discordrat | 712a42256cf7c2f28f3830dc2f75ee733da382fbe9d5aa16c6d725e893309e5a

Analysis

max time kernel
206s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

33f218bd11394698c4448e7ffa84c254
SHA1

f2a05b616b318007daf0cde3f938a706aeb27cde
SHA256

712a42256cf7c2f28f3830dc2f75ee733da382fbe9d5aa16c6d725e893309e5a
SHA512

94f339fd837b8529594c76c777a12da45066a99c4f047cd124d8465e3eaef7029e75a625eccf68e91bdb29c1ad2b827faaa005306de07fa28898f2dcfa6b5866
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0Mjg1MDk4NTg3Nzk2Njk4MQ.G0Waz3.y89y4wvxDnICewngCCu5gBaewpajwh45av-jE8
server_id
1242851356293992600

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
78	discord.com
80	discord.com
81	discord.com
7	discord.com
9	discord.com
25	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{FD5ED1B3-5D6F-47C1-9D63-82C238BC62C2}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2624	msedge.exe
2624	msedge.exe
5616	msedge.exe
5616	msedge.exe
4460	identity_helper.exe
4460	identity_helper.exe
752	msedge.exe
752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4736	Client-built.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5616 wrote to memory of 5460	5616	msedge.exe	99
PID 5616 wrote to memory of 5460	5616	msedge.exe	99
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 1804	5616	msedge.exe	100
PID 5616 wrote to memory of 2624	5616	msedge.exe	101
PID 5616 wrote to memory of 2624	5616	msedge.exe	101
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102
PID 5616 wrote to memory of 1888	5616	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa529146f8,0x7ffa52914708,0x7ffa52914718
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
40KB

MD5
0ea3c40e1faf37122a20a202e9b52714

SHA1
ac0d594878e4160c112d7f70b5c680523dcee1a4

SHA256
ad3eac09f7aaaed3059ec039ea0477af10919a4a9be9a8865dce7fd34776c8b0

SHA512
e19363456375a8b1a0887af217befabf3dfa5c6944b9b4b62a04d20ce6e5649af4309b86ecfaf061ebcf243011eef123c3f75ebf2dba32d18ce28140adbca52d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.2MB

MD5
81a63a086d1c0fb065b12ebecf8cd7f8

SHA1
4ae54a6f2a83df9c901b196a6c29c3436b3a3f0b

SHA256
706678b4abec74ac3221737a9c70bab8ea40cf26ee6a89cb321e6c1503fee0ce

SHA512
2d33384744684bb31c7a30b263d6d2a1fe7bdd3dbaca9867ec6955795e23e7ab5996137210c651c608c22b1d9800bc1a29ef933958fb57dcac2482e8d3922877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\091992996635d2f4_0

Filesize
246B

MD5
dc21f6bbde05195cf920cfb43a779063

SHA1
d8caeb6e2ab497573b52f7c167bc5f9a7b950657

SHA256
7455acbfaddbc8e1363309f02e6864c3ceca92302c665d32ba08723e96b1f5be

SHA512
5addb4794a029156b1e575b378c5b57569b92b8fd283a51b3249d0ef9c201b4e824310e223c93bd88489a50c6f7699a99e7e5ee76b0bafba68ce3ab43d1446e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7b0718cf36f292af213204c49dd7540f

SHA1
9829d6dcabec3f7fc8226106e973b9f041104d26

SHA256
9e8cf39d49aa86cebe3fcfef379a181f99eb9e3f295159d70a05106e18fd84f0

SHA512
eae78e768b367915fe37e77def05b0fb2817128f9064405f241bb86f398c6666630d3059559c2ffd0636020b81150598f0df3278c23e92d55b8826871b4f268f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
007533bb5aa1d9fe9387f17bab14227a

SHA1
a372c8f09c2dacb0bdd7e65c77299a5f72152987

SHA256
8604c83199fe248ba4369c6b1b7b1b8caaeff660a424513e5a2627086056346d

SHA512
95c1ca863779d464e412195a77a9809558da2d297ce4915e55b6f8ea0cfd6f78f185e9d4ae29dab3214c83f06e6df3bc933d8c49ad9b08b1c6ec7efc689e311e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ed6c8a54cf5276680bc29d52180c5a48

SHA1
91ac3b41c7b41ee930e68c831676c917d146344e

SHA256
4181ab0ee98f97a64d943c228548987bd37e789b63c1ee32371839297506fa08

SHA512
abfc019856ca3908ec9f7221a7954220b03e5e42a87c285ccbd00fd9bc0e524f69748010962973cc0b53de0bdf432d9f89f56776f769cbea17768b5f918192cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
e5514ec97c36a128b2462bb5d125d446

SHA1
d205f47350141d9f1deb79c0e5237abb494607d2

SHA256
28d19a614f3b9eff82fc1e44b321780fe5691045052497fc83a6e73471415fa4

SHA512
47ba537e2e6628036036e3db393ff4b04e65566f8bec9e01c80e87af066b0f3f12e35790732ae3eaffab44ff8c21f20ff2ec615293f1966c305428b288be61d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
aa16aa124823bf5b0ee8f37af3373d58

SHA1
86ad5769003dc238563a35897561963106b13f06

SHA256
adda4af490b12dc0783fe929773339f9d4d18e6674c1e7b678bd0eb8756e8d70

SHA512
8076806b16f3a8b5af0aefb875ab8f559fc545bc0ffe58e1476dc3eacb17f5a053497d82d7258a841fda3d1b3384a78b90fa0bb59c9882893f0b9016d7346bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
baa826e95e7f4de68af94cca5830a0e0

SHA1
e8db10135da00edff022ed3d82511338830502bc

SHA256
8cd9697f5fd417424ba59d4e73a92b78f60ca960491e3eaa68dccad1490efbef

SHA512
cd2f3e4951a4044048c82bfb7bef8f145cf4182d21be9b576836ee82f1946471e023d8aa1eb878dfa326146fa54177951e27b313ac8424a0a0c2d12d9ad013a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa9268e10583d4503b399ae9c818196e

SHA1
4a7014072bde1434ff060370723ea00183294fd1

SHA256
a14ae69995ab75be925c4578254c40f3641431a0483117a5a166f0dc32f48ada

SHA512
05a7be7b941cf175c280e0289627bd69a0b6f7fbf1882194a4863b808dcedb2e5b0415662691f16f781c90c2e45cc69781e475df9a6226b505ec4e0c7022005b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d067b7013ff57451f81209c6cb63029

SHA1
8215d9c728506b889692b41a8a50528efd1987fd

SHA256
c3d3c461409045814e3339a63b95e1d2086fef92843c93983fa97046ff44bd3e

SHA512
c8be827f0c8c3a82a8cceb0c81a66e00e4e174264bf212454004391632f963c1fc6c512e5e341cbf9df77264a2cb277548c818171e3263196ceae7173a666501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
7b4b1f29cb1f86a4947a9ff4605bdb11

SHA1
30d770f425840556417d8c05db856e2771fccbed

SHA256
704f853121b920c95b8bf3f5d189b5f5348555c4f4f7ffcde165b843f3b70449

SHA512
6094376bb70846675177db4441d52efb6c03049f74b0458b9ec095c262c4c6e8489e8835c7293ab7f9c454ffefba3f2a30ad6b0e81187b8afcc5e90f71b35fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
edc3099229aa5e98f5a858c5c42de333

SHA1
5baa907c91b6bfb0f855457e7ac2d6e65a3131f2

SHA256
dd05969bb0764b60bcefe8805de1bac312a39c10df5d7b07a8455d83eacaa98e

SHA512
a1bde2f3504050e605a81bb90da712a3174d70534c7dfaa34b118055321852dcf5a1242ec4f5ba99612fe6081025c49a2e69352734472d36352974c07212a8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2204de6b195a912cde2762a7fff4285a

SHA1
aac1485b625eb021ab4875cf49562761df5d379a

SHA256
e14b9a093dee64bdf86fbb8fc5eacc18924c5929e8c7dd90645e1d2878070c56

SHA512
d6187cbe2f7f4b930a9cec38e27f21658ad3b6fbaaf12c8a1d113a469d23b39a134434da899d454d22128f917e7dce12ea2210a89c62dd6fd85905c1cb0d0e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
49e312f6faeafbe49fc28f2a5345a127

SHA1
69028a8a2f7dd4e185ca53ddc8b08e8083851798

SHA256
0c91c52faf82d6f657f59d54d0f9884345e98320e24ea84602ac72072d4246e6

SHA512
ff28e0204712ec17e3f7192a8017c376714372f41690a7406ff346a7999e1cb2e2201c6cf8351f29d1bba2774b7da5ede538697b9184ae45b35993c2562e4302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
dd218d47c65510e610d08b960440af11

SHA1
446aae9eb028f98d8c903359d1fc9355030d4ce4

SHA256
74e37fb914001abcb8e54f0a37bdcb3d7cf6ce489e705e3625f0fb5f484f57d4

SHA512
bf2bc8dad8eb41acee45c24e19624f466f4ff87c1970d7cccabbcd8a1abd4e2e01996c9801b788848c396aa358cf44da3e69e3f8009971c6d808bcdd00573cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
198f6ce19374f13e265cdc8844617ee2

SHA1
cea6f60f9f7754f731be9696c6fa75ea871905b2

SHA256
ace82ee2a24ee3d9d4cf4a2a99c5a2feb2dcc7f97d48b92fc2093f23d7f8c704

SHA512
f1658485ec7fa0508d66ef7c4d77271c252b64c60074ec668501ede55fdd915b228211267e5d6e2b0a751976e5d3214327c15297c368fd3022ffbfa6cb4b1073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
19d756c975f2b9b550874191fb8ac2d7

SHA1
c06fa3ea2d3db0c881ec5d0f7eb6d74bc3639efc

SHA256
ddca80fde8275fee3ca037196577deaff3cccc59170781fe85a6373007ffbf59

SHA512
acc75421e883bf0dde9d18f58aa833f988582e047cdbd256ef6f65c4b92a07f87186529b49fc43838d3d5a99a408b62c8420fc452a77cae27b5cff1132f84d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
62d748dc8c0d81ab4327c7480b749b43

SHA1
aad8a807d8f73d498f7f7f1ed3671d79bfc9a893

SHA256
8161e852344c3290baf58f038ff3c23070dd3e35096f9d9466e8ce3870bb4dd7

SHA512
d04eabe2126b6b1e9c61b2984f57a5dd8bdb884566743914587150d58ec542a735897e36b728fe189b898a5a46c642e0ad1e5ccb77e403c7a8e000ff53a1c90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e4f4d5d62a1ed871acb38a562c793010

SHA1
5089e8117ee992749d222606fe48e4b959370de0

SHA256
f3a630769958ded5cec82ac4d2242d4810be343a88642a9d229645c71e5751a5

SHA512
12724b20708fab3a34d1bd5672d7856a967301cb082abdde50c424dcc7bc5abf82723ce0bd2170a7484df64eb7c1365d21ce1cb001655dbc33ede53b93755bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f4ab91be116c1ac1d573343b13f1326f

SHA1
e44b2883a163a514b1bcb80e8094f315d37ac40f

SHA256
8618813c3a15390f58be56b8c4208312388eb7a26a7fc6b4e99be1848687245d

SHA512
e3deadcb43fc3ba377891478802685a465598646c4da05c1a3f2b491749d1eebc02d13adc615855b261256dab41dd66e1f0915fca0d4d4d32f6f983916e779d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
89dee8054017591f723cd1773d7e28b9

SHA1
99cdfb966c8feace63935c7be32f442fa52f7721

SHA256
a7d86c02c237a75c98d3e1199b9b77ce836e388c480d508e1351ef6d9b0f454f

SHA512
ca050fd4e84684de504b8bf7570e5ec07c9b03274d59eda26abbaefda87f5ddfe81d26042bc70ac26517405789f18968dad34f7155e631d4065f76c9ac066940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
009a0fba66767a0b8e1539b30242d21e

SHA1
97e0941704858bf02bc962cb5abd5cdb2b4cf3ed

SHA256
94b93e140508fd7a4b59b9f3b2d40bf2901952e7150864c5e376db76aa294035

SHA512
a2d8419d352783d07c13520f882f70c2c86aa857d466c4f33ff70a24d590dbb44a4792e90895a685d36864da34895a71b9775324e89522c30b557dc15590fad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0e4876bbb34aad35f541c3ae2fc20058

SHA1
0a748cf16aafb893c46826794dc5f3dcd2c38679

SHA256
a1dee7388e438731a8a87f3ce0d4ecdb6b3b343fa5e9b8dddc4a5dac71e159fd

SHA512
68aee8b72d320226c0c299dea25d223ad33fb3790f5fc9acdffd457c20521281c3c6518b5027d6fe3de0636ebb16114f6a60dbc5dec4ec419ebc4a4cd0080877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b732a571ad13e939133a15105f8fba09

SHA1
eda987cf383b008bfe9b0a92e9cd285b91647ef6

SHA256
ba2125627d5cef45525dac16b9806231d53bbbf41ee985b439d1a29af6be6c67

SHA512
92526a4db15c45c1f9bc7fcbf19551d88166911d3d43200e9429536a270a341cb5d209024d34ffec056cbe21e53f89bbe0cca86aa253a04cdd198bf01ea6de2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c023.TMP

Filesize
1KB

MD5
ada1cb421b2fd98531979942481f2b56

SHA1
b90436b39e8e64a107cd7a6879108d6ad3670ebc

SHA256
22f8430b6dad79c8dfdef8bce4aed79225492e35a596368e9971454e1ba7f745

SHA512
ee3bfc36624a6652f3e13de9a925b85dba8b5f0648bfc65bce1eb356b6ccf3489b5a9da429ef64db4d60c8992be54940c5c594891bd4a7d79ad0084fa062aa72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c84a1dcf-c379-4b3a-8215-80e4712a10db.tmp

Filesize
5KB

MD5
1f6863bbe8325ccabad110a529e1493a

SHA1
d78fc6a388a00272c5e743c50d748237f3ab2ce5

SHA256
4d818dd65f916b67a925f6d959c5d7967a5c4ecbc643fbd3f597be9959fb2c3d

SHA512
be1512e7e0651651234eb70228591b6e24496ce05181e86dc3fbf52772f8fd31f32a88635d0b4650f5a72f25c2a7b90d68b8be49d68b82fe237e33a6ca8f18e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24a79550b3e2680bb08ee963d8db05bc

SHA1
b967c19e9b6f54f9daa564a53090fe52d0c9e1bc

SHA256
d46f5ed1f4053946321dc3c8ed163b39fdda68c36f101a72f51cd775dc48fdb0

SHA512
1b2bca12369915d5192f9a835dbf1fea4293df3151d8b1a26ea29ab6f4dfd7986aaf50d39d6e79f578af99412696e1d43c6337daa84f1fa3ed6066df18575aaa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4736-203-0x00007FFA58B13000-0x00007FFA58B15000-memory.dmp

Filesize
8KB

Download
memory/4736-4-0x00000144EB000000-0x00000144EB528000-memory.dmp

Filesize
5.2MB

Download
memory/4736-3-0x00007FFA58B10000-0x00007FFA595D1000-memory.dmp

Filesize
10.8MB

Download
memory/4736-2-0x00000144EA900000-0x00000144EAAC2000-memory.dmp

Filesize
1.8MB

Download
memory/4736-256-0x00007FFA58B10000-0x00007FFA595D1000-memory.dmp

Filesize
10.8MB

Download
memory/4736-0-0x00007FFA58B13000-0x00007FFA58B15000-memory.dmp

Filesize
8KB

Download
memory/4736-1-0x00000144E80C0000-0x00000144E80D8000-memory.dmp

Filesize
96KB

Download