discordrat | hxxps://github[.]com/sweedy2/DISCORD-HACKING-TOOL

Analysis

max time kernel
43s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/sweedy2/DISCORD-HACKING-TOOL

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
69	raw.githubusercontent.com
70	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3428	msedge.exe
3428	msedge.exe
2008	identity_helper.exe
2008	identity_helper.exe
5532	msedge.exe
5532	msedge.exe
5788	msedge.exe
5788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5208	Discord rat.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 2132	3428	msedge.exe	82
PID 3428 wrote to memory of 2132	3428	msedge.exe	82
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 1648	3428	msedge.exe	83
PID 3428 wrote to memory of 3448	3428	msedge.exe	84
PID 3428 wrote to memory of 3448	3428	msedge.exe	84
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85
PID 3428 wrote to memory of 1704	3428	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/sweedy2/DISCORD-HACKING-TOOL
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb2d46f8,0x7ffedb2d4708,0x7ffedb2d4718
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3029094651695149269,1212311971130700153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5744

C:\Users\Admin\Downloads\release (7)\builder.exe
"C:\Users\Admin\Downloads\release (7)\builder.exe"
1⤵
PID:6044

C:\Users\Admin\Downloads\release (7)\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release (7)\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f18034625638ac36de2bd1d0a881a16c

SHA1
c2af006996c5a18dd85e34c54123be362068a0a6

SHA256
5f8c75b121e2e9ef03a49cadb06b12322c66a874ca4d25ff862386e5af811408

SHA512
f7c34d4309de0004edea6e2abf844104511278f234f5a21373f82fc6f514748ba01d568d1e28d58afd92d4bbc9fb62c2faf827b5e0754599c01bfb9725b1a1ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
09fa6f8b68df89ae497fd2b96f275b2d

SHA1
2cf159d54d356aec80fd10d0b44cea934c36f047

SHA256
037ecf614a9514414add863b66724932f08d3f5e7c977deee72fdfa67b4d8ecf

SHA512
751bcdc0a99adec88c364584b55140ed0fa40eb627f68e150eda954d102bd3066abcde30ecb07594b88aff9de4943ea71174654e870dc4b3308e9c3fc7607207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20aa5303d930c9880853eb981bef235e

SHA1
3c437e58686e0daf640b38d146e71797e285b557

SHA256
fa10bf7976eec903e15266e030379092a07c454f35b77c1fb25e691e3573bc4c

SHA512
bb27c943e110ddeed922d3fb289843b6c11d32dcba93e8022c6532137d4b558644983d9ed9a483a8c1bac2a9ace503dc0c038db5a98eb4114238f77782f17756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47b0355874323082aac8e5f50d5cdc4d

SHA1
7dc4d30cfe0012e79142a9a6c98d6727c4c8cf82

SHA256
85416593bd3530e060f0d54158644d128cb2b5d1ec4e7632ebd8172a82e06a58

SHA512
0c7078102743c3d87b84c667be91525d38c9acf5b412312e15361547c564f3680c0588a73395cc1a6d6f560ed2b4d4fe95554ef1c540985979ae06aaeaecde88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3469796b41baf5a5f075e16e8b92ac6

SHA1
df88e1c20c6b64f090089ef0b02ac892fdd16a60

SHA256
2b6c14c3ce82b49bf6185b3b2da1060fe4ee521fd99caf5da7a4ce0e6402918e

SHA512
d5f07f23bbf57102d99c3a6e6cfde8e7b9393f6421bdfc844d9323fd9b9d7c590812beb9980528f6eacb4511884a3a0e783c8cdb8ddd0ac17647599764cc0890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579e63.TMP

Filesize
874B

MD5
366068aaebcbc284388131265a16d208

SHA1
144773c3f11a6d926699a8f4b3f3a37f8d8e748b

SHA256
493c6e70ef59e2b592ed2fe7e56c20ffd7bd5f83f4972442e38c3fcfc38e6ed0

SHA512
2be751e05e68edd7c548182c64ba30e1ce401b70329f52e819a26fc3b2501d679ef94d5b67f287f25d314f6f5da6049829fd5d6799327af8191ee6814aa60325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
17dacf7e3b620da69fbf409b5bb76ecc

SHA1
04f3ea74624df9d2476a8d9e9c066cb49203ee51

SHA256
82275a8f4663c5e6d9a1c1166542a782a24711608d577b258905c70ccde7b6c7

SHA512
f0b67412d7caf8237c845f062dd9129bbb248f395f14990622895123de18fe7ceb1e2e60dd9fa105f2c11b97cb22dc956805dca438958373c51a92f532793415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0c98aac096a2708383166acd4e91d5a9

SHA1
1f5426e56e989ac25351617c8841ca30fdc76b05

SHA256
1e683d05a7dcd313a9a7cf5c00140d811eb5d303bd4fa9a3e4d045d08c99340e

SHA512
f3b6a8d36588be5935556632d54ae93b0edda5b565f811697b62d0a743afa40db0111d3db225b9bd926944287e42b111fa5cec9ed56b20eecd7e3b2277dfb13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5c96f40aff337d061a9390df6b8f5087

SHA1
f919019cd6c7b990d4be0f560c775bce85e29902

SHA256
e461028ac506308ec05fe04424c4f7a1722366c46df754f191c8704228a3373f

SHA512
c3527e3a6ad90915ad8bdb9c169f0ed62c4a9b0e22f0834cbe030af074b37ff3f0d201245b4b60b3b3dafccb7265b4a10c13b1a71530475fb1d7a35a1f546826

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 488031.crdownload

Filesize
12.1MB

MD5
c783c73fd3b91ea1bc82d0505252baea

SHA1
bc18d717daa70f480ae1a18b3995adfc63800898

SHA256
66620a1b56658de7c44954cee362da73aad69a223cb65f5225e60bd4b2e11b51

SHA512
502210fd47bde3bf5a6c1e322b17f877c9e36076d0a36d6f732b54714541f66f8aec08f9f610f1ad6626ed3611fb11c2dc29637e62eb0d5dcc836778c2d28692

Download Submit
C:\Users\Admin\Downloads\release (7).zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
memory/5208-426-0x0000021EB65F0000-0x0000021EB6608000-memory.dmp

Filesize
96KB

Download
memory/5208-427-0x0000021ED0BD0000-0x0000021ED0D92000-memory.dmp

Filesize
1.8MB

Download
memory/5208-428-0x0000021ED1410000-0x0000021ED1938000-memory.dmp

Filesize
5.2MB

Download
memory/6044-422-0x0000000000D50000-0x0000000000D58000-memory.dmp

Filesize
32KB

Download
memory/6044-423-0x0000000005BF0000-0x0000000006194000-memory.dmp

Filesize
5.6MB

Download
memory/6044-424-0x0000000005740000-0x00000000057D2000-memory.dmp

Filesize
584KB

Download
memory/6044-425-0x0000000005800000-0x000000000580A000-memory.dmp

Filesize
40KB

Download