discordrat | 0e2b2052df8615456681b97edcd22375f511e539a80faafdd9002f2d32a40d08

Resubmissions

16-06-2024 16:14

240616-tplreazdkb 10

Analysis

max time kernel
1005s
max time network
1014s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
16-06-2024 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Crosshair X.exe
Size

78KB
MD5

ad0325b3a4269db52fbd1f836f04efc2
SHA1

8174cab4fcd5cc11bc6346863482a789e37e8da1
SHA256

0e2b2052df8615456681b97edcd22375f511e539a80faafdd9002f2d32a40d08
SHA512

fc7decfbd7f39fd0d55fb7757c32bb0e56efcb5f4b2349a6682986ce737cc4305cd3e7381a85aa0804e86409ccffc01e502e2247c7fbeefe4ef1d39e372e9132
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+5PIC:5Zv5PDwbjNrmAE+JIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NzIwNDM3NzM3OTQ3MTQ4Mw.GhygpL.FUJ2gs6omUcQJ7kP5iT4wMucmXxfcp8XHvbxt4
server_id
1249456180246351963

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
4492	msedge.exe
4492	msedge.exe
1992	msedge.exe
1992	msedge.exe
2000	identity_helper.exe
2000	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4936	Crosshair X.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3372	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 1004	4492	msedge.exe	84
PID 4492 wrote to memory of 1004	4492	msedge.exe	84
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1560	4492	msedge.exe	85
PID 4492 wrote to memory of 1600	4492	msedge.exe	86
PID 4492 wrote to memory of 1600	4492	msedge.exe	86
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87
PID 4492 wrote to memory of 4272	4492	msedge.exe	87

C:\Users\Admin\AppData\Local\Temp\Crosshair X.exe
"C:\Users\Admin\AppData\Local\Temp\Crosshair X.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4936

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff23293cb8,0x7fff23293cc8,0x7fff23293cd8
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,17529497297484805821,1880033033415879428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e2fe4fc66c594e396af922c0799fbee1

SHA1
32744160626ae3c400b9e26182a05b6d3ef33c8c

SHA256
046634481467428fa3a74fffd64dfca08462560985ccafe84f7866e56f126aa1

SHA512
22222d108daf5b18da8d869c37ae454da7a147a0084cb4848fc2a7a846d1ebd1b79c6c137e86bd9c49ed5f9245c14a61755996b38c6f54b22e5093ae229ca168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
316faff0bcc98fdf2e08b1a2a1b6a068

SHA1
87d05e8220a6076a904efe57ad1736db20e51531

SHA256
1eec198c8b8695b0b490fbe8c611b68e4ff27f0452f218dc1e72fc70a9e6010d

SHA512
a498f2d70dc4edc2076b750f8a685246551149c1eb9ec01c7a0d07ee22d11e7566363515e053aad9bb2f81e5a723204ce0bd44c243af6dd36f2325fdf3be96fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c4d9899804dd12e3c0d1394e6cf21edc

SHA1
793211e4f9b3176387a9c21ec01e3f66cfc1dee9

SHA256
14ff0b6a72d5f47500e6a885043b641db6e04a75c1a7c15b43a74173af31d55c

SHA512
06b4f6e95ef9523e37c279de622f22ca05f33dec4329a20a340f4894e95d5210b4a753ddb5e0f5f7bd2d7692b599f86984d09ebebc0dfd2021d9273047a2b4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
14408f77ebf01411722f410e4f0fbf36

SHA1
b9729f217bd50c5b268a653859debcf56b64ecf3

SHA256
00077f750e114c9d8efa4ea6b9920fc6fc932ede965a0a01e9e265a9b20a1cc6

SHA512
94164a85eda72e02f19a091e1485ae9c21d8ca208646ebfe783bbf8496fd4afdfaca87124d9d2baa276f72c5fbecd88301377b27429f38d05611cb2086b41822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
18951ad4190ed728ba23e932e0c6e0db

SHA1
fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0

SHA256
66607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915

SHA512
a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
ee87a5df2cec41353233851e9956d539

SHA1
cdd287b4be58f5ee3464c31c9f073daad13f2eb7

SHA256
2c25ce8141d1e6e601907a4d54f367ba7f6032c9596d24b30a245d94b719c880

SHA512
3afe8451239bbfa4c7cd6ad4e123d8558aba43a570998ef76834dd12b8b0266a4c9dc7bf57dd9a903208a029f3a0ae54822f1ba1d29414615bdcea963b062379

Download Submit
memory/4936-23-0x00007FFF14260000-0x00007FFF14D22000-memory.dmp

Filesize
10.8MB

Download
memory/4936-0-0x00007FFF14263000-0x00007FFF14265000-memory.dmp

Filesize
8KB

Download
memory/4936-3-0x00007FFF14260000-0x00007FFF14D22000-memory.dmp

Filesize
10.8MB

Download
memory/4936-2-0x0000018A2B0A0000-0x0000018A2B262000-memory.dmp

Filesize
1.8MB

Download
memory/4936-1-0x0000018A109A0000-0x0000018A109B8000-memory.dmp

Filesize
96KB

Download