discordrat | 5ca1b63225d516cc2fbbab58f46a201ad695f59175fa0b0b232883fa4c8d4451

Analysis

max time kernel
150s
max time network
150s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04-06-2024 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

53c88c42cb214ae56feb46efbc8fa612
SHA1

1571d5ede48acd4f4b05b35dc89d17d3e1dddf86
SHA256

5ca1b63225d516cc2fbbab58f46a201ad695f59175fa0b0b232883fa4c8d4451
SHA512

ba3b933ba4dfb93047fb6e2583c45f31bbd9f850a0ce6a4292497ca9dd94dc22cbbefdc685788ebe85301959b55aef1bcb8171e278ffa195c67e46c16bc5edf3
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+ZPIC:5Zv5PDwbjNrmAE+pIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NzMwOTE4OTE1NjQzODE3OA.GyBRwL.etnypdqq4DQPf8gxEGfGPtRtl7SO9k3dlSUOEU
server_id
1247306459285291180

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Drops file in Windows directory 10 IoCs

Processes:

MicrosoftEdge.exetaskmgr.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{121225F3-7ACA-40F7-A588-685FA304A1A6} = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 89d65a6066b6da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c944545a66b6da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "424308920"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "423657469"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 95c87f5c66b6da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exe

pid	process
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

1576 taskmgr.exe

Suspicious behavior: MapViewOfSection 9 IoCs

Processes:

MicrosoftEdgeCP.exe

pid	process
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

Client-built.exetaskmgr.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	2092	Client-built.exe
Token: SeDebugPrivilege	1576	taskmgr.exe
Token: SeSystemProfilePrivilege	1576	taskmgr.exe
Token: SeCreateGlobalPrivilege	1576	taskmgr.exe
Token: SeDebugPrivilege	3868	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3868	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3868	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3868	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1364	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1364	MicrosoftEdgeCP.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exe

pid	process
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe
1576	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

4784 MicrosoftEdge.exe
4540 MicrosoftEdgeCP.exe
3868 MicrosoftEdgeCP.exe
4540 MicrosoftEdgeCP.exe

pid	process
4784	MicrosoftEdge.exe
4540	MicrosoftEdgeCP.exe
3868	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4724	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 3408	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 3408	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 3408	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4488	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4488	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4488	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4488	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4488	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4488	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2092

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1576

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "http://www.bing.com/search?q=Client-built.exe Discord rat"
1⤵
PID:3220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4784

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4464

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4540

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4724

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3408

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4472

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4488

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5004

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2L9UW053\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QENJ0G7Q\favicon-trans-bg-blue-mg[1].ico
Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QXXNXD7S\favicon[1].ico
Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1IROIAJR\github-f1af66156f94[1].css
Filesize
121KB

MD5
837cf1bcc858f007f7639fac65f6426d

SHA1
9b4377d76468d6786dde49e0521d173e633f7db3

SHA256
6ba40ac0936fe04a8fa60d907799d58d481ab153323d65b92ccc9219ccf6ba19

SHA512
f1af66156f947ecedc848f7ea645fb556da9a697d818a7a0c6daaa26530a42fa29d9be6f9fcc1ec5bb35ac81fd3e7b16b5e17a369965525acca3c44c8efbd19a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1IROIAJR\global-545513c45073[1].css
Filesize
277KB

MD5
00dd87ad233982361cfc87d246086590

SHA1
54ca129f85a02ced8e26ce325a7bbe36a11a6d5d

SHA256
b7251f9d9119c23f1a2a83192425003284c58d5b117f30c551c2617addaa42b5

SHA512
545513c450732d23237cc1844c0c0e07b92ca929c9f6dcae347e600217d83aeadd1d08e19eb76181343b9cf7ab37d1bfb2e2277e09944a66183a5cb176a32943

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1IROIAJR\primer-87f353b17355[1].css
Filesize
329KB

MD5
1732aea9daf5bfe3cdc102e90bf66de2

SHA1
007a102fe73f49de3474b348269cc73a21a0b564

SHA256
7374a1e61da8969c1e35f78558dcbb08e86fc3f990f886c118d4e192aef9d0e6

SHA512
87f353b17355a6bb57653dd1a8c0b193cc3e42c1b178ddc95fb3092258eec1b76f49c67422ce14a1bccdbff5f060c5171d2fdbead0dbd48272e0a74a9eb9b952

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1IROIAJR\repository-2e900f0ac288[1].css
Filesize
29KB

MD5
0e753444198d619939444d6f8d168f7c

SHA1
830a3b21b982bd016ace447462d1ffcd0e91c1f6

SHA256
93687313c07170c3ef1624982cdad4939f9ddbc088b24da5882dddaf1fff0058

SHA512
2e900f0ac288f08a8f9053cd191db0f007263da300cb50cad02ae785cdc1bc8debd76cefee03471f7ae6641ada999e765160e41fba8d812bc7ae668a84106e45

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAK079GD\dark-4589f64a2275[1].css
Filesize
48KB

MD5
f61d3d72b892ced3002fed1b6dae1a06

SHA1
efe5d615d7f12c1e089ed7e68238d3e161b7ef4b

SHA256
b459cea038df58dd56e1cc7df606193ea027792427343f4d35a535fb0e96ebcd

SHA512
4589f64a2275cb4827c2f43b254ce635913bf9eb54a20d479c2cd12b1c506105de508d551bad833ee1e9396c31e50a552d5186966ac974646e84330c3348161b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAK079GD\light-f552bab6ce72[1].css
Filesize
48KB

MD5
57b715fb666fb30b8734dc22bc74467d

SHA1
9fc81a5dceb105e5cc83b1b3b859d3f54b8ac898

SHA256
e9f53883f1a355c1c0eaf1e6c7e9a278da8cd726c7da7a5db462ebe436496d59

SHA512
f552bab6ce721c39d04a62d52ccb9d360387b45011a271807c7c677c45458ad0acd77c5f618a3172dddf0dec7d555f78e6d3b6217becbc97d28d62763f26da13

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\app_assets_modules_github_onfocus_ts-ui_packages_trusted-types-policies_policy_ts-ui_packages-6fe316-ae5060590d17[1].js
Filesize
12KB

MD5
ba2fde722e3ff133b37bd6a85f364f07

SHA1
d7dea7aa89bcf48333574cb52fea804acfdbbca9

SHA256
6156c5c471879744a2d427763da07685e0f96ec6b94839e402b5970d424c8b72

SHA512
ae5060590d171a3b900a3c2897f3cba129d0cf13f8852de0c24d390fc7d2bdf9186a254902549f536b1c42a8554d6cca1a9cfccee80691e77c3b67e8dc8c55aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\code-33498bbbf39d[1].css
Filesize
30KB

MD5
c33214069c8aaceb09d0bda33fc0dc53

SHA1
e048f70e3ec7acd9e07aceb3054b5946e57e0423

SHA256
dbe4579afad9456e07fd6eab0e4e0f6ef895e360fe26c5d4b3867f54081eabcc

SHA512
33498bbbf39d518a3b435bc1ba104a944183437fdc155a5dfaa6c4b3d67993b9e01661a416a53975889059e4a5d4a3ab164afb30634f6c6ffadee24d2893450b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\environment-2168885ea2b8[1].js
Filesize
12KB

MD5
9cc4cfdbadea1eb96bc923f120b5405a

SHA1
2c0051d7fda65f19b520fa7813ae87eac2e81e64

SHA256
3de027e86916dea9ccca9f0c9435cc20da1480bef2a797f6544074f462b1e5d7

SHA512
2168885ea2b8ab820cd72d6e85ec6d968a54db7f3a4135408e3411173bccf5c46fe49007ad553c7783873960881ccef4dac25e3a352c6efbae17180d0bb26ddf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\github-elements-d00866eeec16[1].js
Filesize
32KB

MD5
264b24f967a8d05dd0201218adc97de2

SHA1
ba486fd16e0b13f1b891e6cecf65bf25b6556589

SHA256
2f1a381361307258eee4659dd52c5ef9d5fd8323512c179c252834312d0fe2f6

SHA512
d00866eeec16979a57b083075deb93ec737a0d8d7547f7b1a5fd9af4787d49332d4f8e1be8d184a6081909ffea1bd86d10909b6867d185e0e33a140dc7d7e9e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_dompurify_dist_purify_js-810e4b1b9abd[1].js
Filesize
20KB

MD5
917054ff94af6b65ef610aa7b541865a

SHA1
ae699adc368c0bddf428d4f17cec479c6d96cd6c

SHA256
3b0d2012948870af14b480bed5535b34c5f7e649a2c9c13234c319fbf8d2d7db

SHA512
810e4b1b9abdcf5f10506f484ad38bc17cae973d1609d2d8d51bb4a8eb8d3c542cacfe6e4b1c31a062238087e216dfe4206064e8c1dc4cb5d961fc8e97a5a1ea

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_auto-complete-element_dist_index_js-node_modules_github_catalyst_-392fe4-1327b94f3269[1].js
Filesize
26KB

MD5
5ff54a67c72cc7fa84817e0fe75b510f

SHA1
1a1cf59fbe8d463ef12b0a5e1a11f0050e47e57a

SHA256
81a187c88d2cf527154d681ca1891c122b519035673689e706956ed74747e4b4

SHA512
1327b94f32699e098e60e1814a5ab921f75d4f594c1036974572b69d3b70b6a4179021afe9f55b70fd956e5f6c1223ddddeb4e0fda25c42f98aa25f581969bff

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-c238a4-c6bbd5d2c027[1].js
Filesize
106KB

MD5
45793c7e530c232258b2535acfe3c346

SHA1
cc1719f4f5ef907133733167cbbc2e362c052b76

SHA256
e084075330aa3d57644492b0609224ff9643d3bc0f18dbecabd85b736d7c1fad

SHA512
c6bbd5d2c027d8ee001fee77c63c30912dea9cfd67ab948f3d4c1530ffcf45116be8c9b7c0dee61379baefcfb27ad0d9b164c77e30ac7015838db04111aa95a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-b7d8f4-6e6f83bcc978[1].js
Filesize
18KB

MD5
c51750a26a33cf80e50f4a3d0aeb6892

SHA1
e98129a8f85a2630c649dc239a94d87eaf04ae4a

SHA256
9ea40b58c32c154e2cb17834f70f7bf8c6049bac1dcf640bbda8a8ba1e0f7670

SHA512
6e6f83bcc9782b534fb50f26d877fe691ced39bf579844a5f4667460de9d723d918d312f7f1454f29ab63bb9263f5364339f3022c8c33b8c7ce816e869f15eb7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_delegated-events_dist_in-b63d41-209f14258c8d[1].js
Filesize
17KB

MD5
66bbc8cd9047a60834eb7d2780b82305

SHA1
bc12a8439f2681fe5358327ad270416912b6a147

SHA256
88bda48a59ff29866ec711b693f23cbe44ca2cab539ea01ed2b5e18209bc6aeb

SHA512
209f14258c8d0da36404a07edc7cf13a13bcc48a0d9dd74ab3fba8c5db418b829f6e506c9e1cc19e4f4ec58802181538bb265607d25aabef2bb56fe74e1f1f35

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_relative-time-element_dist_index_js-c76945c5961a[1].js
Filesize
14KB

MD5
2cabd818fb8745b2fc7d5f92594269b8

SHA1
88108fecb3839f06671c2a21e35163e0e414b2b0

SHA256
55cdbee6ddce98f5c299a24fb9851501f46ff0cdd2ef3b2f7bb572a3940b462d

SHA512
c76945c5961a4f5b2cb1f85bd3cbb35d5e81f611c3ba05543acfe870728e94e9719c9331b65f4c2c8723960c5ac1e9cac0495a892f049b41ed3ffbe899b93700

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_selector-observer_dist_index_esm_js-9f960d9b217c[1].js
Filesize
9KB

MD5
683a7fe431bded8fbbf7b5189a1b8209

SHA1
2fb527473877ea06ec6b023690ce933c216c5d07

SHA256
f87c5b59b8f353c8762f2e44e1f82feafab882a96a0fad135dc6fc1555872ab3

SHA512
9f960d9b217c457d467a9510dd9797c4ec9df9a892c0a3e1746b2b87dca8ec191dc901e983bc509bc282004967b6fd588dbff5bf70bc7e20a5ca32bc7f1d772a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_text-expander-element_dist_index_js-b2135edb5ced[1].js
Filesize
11KB

MD5
3f5c04894f0202a67ec6f0354c1f9acd

SHA1
6a6bf35008b0121bb5806e68bd5f87b20ba72f17

SHA256
0dd1ec9da83fce11b3bfecf9aed67d4f33f7a1d4bd3f04dd1ed941f3b4c8b3fa

SHA512
b2135edb5cedb3b45ffb96906170b242918156621c0d13000d18ccffcd2f20c2f1e2827b391cbe89f499745b748ae99bc51b972b4234ba739624caa4d2e33862

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-4ac41d0a76fd[1].js
Filesize
9KB

MD5
4e684fa742abc9befc4748e8a4680586

SHA1
25129f277cfd66774a3c47db8b22c19b364bdc25

SHA256
97652a00703643a49de00ea59316fd488cf72429b599a62d7cfae464f7bf5a96

SHA512
4ac41d0a76fde41832af2c742d4a063ecea83aafd5233ec46f82938fd5ba06aebc0a69fe241df477fcdf08b1a8e6d6f02e0a42669a351ea50b3056ebc8eefc9d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-c7679f99a1f3[1].js
Filesize
8KB

MD5
f4c247ce967cbfd4ab3c833c9b82ab6c

SHA1
c3d38f4f6dac79bcb91b4fe0c3f8dabe23b5455f

SHA256
9934ea98e9391532afa53b20441b8a9157ca4914e33643be75172478a82c8e70

SHA512
c7679f99a1f36ab562986302c30fd1445585810dc1ebb2804a61c59384378af7f6a1a514dace66ae79e582baab7d882d47fb7f9081eb7d70061ccbd931ccba6f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_smoothscroll-polyfill_dist_smoothscroll_js-node_modules_stacktrace-parse-a448e4-f17a27f30529[1].js
Filesize
13KB

MD5
e7e4593fc2e398b643ac46f72fb64c2c

SHA1
ff807a2fffcf90fadc032dc284191da75b1a3b45

SHA256
c2aa448500cc9bf17d5b318607d25f1d7a27ff5a4d0bcd1fd72f09b24fe9c3dc

SHA512
f17a27f305292f98031a79ed141ca71b8881070db030000ff52c7519ab6af5ae65fc83fcddf5cdfecf903c9ec1633e8dd7f117590fb47a8fba3011afafe00132

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZQKAIKYF\Discord-RAT-2[1].htm
Filesize
284KB

MD5
4ae4d155a3d27f1b0a2798838a3ef9df

SHA1
a86c084a60da2416878b702c2edff9911c6e6543

SHA256
011aa545368a5d9915061d43254e446628f7dae02075af17255547e4f20a6b2c

SHA512
7ba697c4d0e24b2b788106b5615af2fd241e8c50d2fbc5390793dcaf158632661b94e68d5cf4caf7e3806745fd80bbcf6e77a45f4f31ff34f512111ed404d135

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZQKAIKYF\primer-primitives-4cbeaa0795ef[1].css
Filesize
7KB

MD5
f78dad1c29b12057a61e4031fd6cd307

SHA1
36953db7f8d8ef34aedf6d6a608287f1b93586f5

SHA256
6b4f34714b5e626392f944037b222b232adb545d407f96136d31934f685a0a5d

SHA512
4cbeaa0795eff125cd72798ad6d5db8682a910a200d54aa52dcfd3e8334f62a59eb4a2d7eec3158756bc196e66559f7e08a7282e7c507902b26891a6ce3eff09

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZQKAIKYF\wp-runtime-8c75c7ee40ca[1].js
Filesize
41KB

MD5
8d2f9380347592670dc50eed7b48f1a5

SHA1
3a42c5dcb09a7e1afdc376ff25317907771d3cc8

SHA256
8bd613d0e4a9d27a6e882e14b10e7c328230491b116061d583e367b90fb5467e

SHA512
8c75c7ee40caa3b14bfe1eeb410e5ff7339f0a99637d120cb9578c63a5dd0d22848817c093a09f08d51cabe81f262cdb44e83e27f98c955b49ad83d94adcf716

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9GT2IQ5F.cookie
Filesize
411B

MD5
00a63a4d3b2d2653fdaa5c667bb68091

SHA1
791b2ae2e3b7ead3a644aafaee479d8fb00af783

SHA256
73e265a596526b30978acefac63fc1caf6dffdca9a5d674d59be820c2263819e

SHA512
f4c4ab8fec05a4bd70afc7389d26990a18110a890573f0a94c40eb679ae4559053da504b801123271d5611fa484a8bef01ad4c636abdcb275c26e7c311514275

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BHHZEEMI.cookie
Filesize
102B

MD5
98b9a37f2abf20c9f4daf5fe8871edff

SHA1
d3ed941e154cfdcabe99bfffd385db915e330851

SHA256
6118393b9a7104cd366dd4b7f655ce258295ee497e854452acdc41cc353d0070

SHA512
9305e347fe1dea5d35e5177c753d5d29dc472053be089cf9f0d521b0c6c10b3019c87fc69b488ffeccde1c4e634f5c374d41a1c3d71995ccbe087cfa1a276880

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CXP4ZXXZ.cookie
Filesize
169B

MD5
25d8015bca711d01d40d9bfe4c7412a9

SHA1
256ca1719d440482c17744ac842c0c8648ef2a0e

SHA256
080278737d954e4aac67dc729782df53158603d31c072d48dd95371fb81b6859

SHA512
79891a3f139cb98c07f153f354ad3383bfd7b65abe3cd3ab28183ec71c6e44c67fda69ef67e782465e75d7730b6ebfa2511dc3aea8ab1190d9e6338cb077a08a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FUF0RZD3.cookie
Filesize
1KB

MD5
db3252a608a9383e407c53f20c10042b

SHA1
417fb2c98a7cca258e24b47f699f0cdd8e190964

SHA256
f58b02767925a5e661ff4d9e509875aa06910b47442bfa037a5b40ae5d66110c

SHA512
bc8f64898a556fee0bc7aeb7a6f580f94bf646f9b3863a48adb9a28cba1b3598282224fa0cbba65557adde9293ead2f742f7ab967c7260dd0110ab211e816420

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\M7TKB8LO.cookie
Filesize
1KB

MD5
d895c83afdef56443ab155ae189eaf23

SHA1
4d2f3a4973f93dcc875efebdedd0cb7b8059105f

SHA256
aba6d85235605d03ea2882b9ba42ff387786878cffb8deb59bc0b53ca576c13d

SHA512
c743e2500485cfdc56d66e899230156d011433613d63831ec7c80e8ecda4772a5af12ce4a84badb93aee78d34c9197bd9ef7b8c543696734465693954ef9e54b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C
Filesize
282B

MD5
c22d1c572553e8b7dd698e79da2a39e9

SHA1
0372823fc3d443228a2f0b7c9811d18b41e704e3

SHA256
cfd2c353e37ab80806b49bd4e618aaac8dd18e596d9c2a2daedaeed255d324bf

SHA512
0b16877c3f0bc9c84644947db315229ac208f08d6b51107bb03d7bf187e6933f326981503f40151e7fa84b531d04ac91ac684db46cd55b0a2ed0a875995f6e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
1KB

MD5
76d4d147245ce8da3cf3a4aff0bc5611

SHA1
edf7b96b65cbe3e3ba82799502871c790d9ebb78

SHA256
46d3ed9486f6c000d1e52b27979054fdbd340efe906522441306ea0c189276b6

SHA512
631a6e44a0b135335bfd4cba07fdebd7bd688379f4012b0d3219f36680d1b735572e69601c631d9a1137aa615a4afd3bb91087d04bde887bd1a1130fe46c5dd2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
979B

MD5
61c060748daca8556274bfabc587f30e

SHA1
05b5c3bd691071c2071f7864a15ba98f60cfacfc

SHA256
d3a4273f83db93b4afe9c06918806d71e6268a4b8b41cee65e047cfaa1af548f

SHA512
5a8566c72fa10bf6380096f57f5b3c638e347d4b40adb8706a50f84095d0047c39e72f1fe413f05c819cee4f84b6208d9702e2cbdc2f52e22321bb204edfc4ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
Filesize
314B

MD5
e4a6497c402dcdf41b5f7d0827824059

SHA1
16ef58b296d9251c6ac5fe3df1b8e71236d6f9b1

SHA256
98fc52bea0ac5a888ed498fe0cc68a85945c1579ac8f692bd6c059feca2342c5

SHA512
8892e41a174111b6913460c0124fd6d9b9c8b6d3cf44d5979d1d3fe0198bca245983d70f7ff94b0a49d4af309201509e2d30c60474ba07360880da8c8c41652a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C
Filesize
480B

MD5
5208a7de309fccc18cf9adbc0dc33f70

SHA1
bf9731b95511c21c79c2d741e68131f70aa61621

SHA256
314564d97e7a0a6deedcac5d347fa9ca9b4007967c3152146168ad00bedc32a0

SHA512
d1982d26aba766985bc9c77614b6cd403b3496fd84fbc84ad868ee79ebcc7fddf46c971ed74affe0390981d27fade1d96876da3b5979e07cfd95335bd1be6b92

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
482B

MD5
ba9a5b405eefd0e6a17601f74a998d7e

SHA1
0f72d7d8386c3e5001431f6116e3aa34cb957721

SHA256
cf8314d5ac03006fde50c2946c790a1b0012a183fa8a7c92cd41cbe014f738dd

SHA512
118626a0fa8d0ba42955506388439494e292ef5a2ff3f4b1d4ef0b7f3424c3f8359cfe1d9cb1e9252a999d56526f1dfb8cab7ba6bf012eaefd7c481533cbe0ea

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
480B

MD5
f65a4a38e8436ba57804aace1d5f4a29

SHA1
032d12085157653f83903ce1a516e229231c26a8

SHA256
da088d198fc0c076c34d26a1d8c7816da4f85c2405d30029398b680946aac169

SHA512
82b2dbd96cfa28586688a1bc0b72664cf14d0100aa70e6914cf2907835fbae52839854e1ef7f8fb5a5340f18aec1d8434debd689c108e1aaeda0aa18bcc21613

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
Filesize
404B

MD5
1a60e52c94480c07a15e33664e9b08e4

SHA1
f1cd305f42c6af9416b0b9ba06b60149cc1ff3a0

SHA256
c27f51d6c9eff4eab219411dc4b89bf3af530e2250f97a3dc74bb27416ee37f5

SHA512
2018245406e4c81f7467624f4564368eb562291e2c7ebe052d4f214fc5fc1b9bdc61438d0f74bb9fd9ec6a81d5941f068795cc252d4c5c780ff246eca80b8862

Download Submit
memory/2092-0-0x000001782C9F0000-0x000001782CA08000-memory.dmp

Filesize
96KB

Download
memory/2092-10-0x00007FFA77890000-0x00007FFA7827C000-memory.dmp

Filesize
9.9MB

Download
memory/2092-4-0x00000178478F0000-0x0000017847E16000-memory.dmp

Filesize
5.1MB

Download
memory/2092-3-0x00007FFA77890000-0x00007FFA7827C000-memory.dmp

Filesize
9.9MB

Download
memory/2092-2-0x00000178470F0000-0x00000178472B2000-memory.dmp

Filesize
1.8MB

Download
memory/2092-1-0x00007FFA77893000-0x00007FFA77894000-memory.dmp

Filesize
4KB

Download
memory/3868-56-0x0000021D4EC00000-0x0000021D4ED00000-memory.dmp

Filesize
1024KB

Download
memory/3868-55-0x0000021D4EC00000-0x0000021D4ED00000-memory.dmp

Filesize
1024KB

Download
memory/4724-67-0x000001BE89B00000-0x000001BE89C00000-memory.dmp

Filesize
1024KB

Download
memory/4724-73-0x000001BE9AAC0000-0x000001BE9AAC2000-memory.dmp

Filesize
8KB

Download
memory/4724-99-0x000001BE9B140000-0x000001BE9B142000-memory.dmp

Filesize
8KB

Download
memory/4724-101-0x000001BE9B160000-0x000001BE9B162000-memory.dmp

Filesize
8KB

Download
memory/4724-97-0x000001BE99F20000-0x000001BE99F40000-memory.dmp

Filesize
128KB

Download
memory/4724-94-0x000001BE9A1A0000-0x000001BE9A2A0000-memory.dmp

Filesize
1024KB

Download
memory/4724-85-0x000001BE9AE10000-0x000001BE9AE12000-memory.dmp

Filesize
8KB

Download
memory/4724-87-0x000001BE9AE30000-0x000001BE9AE32000-memory.dmp

Filesize
8KB

Download
memory/4724-83-0x000001BE9AC50000-0x000001BE9AC52000-memory.dmp

Filesize
8KB

Download
memory/4724-81-0x000001BE9AC30000-0x000001BE9AC32000-memory.dmp

Filesize
8KB

Download
memory/4724-79-0x000001BE9AC10000-0x000001BE9AC12000-memory.dmp

Filesize
8KB

Download
memory/4724-77-0x000001BE9AC00000-0x000001BE9AC02000-memory.dmp

Filesize
8KB

Download
memory/4724-75-0x000001BE9AAE0000-0x000001BE9AAE2000-memory.dmp

Filesize
8KB

Download
memory/4724-384-0x000001BE9C600000-0x000001BE9C700000-memory.dmp

Filesize
1024KB

Download
memory/4724-254-0x000001BE9C600000-0x000001BE9C700000-memory.dmp

Filesize
1024KB

Download
memory/4724-69-0x000001BE89B00000-0x000001BE89C00000-memory.dmp

Filesize
1024KB

Download
memory/4724-68-0x000001BE89B00000-0x000001BE89C00000-memory.dmp

Filesize
1024KB

Download
memory/4724-499-0x000001BE9C1F0000-0x000001BE9C1F2000-memory.dmp

Filesize
8KB

Download
memory/4724-141-0x000001BE9B1C0000-0x000001BE9B1E0000-memory.dmp

Filesize
128KB

Download
memory/4724-497-0x000001BE9BFF0000-0x000001BE9BFF2000-memory.dmp

Filesize
8KB

Download
memory/4724-517-0x000001BE9B170000-0x000001BE9B190000-memory.dmp

Filesize
128KB

Download
memory/4724-253-0x000001BE89B00000-0x000001BE89C00000-memory.dmp

Filesize
1024KB

Download
memory/4784-11-0x000001D7DFA20000-0x000001D7DFA30000-memory.dmp

Filesize
64KB

Download
memory/4784-27-0x000001D7DFB20000-0x000001D7DFB30000-memory.dmp

Filesize
64KB

Download
memory/4784-46-0x000001D7DEB40000-0x000001D7DEB42000-memory.dmp

Filesize
8KB

Download
memory/4784-112-0x000001D7E6910000-0x000001D7E6911000-memory.dmp

Filesize
4KB

Download
memory/4784-113-0x000001D7E6920000-0x000001D7E6921000-memory.dmp

Filesize
4KB

Download