Overview

overview

10

Static

static

10

Client-built.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04-06-2024 10:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    53c88c42cb214ae56feb46efbc8fa612

  • SHA1

    1571d5ede48acd4f4b05b35dc89d17d3e1dddf86

  • SHA256

    5ca1b63225d516cc2fbbab58f46a201ad695f59175fa0b0b232883fa4c8d4451

  • SHA512

    ba3b933ba4dfb93047fb6e2583c45f31bbd9f850a0ce6a4292497ca9dd94dc22cbbefdc685788ebe85301959b55aef1bcb8171e278ffa195c67e46c16bc5edf3

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+ZPIC:5Zv5PDwbjNrmAE+pIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0NzMwOTE4OTE1NjQzODE3OA.GyBRwL.etnypdqq4DQPf8gxEGfGPtRtl7SO9k3dlSUOEU

  • server_id

    1247306459285291180

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Drops file in Windows directory 10 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2092
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1576
  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "http://www.bing.com/search?q=Client-built.exe Discord rat"
    1⤵
      PID:3220
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4784
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:4464
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4540
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3868
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4724
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3408
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1364
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4472
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4488
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:5004

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2L9UW053\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QENJ0G7Q\favicon-trans-bg-blue-mg[1].ico
      Filesize

      4KB

      MD5

      30967b1b52cb6df18a8af8fcc04f83c9

      SHA1

      aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

      SHA256

      439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

      SHA512

      7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QXXNXD7S\favicon[1].ico
      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1IROIAJR\github-f1af66156f94[1].css
      Filesize

      121KB

      MD5

      837cf1bcc858f007f7639fac65f6426d

      SHA1

      9b4377d76468d6786dde49e0521d173e633f7db3

      SHA256

      6ba40ac0936fe04a8fa60d907799d58d481ab153323d65b92ccc9219ccf6ba19

      SHA512

      f1af66156f947ecedc848f7ea645fb556da9a697d818a7a0c6daaa26530a42fa29d9be6f9fcc1ec5bb35ac81fd3e7b16b5e17a369965525acca3c44c8efbd19a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1IROIAJR\global-545513c45073[1].css
      Filesize

      277KB

      MD5

      00dd87ad233982361cfc87d246086590

      SHA1

      54ca129f85a02ced8e26ce325a7bbe36a11a6d5d

      SHA256

      b7251f9d9119c23f1a2a83192425003284c58d5b117f30c551c2617addaa42b5

      SHA512

      545513c450732d23237cc1844c0c0e07b92ca929c9f6dcae347e600217d83aeadd1d08e19eb76181343b9cf7ab37d1bfb2e2277e09944a66183a5cb176a32943

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1IROIAJR\primer-87f353b17355[1].css
      Filesize

      329KB

      MD5

      1732aea9daf5bfe3cdc102e90bf66de2

      SHA1

      007a102fe73f49de3474b348269cc73a21a0b564

      SHA256

      7374a1e61da8969c1e35f78558dcbb08e86fc3f990f886c118d4e192aef9d0e6

      SHA512

      87f353b17355a6bb57653dd1a8c0b193cc3e42c1b178ddc95fb3092258eec1b76f49c67422ce14a1bccdbff5f060c5171d2fdbead0dbd48272e0a74a9eb9b952

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1IROIAJR\repository-2e900f0ac288[1].css
      Filesize

      29KB

      MD5

      0e753444198d619939444d6f8d168f7c

      SHA1

      830a3b21b982bd016ace447462d1ffcd0e91c1f6

      SHA256

      93687313c07170c3ef1624982cdad4939f9ddbc088b24da5882dddaf1fff0058

      SHA512

      2e900f0ac288f08a8f9053cd191db0f007263da300cb50cad02ae785cdc1bc8debd76cefee03471f7ae6641ada999e765160e41fba8d812bc7ae668a84106e45

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAK079GD\dark-4589f64a2275[1].css
      Filesize

      48KB

      MD5

      f61d3d72b892ced3002fed1b6dae1a06

      SHA1

      efe5d615d7f12c1e089ed7e68238d3e161b7ef4b

      SHA256

      b459cea038df58dd56e1cc7df606193ea027792427343f4d35a535fb0e96ebcd

      SHA512

      4589f64a2275cb4827c2f43b254ce635913bf9eb54a20d479c2cd12b1c506105de508d551bad833ee1e9396c31e50a552d5186966ac974646e84330c3348161b

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAK079GD\light-f552bab6ce72[1].css
      Filesize

      48KB

      MD5

      57b715fb666fb30b8734dc22bc74467d

      SHA1

      9fc81a5dceb105e5cc83b1b3b859d3f54b8ac898

      SHA256

      e9f53883f1a355c1c0eaf1e6c7e9a278da8cd726c7da7a5db462ebe436496d59

      SHA512

      f552bab6ce721c39d04a62d52ccb9d360387b45011a271807c7c677c45458ad0acd77c5f618a3172dddf0dec7d555f78e6d3b6217becbc97d28d62763f26da13

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\app_assets_modules_github_onfocus_ts-ui_packages_trusted-types-policies_policy_ts-ui_packages-6fe316-ae5060590d17[1].js
      Filesize

      12KB

      MD5

      ba2fde722e3ff133b37bd6a85f364f07

      SHA1

      d7dea7aa89bcf48333574cb52fea804acfdbbca9

      SHA256

      6156c5c471879744a2d427763da07685e0f96ec6b94839e402b5970d424c8b72

      SHA512

      ae5060590d171a3b900a3c2897f3cba129d0cf13f8852de0c24d390fc7d2bdf9186a254902549f536b1c42a8554d6cca1a9cfccee80691e77c3b67e8dc8c55aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\code-33498bbbf39d[1].css
      Filesize

      30KB

      MD5

      c33214069c8aaceb09d0bda33fc0dc53

      SHA1

      e048f70e3ec7acd9e07aceb3054b5946e57e0423

      SHA256

      dbe4579afad9456e07fd6eab0e4e0f6ef895e360fe26c5d4b3867f54081eabcc

      SHA512

      33498bbbf39d518a3b435bc1ba104a944183437fdc155a5dfaa6c4b3d67993b9e01661a416a53975889059e4a5d4a3ab164afb30634f6c6ffadee24d2893450b

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\environment-2168885ea2b8[1].js
      Filesize

      12KB

      MD5

      9cc4cfdbadea1eb96bc923f120b5405a

      SHA1

      2c0051d7fda65f19b520fa7813ae87eac2e81e64

      SHA256

      3de027e86916dea9ccca9f0c9435cc20da1480bef2a797f6544074f462b1e5d7

      SHA512

      2168885ea2b8ab820cd72d6e85ec6d968a54db7f3a4135408e3411173bccf5c46fe49007ad553c7783873960881ccef4dac25e3a352c6efbae17180d0bb26ddf

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\github-elements-d00866eeec16[1].js
      Filesize

      32KB

      MD5

      264b24f967a8d05dd0201218adc97de2

      SHA1

      ba486fd16e0b13f1b891e6cecf65bf25b6556589

      SHA256

      2f1a381361307258eee4659dd52c5ef9d5fd8323512c179c252834312d0fe2f6

      SHA512

      d00866eeec16979a57b083075deb93ec737a0d8d7547f7b1a5fd9af4787d49332d4f8e1be8d184a6081909ffea1bd86d10909b6867d185e0e33a140dc7d7e9e0

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_dompurify_dist_purify_js-810e4b1b9abd[1].js
      Filesize

      20KB

      MD5

      917054ff94af6b65ef610aa7b541865a

      SHA1

      ae699adc368c0bddf428d4f17cec479c6d96cd6c

      SHA256

      3b0d2012948870af14b480bed5535b34c5f7e649a2c9c13234c319fbf8d2d7db

      SHA512

      810e4b1b9abdcf5f10506f484ad38bc17cae973d1609d2d8d51bb4a8eb8d3c542cacfe6e4b1c31a062238087e216dfe4206064e8c1dc4cb5d961fc8e97a5a1ea

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_auto-complete-element_dist_index_js-node_modules_github_catalyst_-392fe4-1327b94f3269[1].js
      Filesize

      26KB

      MD5

      5ff54a67c72cc7fa84817e0fe75b510f

      SHA1

      1a1cf59fbe8d463ef12b0a5e1a11f0050e47e57a

      SHA256

      81a187c88d2cf527154d681ca1891c122b519035673689e706956ed74747e4b4

      SHA512

      1327b94f32699e098e60e1814a5ab921f75d4f594c1036974572b69d3b70b6a4179021afe9f55b70fd956e5f6c1223ddddeb4e0fda25c42f98aa25f581969bff

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-c238a4-c6bbd5d2c027[1].js
      Filesize

      106KB

      MD5

      45793c7e530c232258b2535acfe3c346

      SHA1

      cc1719f4f5ef907133733167cbbc2e362c052b76

      SHA256

      e084075330aa3d57644492b0609224ff9643d3bc0f18dbecabd85b736d7c1fad

      SHA512

      c6bbd5d2c027d8ee001fee77c63c30912dea9cfd67ab948f3d4c1530ffcf45116be8c9b7c0dee61379baefcfb27ad0d9b164c77e30ac7015838db04111aa95a9

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-b7d8f4-6e6f83bcc978[1].js
      Filesize

      18KB

      MD5

      c51750a26a33cf80e50f4a3d0aeb6892

      SHA1

      e98129a8f85a2630c649dc239a94d87eaf04ae4a

      SHA256

      9ea40b58c32c154e2cb17834f70f7bf8c6049bac1dcf640bbda8a8ba1e0f7670

      SHA512

      6e6f83bcc9782b534fb50f26d877fe691ced39bf579844a5f4667460de9d723d918d312f7f1454f29ab63bb9263f5364339f3022c8c33b8c7ce816e869f15eb7

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_delegated-events_dist_in-b63d41-209f14258c8d[1].js
      Filesize

      17KB

      MD5

      66bbc8cd9047a60834eb7d2780b82305

      SHA1

      bc12a8439f2681fe5358327ad270416912b6a147

      SHA256

      88bda48a59ff29866ec711b693f23cbe44ca2cab539ea01ed2b5e18209bc6aeb

      SHA512

      209f14258c8d0da36404a07edc7cf13a13bcc48a0d9dd74ab3fba8c5db418b829f6e506c9e1cc19e4f4ec58802181538bb265607d25aabef2bb56fe74e1f1f35

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_relative-time-element_dist_index_js-c76945c5961a[1].js
      Filesize

      14KB

      MD5

      2cabd818fb8745b2fc7d5f92594269b8

      SHA1

      88108fecb3839f06671c2a21e35163e0e414b2b0

      SHA256

      55cdbee6ddce98f5c299a24fb9851501f46ff0cdd2ef3b2f7bb572a3940b462d

      SHA512

      c76945c5961a4f5b2cb1f85bd3cbb35d5e81f611c3ba05543acfe870728e94e9719c9331b65f4c2c8723960c5ac1e9cac0495a892f049b41ed3ffbe899b93700

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_selector-observer_dist_index_esm_js-9f960d9b217c[1].js
      Filesize

      9KB

      MD5

      683a7fe431bded8fbbf7b5189a1b8209

      SHA1

      2fb527473877ea06ec6b023690ce933c216c5d07

      SHA256

      f87c5b59b8f353c8762f2e44e1f82feafab882a96a0fad135dc6fc1555872ab3

      SHA512

      9f960d9b217c457d467a9510dd9797c4ec9df9a892c0a3e1746b2b87dca8ec191dc901e983bc509bc282004967b6fd588dbff5bf70bc7e20a5ca32bc7f1d772a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_github_text-expander-element_dist_index_js-b2135edb5ced[1].js
      Filesize

      11KB

      MD5

      3f5c04894f0202a67ec6f0354c1f9acd

      SHA1

      6a6bf35008b0121bb5806e68bd5f87b20ba72f17

      SHA256

      0dd1ec9da83fce11b3bfecf9aed67d4f33f7a1d4bd3f04dd1ed941f3b4c8b3fa

      SHA512

      b2135edb5cedb3b45ffb96906170b242918156621c0d13000d18ccffcd2f20c2f1e2827b391cbe89f499745b748ae99bc51b972b4234ba739624caa4d2e33862

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-4ac41d0a76fd[1].js
      Filesize

      9KB

      MD5

      4e684fa742abc9befc4748e8a4680586

      SHA1

      25129f277cfd66774a3c47db8b22c19b364bdc25

      SHA256

      97652a00703643a49de00ea59316fd488cf72429b599a62d7cfae464f7bf5a96

      SHA512

      4ac41d0a76fde41832af2c742d4a063ecea83aafd5233ec46f82938fd5ba06aebc0a69fe241df477fcdf08b1a8e6d6f02e0a42669a351ea50b3056ebc8eefc9d

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-c7679f99a1f3[1].js
      Filesize

      8KB

      MD5

      f4c247ce967cbfd4ab3c833c9b82ab6c

      SHA1

      c3d38f4f6dac79bcb91b4fe0c3f8dabe23b5455f

      SHA256

      9934ea98e9391532afa53b20441b8a9157ca4914e33643be75172478a82c8e70

      SHA512

      c7679f99a1f36ab562986302c30fd1445585810dc1ebb2804a61c59384378af7f6a1a514dace66ae79e582baab7d882d47fb7f9081eb7d70061ccbd931ccba6f

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GINHEUDD\vendors-node_modules_smoothscroll-polyfill_dist_smoothscroll_js-node_modules_stacktrace-parse-a448e4-f17a27f30529[1].js
      Filesize

      13KB

      MD5

      e7e4593fc2e398b643ac46f72fb64c2c

      SHA1

      ff807a2fffcf90fadc032dc284191da75b1a3b45

      SHA256

      c2aa448500cc9bf17d5b318607d25f1d7a27ff5a4d0bcd1fd72f09b24fe9c3dc

      SHA512

      f17a27f305292f98031a79ed141ca71b8881070db030000ff52c7519ab6af5ae65fc83fcddf5cdfecf903c9ec1633e8dd7f117590fb47a8fba3011afafe00132

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZQKAIKYF\Discord-RAT-2[1].htm
      Filesize

      284KB

      MD5

      4ae4d155a3d27f1b0a2798838a3ef9df

      SHA1

      a86c084a60da2416878b702c2edff9911c6e6543

      SHA256

      011aa545368a5d9915061d43254e446628f7dae02075af17255547e4f20a6b2c

      SHA512

      7ba697c4d0e24b2b788106b5615af2fd241e8c50d2fbc5390793dcaf158632661b94e68d5cf4caf7e3806745fd80bbcf6e77a45f4f31ff34f512111ed404d135

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZQKAIKYF\primer-primitives-4cbeaa0795ef[1].css
      Filesize

      7KB

      MD5

      f78dad1c29b12057a61e4031fd6cd307

      SHA1

      36953db7f8d8ef34aedf6d6a608287f1b93586f5

      SHA256

      6b4f34714b5e626392f944037b222b232adb545d407f96136d31934f685a0a5d

      SHA512

      4cbeaa0795eff125cd72798ad6d5db8682a910a200d54aa52dcfd3e8334f62a59eb4a2d7eec3158756bc196e66559f7e08a7282e7c507902b26891a6ce3eff09

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZQKAIKYF\wp-runtime-8c75c7ee40ca[1].js
      Filesize

      41KB

      MD5

      8d2f9380347592670dc50eed7b48f1a5

      SHA1

      3a42c5dcb09a7e1afdc376ff25317907771d3cc8

      SHA256

      8bd613d0e4a9d27a6e882e14b10e7c328230491b116061d583e367b90fb5467e

      SHA512

      8c75c7ee40caa3b14bfe1eeb410e5ff7339f0a99637d120cb9578c63a5dd0d22848817c093a09f08d51cabe81f262cdb44e83e27f98c955b49ad83d94adcf716

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9GT2IQ5F.cookie
      Filesize

      411B

      MD5

      00a63a4d3b2d2653fdaa5c667bb68091

      SHA1

      791b2ae2e3b7ead3a644aafaee479d8fb00af783

      SHA256

      73e265a596526b30978acefac63fc1caf6dffdca9a5d674d59be820c2263819e

      SHA512

      f4c4ab8fec05a4bd70afc7389d26990a18110a890573f0a94c40eb679ae4559053da504b801123271d5611fa484a8bef01ad4c636abdcb275c26e7c311514275

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BHHZEEMI.cookie
      Filesize

      102B

      MD5

      98b9a37f2abf20c9f4daf5fe8871edff

      SHA1

      d3ed941e154cfdcabe99bfffd385db915e330851

      SHA256

      6118393b9a7104cd366dd4b7f655ce258295ee497e854452acdc41cc353d0070

      SHA512

      9305e347fe1dea5d35e5177c753d5d29dc472053be089cf9f0d521b0c6c10b3019c87fc69b488ffeccde1c4e634f5c374d41a1c3d71995ccbe087cfa1a276880

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CXP4ZXXZ.cookie
      Filesize

      169B

      MD5

      25d8015bca711d01d40d9bfe4c7412a9

      SHA1

      256ca1719d440482c17744ac842c0c8648ef2a0e

      SHA256

      080278737d954e4aac67dc729782df53158603d31c072d48dd95371fb81b6859

      SHA512

      79891a3f139cb98c07f153f354ad3383bfd7b65abe3cd3ab28183ec71c6e44c67fda69ef67e782465e75d7730b6ebfa2511dc3aea8ab1190d9e6338cb077a08a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FUF0RZD3.cookie
      Filesize

      1KB

      MD5

      db3252a608a9383e407c53f20c10042b

      SHA1

      417fb2c98a7cca258e24b47f699f0cdd8e190964

      SHA256

      f58b02767925a5e661ff4d9e509875aa06910b47442bfa037a5b40ae5d66110c

      SHA512

      bc8f64898a556fee0bc7aeb7a6f580f94bf646f9b3863a48adb9a28cba1b3598282224fa0cbba65557adde9293ead2f742f7ab967c7260dd0110ab211e816420

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\M7TKB8LO.cookie
      Filesize

      1KB

      MD5

      d895c83afdef56443ab155ae189eaf23

      SHA1

      4d2f3a4973f93dcc875efebdedd0cb7b8059105f

      SHA256

      aba6d85235605d03ea2882b9ba42ff387786878cffb8deb59bc0b53ca576c13d

      SHA512

      c743e2500485cfdc56d66e899230156d011433613d63831ec7c80e8ecda4772a5af12ce4a84badb93aee78d34c9197bd9ef7b8c543696734465693954ef9e54b

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C
      Filesize

      282B

      MD5

      c22d1c572553e8b7dd698e79da2a39e9

      SHA1

      0372823fc3d443228a2f0b7c9811d18b41e704e3

      SHA256

      cfd2c353e37ab80806b49bd4e618aaac8dd18e596d9c2a2daedaeed255d324bf

      SHA512

      0b16877c3f0bc9c84644947db315229ac208f08d6b51107bb03d7bf187e6933f326981503f40151e7fa84b531d04ac91ac684db46cd55b0a2ed0a875995f6e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
      Filesize

      1KB

      MD5

      76d4d147245ce8da3cf3a4aff0bc5611

      SHA1

      edf7b96b65cbe3e3ba82799502871c790d9ebb78

      SHA256

      46d3ed9486f6c000d1e52b27979054fdbd340efe906522441306ea0c189276b6

      SHA512

      631a6e44a0b135335bfd4cba07fdebd7bd688379f4012b0d3219f36680d1b735572e69601c631d9a1137aa615a4afd3bb91087d04bde887bd1a1130fe46c5dd2

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
      Filesize

      979B

      MD5

      61c060748daca8556274bfabc587f30e

      SHA1

      05b5c3bd691071c2071f7864a15ba98f60cfacfc

      SHA256

      d3a4273f83db93b4afe9c06918806d71e6268a4b8b41cee65e047cfaa1af548f

      SHA512

      5a8566c72fa10bf6380096f57f5b3c638e347d4b40adb8706a50f84095d0047c39e72f1fe413f05c819cee4f84b6208d9702e2cbdc2f52e22321bb204edfc4ec

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
      Filesize

      314B

      MD5

      e4a6497c402dcdf41b5f7d0827824059

      SHA1

      16ef58b296d9251c6ac5fe3df1b8e71236d6f9b1

      SHA256

      98fc52bea0ac5a888ed498fe0cc68a85945c1579ac8f692bd6c059feca2342c5

      SHA512

      8892e41a174111b6913460c0124fd6d9b9c8b6d3cf44d5979d1d3fe0198bca245983d70f7ff94b0a49d4af309201509e2d30c60474ba07360880da8c8c41652a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C
      Filesize

      480B

      MD5

      5208a7de309fccc18cf9adbc0dc33f70

      SHA1

      bf9731b95511c21c79c2d741e68131f70aa61621

      SHA256

      314564d97e7a0a6deedcac5d347fa9ca9b4007967c3152146168ad00bedc32a0

      SHA512

      d1982d26aba766985bc9c77614b6cd403b3496fd84fbc84ad868ee79ebcc7fddf46c971ed74affe0390981d27fade1d96876da3b5979e07cfd95335bd1be6b92

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
      Filesize

      482B

      MD5

      ba9a5b405eefd0e6a17601f74a998d7e

      SHA1

      0f72d7d8386c3e5001431f6116e3aa34cb957721

      SHA256

      cf8314d5ac03006fde50c2946c790a1b0012a183fa8a7c92cd41cbe014f738dd

      SHA512

      118626a0fa8d0ba42955506388439494e292ef5a2ff3f4b1d4ef0b7f3424c3f8359cfe1d9cb1e9252a999d56526f1dfb8cab7ba6bf012eaefd7c481533cbe0ea

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
      Filesize

      480B

      MD5

      f65a4a38e8436ba57804aace1d5f4a29

      SHA1

      032d12085157653f83903ce1a516e229231c26a8

      SHA256

      da088d198fc0c076c34d26a1d8c7816da4f85c2405d30029398b680946aac169

      SHA512

      82b2dbd96cfa28586688a1bc0b72664cf14d0100aa70e6914cf2907835fbae52839854e1ef7f8fb5a5340f18aec1d8434debd689c108e1aaeda0aa18bcc21613

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
      Filesize

      404B

      MD5

      1a60e52c94480c07a15e33664e9b08e4

      SHA1

      f1cd305f42c6af9416b0b9ba06b60149cc1ff3a0

      SHA256

      c27f51d6c9eff4eab219411dc4b89bf3af530e2250f97a3dc74bb27416ee37f5

      SHA512

      2018245406e4c81f7467624f4564368eb562291e2c7ebe052d4f214fc5fc1b9bdc61438d0f74bb9fd9ec6a81d5941f068795cc252d4c5c780ff246eca80b8862

      Download Submit

    • memory/2092-0-0x000001782C9F0000-0x000001782CA08000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2092-10-0x00007FFA77890000-0x00007FFA7827C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2092-4-0x00000178478F0000-0x0000017847E16000-memory.dmp

      Filesize

      5.1MB

      Download

    • memory/2092-3-0x00007FFA77890000-0x00007FFA7827C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2092-2-0x00000178470F0000-0x00000178472B2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2092-1-0x00007FFA77893000-0x00007FFA77894000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3868-56-0x0000021D4EC00000-0x0000021D4ED00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3868-55-0x0000021D4EC00000-0x0000021D4ED00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4724-67-0x000001BE89B00000-0x000001BE89C00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4724-73-0x000001BE9AAC0000-0x000001BE9AAC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-99-0x000001BE9B140000-0x000001BE9B142000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-101-0x000001BE9B160000-0x000001BE9B162000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-97-0x000001BE99F20000-0x000001BE99F40000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4724-94-0x000001BE9A1A0000-0x000001BE9A2A0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4724-85-0x000001BE9AE10000-0x000001BE9AE12000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-87-0x000001BE9AE30000-0x000001BE9AE32000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-83-0x000001BE9AC50000-0x000001BE9AC52000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-81-0x000001BE9AC30000-0x000001BE9AC32000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-79-0x000001BE9AC10000-0x000001BE9AC12000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-77-0x000001BE9AC00000-0x000001BE9AC02000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-75-0x000001BE9AAE0000-0x000001BE9AAE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-384-0x000001BE9C600000-0x000001BE9C700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4724-254-0x000001BE9C600000-0x000001BE9C700000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4724-69-0x000001BE89B00000-0x000001BE89C00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4724-68-0x000001BE89B00000-0x000001BE89C00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4724-499-0x000001BE9C1F0000-0x000001BE9C1F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-141-0x000001BE9B1C0000-0x000001BE9B1E0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4724-497-0x000001BE9BFF0000-0x000001BE9BFF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4724-517-0x000001BE9B170000-0x000001BE9B190000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4724-253-0x000001BE89B00000-0x000001BE89C00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4784-11-0x000001D7DFA20000-0x000001D7DFA30000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4784-27-0x000001D7DFB20000-0x000001D7DFB30000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4784-46-0x000001D7DEB40000-0x000001D7DEB42000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4784-112-0x000001D7E6910000-0x000001D7E6911000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4784-113-0x000001D7E6920000-0x000001D7E6921000-memory.dmp

      Filesize

      4KB

      Download