discordrat | hxxps://skribbl[.]io/?G7C3WWVk

Resubmissions

Analysis

max time kernel
1041s
max time network
965s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://skribbl.io/?G7C3WWVk

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0ODU2NjQ2MTg5MTM0NjQ0Mg.GvBggq.E7XguRnZDa25VKeT-FewwEg6zrLELLL0ZOtqD4
server_id
1248566390479257632

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 4 IoCs

pid	Process
5800	Client-built.exe
6076	Client-built.exe
2900	Client-built.exe
4044	Client-built.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{1D711A53-7C52-4339-A814-D78B2BBE25F1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
620	msedge.exe
620	msedge.exe
1396	msedge.exe
1396	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe
5408	msedge.exe
5408	msedge.exe
5168	msedge.exe
5168	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
440	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	4340	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4340	AUDIODG.EXE
Token: SeDebugPrivilege	5800	Client-built.exe
Token: SeDebugPrivilege	6076	Client-built.exe
Token: SeDebugPrivilege	2900	Client-built.exe
Token: SeDebugPrivilege	4044	Client-built.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 1008	1396	msedge.exe	83
PID 1396 wrote to memory of 1008	1396	msedge.exe	83
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 3208	1396	msedge.exe	84
PID 1396 wrote to memory of 620	1396	msedge.exe	85
PID 1396 wrote to memory of 620	1396	msedge.exe	85
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86
PID 1396 wrote to memory of 4416	1396	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://skribbl.io/?G7C3WWVk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff824c446f8,0x7ff824c44708,0x7ff824c44718
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,9168591226277151140,10275371777693442811,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x3d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4340

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3792

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
PID:2532

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5800

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6076

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2900

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4044

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
41KB

MD5
88680fb89f9210ec416b2da239b58b5b

SHA1
d0e7034c4ce7a100ebfba6f5ae73d2cfc5cf01db

SHA256
f3e85184b9da403ef7277231046f43fcfe9d08f2bc21bf09967c43576d6a66ff

SHA512
fb9e301ac1e7990a2f4c2f109e135c78a275d6feb07ad8aa7765ad3a5e8fd5c77085334ff1b3bab4222090bba6cf4b6b9b3a1e5da3bbf8958d64ed7143d31b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
1.2MB

MD5
b48e876e91ec89fbaaef68677fac8058

SHA1
90d1ec84f062ed577f423c44dc8bf04bde44d514

SHA256
41b601617afa569c0a42d592341bdbc062b2480bc61f6ab89d85c43c1b2987ac

SHA512
2d07f78ffdb9ed12e560c9ebf64fdccc4ddf89b7866d28f5c8ccb862ddd56977d2aed1e82158f6f7f444664b4417e96a7923994c51052acc8ca1d6739f7ab5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
68a15d4e4655ba974e83e467a549c379

SHA1
1e659f7a2a4f80e20db27f198fb79ff8b76bc789

SHA256
96780b034c803af0d1ee646a6803e85db9ce182287c74a717ff6d9b94bff2af0

SHA512
fb369117320cc3e0e735eb705ba35f2102d164739db67a58c126eb091da41b5199c2880ee4ad1cb45f9b8136a8fe96c0b5f8b658c07f85a0c17f595950e691bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6dc5b1fde71381e5af9f992c0b00d74e

SHA1
10ce27d41a616f28df094b7cbbec8a723a972c01

SHA256
12ff60d731adc7b8177d36ce5b0e0bc37167665804cbcdc749aeded8e40eaa72

SHA512
d24fe9b125335d0a8a6277862ac92cce1cdae6be309ebfc30a57c9d43d873a7fa33e06dc003dea9e0ff0825b8c56bbfe27150ab84344eb14c0069f101139be55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0cd52e2925aa830ec9b8257739e2eebf

SHA1
9fe8b9a4f5d4cc7590c82b78548e0bc23566d482

SHA256
e93f64498d9050da4a220ac6fbc3ab5fb10f4890ed21e8dec387284439fa96c0

SHA512
451eee42c36eec9ea379d61e82578fa78b562d1aa206427a8bfe097f6427b0395a2f62777301cb111fd34b9daf885ff314e986323659cb5235f0f4392f470fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
47930c4c2950e77c4c12012f746bb60f

SHA1
251d875f2a204e4fc88ff78e6c8ae2c971a1cfcb

SHA256
d97a5cead92060b2a71fa7f383814752c1b87cb943e9d0a61c71cba86b89ecf5

SHA512
b3fd43a0c9e909b45f67441aa04bb337f369c11df45c019f01b18bd69d131ed5aae2049310459f72e911d23419db42416c7faac2ac1551624a1cf862f94f806b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
22af0b4201bddb9a903d1a1d56850286

SHA1
03eb32545040f5a13787f54a33cb14c6384905b0

SHA256
a44628c4a2c40504d91e1f7500cf228fa85ef8c6927e508c0a496286aec8ff99

SHA512
ac98c6695e5e7187da3be181ca98ce1f39cc44063b5af31efe57c511d5aa46c56b36c2c5a49ae3448ff1d35e3925672e436c501af9ab12629eebea68cc406faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
64ceb4b54f844229f29b186b39e07ca1

SHA1
b9d8131c8692173438a857c807c30d2bc7d1ad68

SHA256
eadeb56d7f21faa35c61e6cf4dd72667eb58ae54b55313b9411781fa54dcf527

SHA512
5f2f8b99bd839629dc77a1f30af0981b4eb0f3b969b270fb05c1a905e44d577f91b8d170691af038d9c18dbfbfe26274c675e55ea44ec2ef034c13617f110ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6759f6c6c175ddee4ca52d19d4c9186b

SHA1
4658e5321feeb42fa3ade83f205dbfc8cb7f522e

SHA256
832635f9ed5ecbca2b61503afa2898bbe40d16b9c7b3cca1092055fbc266aa5d

SHA512
7e0f35035c82310db46a2ba23edacea1d0b3796749f91d1dc24384853ae3b4bc1efcd859d81e51936b4ae37654ebaee2b6430c92de4af85c0930b96a0a18caa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ccc7d2e3f823685e3e0c0dadc538f768

SHA1
50527e24d5c13fd2e1c888c5e20f4379dac626e0

SHA256
4c5a1b013c6bf047b71d2d5ed391788589c9eccefebef3a3f30944087c4b518c

SHA512
3eda4b7c45765ad050d5f82930c998064c11c96999fac90abfe0378586dbd0a16d1d9a282d40f50b860da4cbd344b7979e6854b620b161e0499e641d99eb22e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55197ab050dcb0847c98cee0b9e6dd98

SHA1
51ba326fe2cf082ab33a2a0be3221e4f4fd18039

SHA256
fff4da267c5fda08f1706639ea4b19852b02276b3690d094e328474a637fc267

SHA512
77299931f9bed1af9bd720f1ad59f9fdefb137d5b02932508cbe337a042823a65e81f22bb83426c4c460b1299f6e487bef6a5a39f02cfdde3c35a6beda11b998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
984394a2a857a755f52c668c61d86e80

SHA1
61a1fa0d5079d7e6b9ad571101e9cef3dc78e94e

SHA256
ee25d38406da2262030421037e5211cc45ab0d648f4923ec0004d9acfc38b613

SHA512
da7b3ffe27cd858a7fc86aee56e74fbb9e826f9ceefa27c39aa1f3d9587acc835e32c6c5bd710a44839b10f96cd27466322beff3de369a253e96bcdda0d10b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
497641f0f58d7c5fd4097282008ffd43

SHA1
9bbb89674ddb671161deba17f75846539f8d891d

SHA256
3f7318c38a4cd32d791cf01615a2d04a58e7a73e65ddb85c8d8081dd182f73ec

SHA512
8319b725474555200944ec217e741eda7cd6bdef9f36e320e026cdf4eed46c17bdfd0a565f385d2ec63605f3ec4134c5a459cb2bd66bd1470f8802d0bf49c2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
138ffab93a0bc90d3aaf976aafd48cae

SHA1
b6fa6b9917046456e65fbc4ac25b76532f984495

SHA256
2b11a26d318c5588446e7ef23402bd4be86064b48357cd921e9c918dae6e0ab1

SHA512
81d9ccc4fa7d47fb538263d7f79a3f08f96d16756458186a5d491dd5445cd84fb8afbb0815fb0b4b0004747e281ce2b260599034681007a600a298832b5cb0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
964c357b3e873ae60ab0a9e08d306ac6

SHA1
3cf6a7e65124e4ae49d0e4c7d164d649d49e7966

SHA256
620b4fa1c932bb43c16f716e34034cdb386355aecf1b1becd01df602a16e07e3

SHA512
61f5f614af80bbbdf6b80a3344b3d8257f1cc3f2fa6b64de7a4011d6a655d456f288f1b76a30f57ef993657a3e4aa612bb54eb0fdc9f4a19d1e7320bafe4fa31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1dafe69f6ecc0a906b2eee4e75557559

SHA1
92c59baa64ef439a819e225aa39dd95082bcd298

SHA256
bf1d6e87024cd6880f4266e39897ebb977635b5a7500c309e5211c90692fa905

SHA512
c9e4b8bb0810e9dd4090bfa03513b805ea1d0392c26f88430ead540f7fd67359eeb737044318c12eea2cb2ee9fddd1141a7e234db32f3b8d30a224a910840f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb67.TMP

Filesize
371B

MD5
90afc3f666aa269667bd20e9faa7cbda

SHA1
248c124cff998268813cffa9179eebf1cd4174d6

SHA256
cd18b02c79faece407bcc861bf553a654d975d18927661cedacfbb07d5962808

SHA512
d92fd2200aa10b364e51fa29a426b96351ffdfd9df41e30efc43a3d936242cc741851db299c0e4bbf0592322122b541891f119258a7553ba9134029796939742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9b88055b3707fa0780c3f4ddbf9deea

SHA1
933f5604c512e1dd3d5f5047b34b23454e69360b

SHA256
ba1ee49186bc32a2d7c45002b3327d4d4066e5368f337aed81667e69637bcddd

SHA512
e0b81d4ddb9030c16a219bd150a7baaf8fc00e5cacc96c6a1b9c613439f38a2d05e81863b1081b4f8971b26d2ac3eb6d2758dd058d276fb2287b7262fd971536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
40ce6b6855f8affbb7104116ce0197cd

SHA1
a08dde20cd21c26cfe6bc1afa71b569418c668da

SHA256
b1eeaa99abf17178e901662346c8874aed183cb5b394d7a29ac5449d32f6c9d2

SHA512
1fde81cb046edb5474c263372fc54b302d6ebfe6a8e1666559948d37236926bb3e7116ab51a620899db8e6d78b84f09a8a1bb81feaede9b78343070e3be70656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
078b84e57d44080b1e0c73d67858c4f2

SHA1
11781ace22a40041914e280ccc74475c6dee452f

SHA256
a046172cc3af77fb625fca33d543d3ccc10e80d5c0abbbc1b3426d048e22c034

SHA512
b2e3c9772187cf4f95705bb7fac87c9b7b17cc1469db8996409c5a363ec50679678d903586b65697a4bbc6de3d70db4530932ea0827211f901bced4f96d01b12

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
4a5207ee364273c86b97d6981fedd278

SHA1
2f3b656f877f1494b955ad67cf68423b4b0fd506

SHA256
085c931dbc641e426d2a490c0eb4720eba6b5b5eb0e6ad1ca2aac3b6a6a89cc9

SHA512
b0513e2de7b287f7572594da3b3222a42a8262fe403ee73eae73f4d2c6bbeb531924f063fafb86acef379ffb9c823936ca1d4c5fb9e6be3a146d5eaf71eae3a5

Download Submit
memory/2532-1047-0x0000000000FA0000-0x0000000000FA8000-memory.dmp

Filesize
32KB

Download
memory/2532-1050-0x00000000059B0000-0x00000000059BA000-memory.dmp

Filesize
40KB

Download
memory/2532-1069-0x00000000017E0000-0x0000000001902000-memory.dmp

Filesize
1.1MB

Download
memory/2532-1049-0x0000000005A30000-0x0000000005AC2000-memory.dmp

Filesize
584KB

Download
memory/2532-1048-0x0000000005F40000-0x00000000064E4000-memory.dmp

Filesize
5.6MB

Download
memory/5800-1094-0x000001DCF60E0000-0x000001DCF60F8000-memory.dmp

Filesize
96KB

Download
memory/5800-1095-0x000001DCF87C0000-0x000001DCF8982000-memory.dmp

Filesize
1.8MB

Download
memory/5800-1096-0x000001DCF8EC0000-0x000001DCF93E8000-memory.dmp

Filesize
5.2MB

Download