Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

10

Resubmissions

29-06-2024 08:00

240629-jv136stejg 10

28-06-2024 17:24

240628-vyn4kaxdkg 10

Analysis

  • max time kernel
    145s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/CjZK3N

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    https://discord.com/api/webhooks/1250527795591778345/dyJ1rr7AH7-pnMiHKTyiXBSBOctq558BKC1NK9RdB9Fg_AKHhj_Ei_joM20_0jkN5nZq

  • server_id

    1256297764950642850

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Downloads MZ/PE file
  • Executes dropped EXE 15 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/CjZK3N
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:404
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718
      2⤵
        PID:3108
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        2⤵
          PID:1672
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1372
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
          2⤵
            PID:2504
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
            2⤵
              PID:3060
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
              2⤵
                PID:1804
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
                2⤵
                  PID:2580
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
                  2⤵
                    PID:3680
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
                    2⤵
                      PID:2388
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1628
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
                      2⤵
                        PID:3448
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
                        2⤵
                          PID:2900
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5140 /prefetch:8
                          2⤵
                            PID:1232
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                            2⤵
                              PID:3472
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6204 /prefetch:8
                              2⤵
                                PID:2852
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
                                2⤵
                                  PID:3336
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
                                  2⤵
                                    PID:1156
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5372
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5532
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5692
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5776
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5964
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:6044
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2480
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5204
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5352
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5472
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5632
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:6052
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:4412
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:6024
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:6160
                                  • C:\Users\Admin\Downloads\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:6256
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6576 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:6940
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2416
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3812

                                    Network

                                    MITRE ATT&CK Matrix ATT&CK v13

                                    Initial Access

                                    Execution

                                    Persistence

                                    Privilege Escalation

                                    Defense Evasion

                                    Credential Access

                                    Discovery

                                    Query Registry

                                    1
                                    T1012

                                    System Information Discovery

                                    1
                                    T1082

                                    Lateral Movement

                                    Collection

                                    Exfiltration

                                    Command and Control

                                    Impact

                                    Resource Development

                                    Reconnaissance

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      81e892ca5c5683efdf9135fe0f2adb15

                                      SHA1

                                      39159b30226d98a465ece1da28dc87088b20ecad

                                      SHA256

                                      830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                                      SHA512

                                      c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      56067634f68231081c4bd5bdbfcc202f

                                      SHA1

                                      5582776da6ffc75bb0973840fc3d15598bc09eb1

                                      SHA256

                                      8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                                      SHA512

                                      c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      288B

                                      MD5

                                      4fff92a7f6ee512c0e0a0807545caa85

                                      SHA1

                                      a23892a150fb3644dce960ff8446f991b9bea6ef

                                      SHA256

                                      c7682aa99c6ecad0b9bbbd73c43b2da83ac3c46fa08db8628f4a2724fdbd5f7e

                                      SHA512

                                      d7e2600eb60dccf3ddb55e9560813c5c7516f6e05f6b299e5677a1c5224e32ff0ab43b7e2b6fef43cc84708aed323a3b698c1a5c554c9e7e43e406048e4fe64f

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      317B

                                      MD5

                                      afc6cddd7e64d81e52b729d09f227107

                                      SHA1

                                      ad0d3740f4b66de83db8862911c07dc91928d2f6

                                      SHA256

                                      b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0

                                      SHA512

                                      844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      93eb4aee436d135c043c46b9551b44c0

                                      SHA1

                                      31d98117c86b76f42d69c7391c62b0550025673a

                                      SHA256

                                      341c6f9eaae2f6a971ce74aa909fd1176804f4536a7ae931b0333848834b1a5b

                                      SHA512

                                      cb58a6019baf32ecb0920f05ad060899153c9b0b22174dafc9b4c58648193daada91674b8a017edb6d4e3ecce90e033d203709ae9ee1ba0630da4cba2f6bb5a0

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e1302951-dc5d-41f8-84d3-c512ec444a04.tmp
                                      Filesize

                                      5KB

                                      MD5

                                      3b2ae7c91088ddf3e1b3d88451ccacaf

                                      SHA1

                                      36a0b394fa0753832ad998d2268bcdb264fcf291

                                      SHA256

                                      c35923fe44b3039eb6a68169a0a970d59a3c312274a66684072c98595a497478

                                      SHA512

                                      2b5dbc6d21dab742505a27a8aa8d65cc2ca0cc536c5ec77baf01895109e17258c5d35d01f7413d8ca1619a68da383f4901efb5cfd87612a29301ca3062fb1009

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      dcb8eeea9e24f18516cebd29f81fa95b

                                      SHA1

                                      7297a45afb48df3bf1ae510361647af04d2be738

                                      SHA256

                                      f9fde7c188390b38bdb39c46708a82f4823d3a8239286d2b451c5cbdf1252e3e

                                      SHA512

                                      be4a83fa635c61087f88f03e5c18137a1a9e059ab4bdf9c58753e1c07a1b558e93321baae21ad907d0076e36817985cb7f0153a28b0a42c7099c5326b71ea668

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      0b449dd3262b5bc514e24c32f3d0914b

                                      SHA1

                                      2b6545b36c7f8488b7a8095ce6a3bb6e87a71ce1

                                      SHA256

                                      dbcb82f2a579a1cd56a40c0b494852089d0c10976dd158e2c20b281fc21b16e8

                                      SHA512

                                      b02461b1705f33a9f410b27e35a9de1fbb8b890c3517db5a42072d3f698c4cf7494f00e58713b623e9758ebe0d6cda3375c5d2886dc6d54cc352a7076e87fc05

                                      Download Submit
                                    • C:\Users\Admin\Downloads\Unconfirmed 375075.crdownload
                                      Filesize

                                      78KB

                                      MD5

                                      bc64cffd6ca84e251b4e8f685481cd53

                                      SHA1

                                      7c99cfe5741d7b10a510c46f4c5dd46691c33f51

                                      SHA256

                                      10bd9b964084599dc1c1a0193d8ca5bc0ea8800748e6dc5a6240dce6170adf6f

                                      SHA512

                                      953b3cbbeff0177da28d4d0a6862d08d865b0e906501bad5884e6a987a4a846a7ae0b8c0c07daebd88f12c23108722753436d5f93559c38e860eb1600a3d8015

                                      Download Submit
                                    • \??\pipe\LOCAL\crashpad_404_QJNSIGGGTCUDNZDF
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit
                                    • memory/5532-105-0x00000243995F0000-0x0000024399608000-memory.dmp
                                      Filesize

                                      96KB

                                      Download
                                    • memory/5532-106-0x00000243B3D80000-0x00000243B3F42000-memory.dmp
                                      Filesize

                                      1.8MB

                                      Download
                                    • memory/5532-108-0x00000243B4580000-0x00000243B4AA8000-memory.dmp
                                      Filesize

                                      5.2MB

                                      Download