7016213cc55c434827d45a9151

SHA256
bbf8990a67ce09c83fbf3fbfd3354e32fcfe39a36eceea329605aad36820ebb4

SHA512
561dc031ef7cf972c98766b114d749ed0e04ebf6e0fa084fcf26c08b72f99ba64a46de7b7ceec51b1bbe0c00aad80822e48b0f754522f2fa2c2bf056d74a31d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fef82871d1c2089988ed261cd3c37a6f

SHA1
1d6683c7956d118beb94344d54b76e45bf90640c

SHA256
fc175a59104a6366da440fc87665041c24f11714950d4290c2f3ce241f9ac9c0

SHA512
fa5a1a58191c17d4d33a06e6d8fc9f04d8a8eb3298d74949b39bafdfb1389af5d65ea29f89305bc4629dc4247d56aaeb518a379f4f9da6b62648d76dcd348d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
db4810df1c0f8153761af1f439a10588

SHA1
84572431da4cde35a4cc741bf806a4d64f7f5d03

SHA256
0847e8857724344d22cdba5f5d4aa4b3d98677458c99f5e682cc991f19685a65

SHA512
e3dfd4bdc082d4bcf6f4ee92b0cc876b96b6a3981a087fae769d787009ca44928d346f00f8f41a149eaa1c56cd264ec88d221e641639b29e1b2a242cd244babe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
cd512f464122a16d8f725f5e2b233b60

SHA1
d148bca0c3f6099f56da719303e0c6dc03f3261c

SHA256
2c9b8d3aad9b104479d345c99021897da62adafc9f44059ff98993a7efe6afa5

SHA512
89e3c3b9db757b4a5ddc0c3ab32420e758b81066efd677a7377ec46598db862077685973a24bee9976e3ecf44e11c0345a99b7a8e5256ffe4532dee670752789

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
1a7316183da0c16d677423ed16a74084

SHA1
2bb80ae6642942071d65b9347fac190f6ecebd3e

SHA256
68cfca642ec6222113d875780ee984e768f990c3e4d828e6bd2bdb30b24b79dc

SHA512
9e297b14fb1c110c363e2c5ecff6d2bbddb45e41d34d40cb36bcc8090ef9d4ca5651c380d049b564c771a8626f658a875e66a04f811a6743e0e15201bf3296cd

Download Submit
C:\Users\Admin\Downloads\Discord Rat.txt

Filesize
110B

MD5
cfe4756253fef33a752bbb19ab82c2b1

SHA1
78a78d1776a8ab246f28a707e6efa633f90a93b6

SHA256
dc3aa2540d0a1d60a980981e9826755ba0cddf50b057c6fdf317afbbe481c98a

SHA512
e78658474d8cd7cc92f7af0995326b253e7925c9fa31f43666e9290de4c8e1ef443cf226d4013e671e147e42ec32c280da1fdf34c327123b6f6cd2638519e16c

Download Submit
C:\Users\Admin\Downloads\Discord Rat.txt:Zone.Identifier

Filesize
603B

MD5
4cf1351d6e76609ae42bd585ae6a248c

SHA1
12a965800185c0a1ba247f01b60167611564a77f

SHA256
e948647f3606bbc5b116789cf7e12c597c6a204ce97f1605cc21b2596b5bcbed

SHA512
f5d745fe789fec53e98169bde2a40cc3e1bcf3096a4fc802bee6a7e33ef74086b2a2cafc27cc5a83035d69475797c3dc67bd023528b0e13143b4bd2dd2da3048

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release.zip:Zone.Identifier

Filesize
603B

MD5
c24d62639f614aa17240e0d0d4aa2fbf

SHA1
5bd7a87e7d4fc21605ac00184a22c7ef46b819e2

SHA256
cb1e9fd24cfd803830361442d3c6918b3249af32f471edb41ebb1046f7f6e967

SHA512
2eb0c8908b9102abb66522ca605c5aa5cd3d2df288a09d230a7a559fe41f65b23aacf8076e6a0aba97b50c28624e69dd946a68b648e4466f06b3bb96bd27d732

Download Submit
memory/1060-761-0x00000274A6180000-0x00000274A6198000-memory.dmp

Filesize
96KB

Download
memory/1060-762-0x00000274C07E0000-0x00000274C09A2000-memory.dmp

Filesize
1.8MB

Download
memory/1060-763-0x00000274C0FE0000-0x00000274C1508000-memory.dmp

Filesize
5.2MB

Download
memory/3640-592-0x0000000000B50000-0x0000000000B58000-memory.dmp

Filesize
32KB

Download
memory/3640-593-0x0000000005C10000-0x00000000061B6000-memory.dmp

Filesize
5.6MB

Download
memory/3640-594-0x0000000005660000-0x00000000056F2000-memory.dmp

Filesize
584KB

Download
memory/3640-595-0x0000000005610000-0x000000000561A000-memory.dmp

Filesize
40KB

Download
memory/3640-596-0x0000000007FD0000-0x00000000080F2000-memory.dmp

Filesize
1.1MB

Download