discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0/releases/download/2[.]0/release[.]zip

Analysis

max time kernel
1168s
max time network
1170s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Executes dropped EXE 2 IoCs

Processes:

Client-built.exeClient-built.exe

pid process

864 Client-built.exe
4536 Client-built.exe

pid	process
864	Client-built.exe
4536	Client-built.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643942748562447"	chrome.exe

Modifies registry class 5 IoCs

Processes:

OpenWith.exechrome.exefirefox.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{E4BD7761-33C8-4F73-9A34-2D5741EFADA1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4584	chrome.exe
4584	chrome.exe
3536	chrome.exe
3536	chrome.exe
1036	msedge.exe
1036	msedge.exe
4580	msedge.exe
4580	msedge.exe
4924	identity_helper.exe
4924	identity_helper.exe
5132	msedge.exe
5132	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
5688	msedge.exe
5688	msedge.exe
4456	msedge.exe
4456	msedge.exe
6556	identity_helper.exe
6556	identity_helper.exe
1816	msedge.exe
1816	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

3324 OpenWith.exe

pid	process
3324	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exefirefox.exemsedge.exe

pid	process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4584	chrome.exe
4580	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exefirefox.exemsedge.exemsedge.exe

pid	process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

firefox.exeOpenWith.exe

pid	process
3304	firefox.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe
3324	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4584 wrote to memory of 2876	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2876	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4752	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 1512	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 1512	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2288	4584	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c03fab58,0x7ff8c03fab68,0x7ff8c03fab78
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:2
2⤵
PID:4752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:8
2⤵
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:8
2⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:1
2⤵
PID:3964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:1
2⤵
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:8
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:8
2⤵
PID:4212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:8
2⤵
PID:4952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:8
2⤵
PID:668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4676 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:1
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1528 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:1
2⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3668 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:8
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:8
2⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4420 --field-trial-handle=1904,i,2596279790156961804,10052727292517304851,131072 /prefetch:1
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1532

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1672

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
PID:2824

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
PID:4156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.0.1017665729\371359042" -parentBuildID 20230214051806 -prefsHandle 1792 -prefMapHandle 1784 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db768421-01ad-40ff-bc74-6d882fe31872} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 1884 275eb00b558 gpu
3⤵
PID:2640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.1.1064181968\108340858" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4852af3-b293-4288-956e-dd6f48da1614} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 2452 275de28a258 socket
3⤵
- Checks processor information in registry
PID:624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.2.1930182494\100165853" -childID 1 -isForBrowser -prefsHandle 3172 -prefMapHandle 3192 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91bdbdb6-7c1a-4405-9594-81b165dd7981} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3212 275ed7f5258 tab
3⤵
PID:3132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.3.568262111\680417702" -childID 2 -isForBrowser -prefsHandle 3864 -prefMapHandle 3860 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b2cac01-2c1e-4d80-8d31-1b9cdeab518b} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3868 275de279958 tab
3⤵
PID:3112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.4.621461540\1625614464" -childID 3 -isForBrowser -prefsHandle 5128 -prefMapHandle 5080 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c672333e-971c-4063-bc3b-39a7d31c82d5} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5140 275f24a9858 tab
3⤵
PID:5020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.5.160291365\1362395132" -childID 4 -isForBrowser -prefsHandle 5360 -prefMapHandle 5356 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec021748-7034-41ef-aab5-eea7b445793c} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5368 275f24f5c58 tab
3⤵
PID:4992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.6.2146084707\1522605328" -childID 5 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4257067e-68ba-485f-88ec-595f81a7f71e} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5512 275f24f3258 tab
3⤵
PID:1212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.7.620289727\951094617" -childID 6 -isForBrowser -prefsHandle 5976 -prefMapHandle 5972 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdd1d0d0-6594-4f6f-8655-15f37e1dc84c} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 5988 275f40e9b58 tab
3⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8c85546f8,0x7ff8c8554708,0x7ff8c8554718
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
2⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
2⤵
PID:2376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8
2⤵
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
2⤵
PID:888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
2⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
2⤵
PID:528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8
2⤵
PID:5124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:5244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
2⤵
PID:5280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
2⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:5896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
2⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
2⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
2⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:5568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
2⤵
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
2⤵
PID:5660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
2⤵
PID:5668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
2⤵
PID:5676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
2⤵
PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
2⤵
PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
2⤵
PID:5776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
2⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:1
2⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1
2⤵
PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1
2⤵
PID:6276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:1
2⤵
PID:6284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
2⤵
PID:6420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
2⤵
PID:6428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:1
2⤵
PID:6736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
2⤵
PID:6744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
2⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
2⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
2⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1
2⤵
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1
2⤵
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9404 /prefetch:1
2⤵
PID:6168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
2⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
2⤵
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
2⤵
PID:2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1
2⤵
PID:6364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
2⤵
PID:6300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
2⤵
PID:6500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
2⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
2⤵
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
2⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7500 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4788 /prefetch:8
2⤵
PID:408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
2⤵
PID:6488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1
2⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
2⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
2⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
2⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
2⤵
PID:764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
2⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:1
2⤵
PID:2936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1
2⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9240 /prefetch:1
2⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
2⤵
PID:7096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
2⤵
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:6048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
2⤵
PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9864 /prefetch:1
2⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9732 /prefetch:1
2⤵
PID:2692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
2⤵
PID:7012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10180 /prefetch:1
2⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
2⤵
PID:6240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
2⤵
PID:6256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
2⤵
PID:6260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
2⤵
PID:2376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
2⤵
PID:6916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9784 /prefetch:1
2⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:1
2⤵
PID:2844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
2⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
2⤵
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
2⤵
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
2⤵
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,5854674589406715533,10229528420836804316,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7364 /prefetch:8
2⤵
PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:864

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
PID:5912

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:4536

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
PID:6064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c85546f8,0x7ff8c8554708,0x7ff8c8554718
2⤵
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:6084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
2⤵
PID:5776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
2⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
2⤵
PID:6836

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
2⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
2⤵
PID:6720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
2⤵
PID:7048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5852 /prefetch:8
2⤵
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
2⤵
PID:6156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5464 /prefetch:8
2⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7340750992530580765,1471296319929555472,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4208 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3324

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Discord-RAT-2.0-master\Discord-RAT-2.0-master\README.md
2⤵
PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
9e2377857058a57cae56f3e2752ba106

SHA1
f7310c33673be2b610d56e4c0daf74f0ae6e5250

SHA256
a260ff05c1a83be7fbfa8f1b60f545347f5f8746fbc56c03493c3455cc6ff622

SHA512
2fc66c3d6c2392d9075be2aa1a7e48ebdcdf2ee43ecd1c8bb8c6ef8ebe743263eebdbcbe0cbd0b68581c4f6f7ef146ce5d5dd7ff84bd5c3f9acf1c22ec6e8664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
2f6b107ef1292f7190c62eb002ff076a

SHA1
a6123e4398fae527f3811521ea6c3f63217c5655

SHA256
1b7d100999abe1e5c2255fba6e1c32700bef3310abe4cc6660277d148f23e950

SHA512
4f543281dc088dead89a4987641d74401b51d1f9c47fe9d40cfa61ec7c82594d5f3a8474dcb148976090b4d9985d5f9792ad4057aad8eac370aa379417ebb624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
33f14e94d4659b6a2101c28ce7e28952

SHA1
1b4ff1d26bc86f015343ad5c8c52358e4febe833

SHA256
3beb59733d844d5fea9057ca62097cd96d25981a1239cc23b5258fb45ecdc68e

SHA512
a75a7dbb20cc6044234719c27874c2627c1de3c6739eb77005fd8aadf23850bbe38200fbec550223990c51fcbfbb992be07ca95a1b5ae91b7e13036f0e192d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
e13f70f9b578688be058608031ca4190

SHA1
2b7f7ce357157abf9d79c58589d2c95696dfe061

SHA256
7eadba95f24cf5336793c21fca9965d37d6bdf9279f50a56d0b259ea8dadb569

SHA512
a12f9314b266422656976b9ea28eb11bd2e0a6e1b29dea1b5e5d8e09f4da3b8e9104313d57f0f4fbbbe3410f1f5402884fb0b1b0a765c54f30a9beae2c235ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
e5f0a64cc1e38da1cb3814c415bf73a3

SHA1
6f290023f702fa45a4bf16e77165850fda4d7f4d

SHA256
ea598778fb819bc813e6f39028732a88f6c84866dae396c26b2eb5145a4484bc

SHA512
f5e47d7cfa33d10d185fd828963faba95ed7f88724b1255f7f2d6656fdb7a9012d56636994fab06cac7fabe9dfa40fa8881d064fe89898dce0cc07bf4f6450a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
62209c3698a56ffcfdf52bdc2685c5cd

SHA1
8cbc4917d3f3d2cf2ee553979bdf6d9e35789271

SHA256
abd199f9d5cd7fd25c6f93331268736ddb7e0d5cda7b58d70b20e6e35601c567

SHA512
041acaf2022ef8167d38d3c16f28479ed3e95641345e272d7a5b93607108ccb0de251aef2ca6dd49787505e3c74d616ed496dc5055e228e9f53745162fb61b7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ebdc12db5363bb390fac370525a6fbc8

SHA1
01415002f4fab8fdb311e6f07477fd34b6ecb6e7

SHA256
55c00022f3106ef7644f92188c41fbccbea78f7a258b8863e07cadce9dacebd2

SHA512
ae48b7f9e9f069ee17dcd2d325115e501bd1d41dc2be46f5155fe628a463a88ffdb4acdeb573a1ea8fa770d23605ae85cbdc2a2b31dee3a5ba2ac89546d6b1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
90a6fb12cc78c4fbdadfd216392b8006

SHA1
9cec974b25454102e600429c72a2d46cee5a6a86

SHA256
07c9c367cb47e8ad34c22831a5e007630ca21e54da278e3ab170e9a28b7a3a36

SHA512
f56f83251feb48a44f1f218fde38fa016e71b8e9c837fe9179b92a5800ba09a5655b1bf6cd3eeb5112f7efc92321e7a40acf21bad8a033ff3a7bb930809103e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
6ec9285216bec35e230eb4509b6edd56

SHA1
dcd385a9a3c9b1434ab454d233d0775175721f76

SHA256
b6ce1d6411e30362a0faeb68eff919149d3cb2860432a697f47c0dd181ce9be6

SHA512
58d5fd6e24022dbe0bfbc34cf810670a35d2a1b74a93fb586a47b5b90b12b4a1a4a8c08b19c848865f21437db4c38b1ecbb9e74667f1bb3fc16b587c184e5041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
91a44d091e2344783397512a996b6348

SHA1
7fa09af032efecc9c23e6ddcbe795bce5fe7f47b

SHA256
23139b7e780297d2188bf78989985400fc83e44d99e3ac6b3018cfb8fd933e53

SHA512
a3690db33778bc98f784383b0f5c8eac686767b129c62d940eb58e184f7a280cbb4f2e945dd2bd4d29a9c6ed983f8e0d8fcff2f25b0fc1f5d181c773f2f1f237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
2d8ed63d9b0e5ffe9244a8cf9cac597c

SHA1
bb06249efd526b64cd50c552fd6a058c202a28c9

SHA256
12861634a310744a119c0172d17c098087c8f11ca401b079fbabff9d5853a158

SHA512
17014fbf74855c6c252654e9a3ac9f66c7ef474e50751fb85c6a722c0388d19fbf9d42578b41d00759b73218321d3a32ddc4cd44f12dabf33b2273d4d68df559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
74c462d05aa1dc942a0401f7de13251b

SHA1
bb34b93f5b4ef5219201a043e36584353947d39f

SHA256
7ba6c01a600f53e2e760b8dea37e6d8ec680f52c22ecec2d4d58b6be0523dd54

SHA512
b4ba6912669265f2bc3af598a83148d3d3f1d8f27d837de60827327bcac7ba8517ef66f23fc71dc4673b11090d111a32a1dbeff1cad5af657b4d8cf03f76521f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f99a1c91b7e8e142aae5f6966af29094

SHA1
62abf66c77939b7b94d1d00e96986ae818700aed

SHA256
a47db23754773f09d2f349ec1601c64054705a9dc8b5c7ea18462d1ae4fa27f4

SHA512
b21e65378bf79e28137aa8165cb944c1013d3c5a2b6145f0309eca04e4796be1a8baeda2d914e58a5ca305b01499aa3148fda97c2f4641009e9e737daad14068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
546806e9c70378fa8542369d2431fd0f

SHA1
351c3d4d210781ca604a5f87c9f3ad8282187f82

SHA256
140423be8090910404d35a7f15f5a7e2961a7282914bc720795bb4c8aba82ba9

SHA512
a4982c6c34e90b55085666a09b59125b37f8b2d7fdf25de6d5dceb4ab19cd435b69c13d4cdb07e7750168845d9cf9debeaf6101d6fc4645855924c2da6e61e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
e6dace482f1ab65eba5ca449474f2b69

SHA1
bc8dda43a5e26e7f397c264af45dbe82252b121c

SHA256
eb1e613572cc5d33d413257a0309de9977cb42b16b17651460dc5230438837d7

SHA512
23e3e16c790da927631d5159dfd662e7ba7f4095466f55516a7d21c53cb7b23c48f90b8f2e72812faf9d1732218cae29ee9a092aef3a97bd1879e32c9488dd3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
2e7e7fa5edee6b41202084c2b69ad26a

SHA1
bc4c50169720d80a116f911d0edec4b5c74026d0

SHA256
04979a6e2c6e5ed3e4085f8376d65fe5615255883e5371cb37b0484b21c88951

SHA512
4d0811dabc154faf38d1dc4526518c22d3f679876af453298f0855189e3ff417f2254fe6c8de19138d365556476d768a17c2f5ec8ab8653b5c04c942df7c3cdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
6db4291f0aa782d7f9f90618edf4609e

SHA1
07cb3bfa35a043f8244fc8f10eec12bad39b70e5

SHA256
d405c48d666846c06677d65df90eefefb4df1a9502a1d5e05cc0b24eb2acdce5

SHA512
243df9b3c60bd664a51483eb7c0fa536cb2589ccfa4fe16503594b47d41202bdb7b0fc4856ed8f34269779b26aa4181a7f7161c15f73e3133646898fa924a256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
8f5a80257f3751186a03b5de31e46bb5

SHA1
d0bc49520e2f3e849c50e7120034f18251838490

SHA256
0f225694c594a47f6a07959e5c6ceedfd34b43335ae4f05dc9cb065040303a2c

SHA512
d5cb8801209306316bb6d6028b2d67278055ecf7da8068338e03e2b4f7a7156c7edfbe1af72c928d17e218268b0ff882d435e9ee14384e405bf069022bacce08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b314.TMP
Filesize
94KB

MD5
997f443cf01198067be66f7610083bf2

SHA1
3046ee3063326268d415290f261a2394b084484e

SHA256
ede7a6604346a2151b9b66e3861976f71d9f646cbcc70501916b65b2566a39df

SHA512
926741fbc95951c89ff02a5b65c138575d6cc9d2119b42d2a505c887f8484e05c3fea4caa6de446c5d8a00820d1f8c270f322a1067e96957594c91ad040c13a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
ee39efa05ef1ea95157cfbb13b6acd6c

SHA1
84cf23d2e7245db88aad18fe408691ded23a7f34

SHA256
559e7568eba16d8e5df39b3824fa0dfeabcf23ad3df84905ede7f42680b330cd

SHA512
26a89f1858a4269696b0648f65f07352ae8bdbf47fcfb5e53cab546da6f5860888cc7fff9615fb87a59b5d3e1110c379e06967eafafab32d7e28f77bb834d644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\68bd5487-85fc-475a-a725-b5a6b9f14745.tmp
Filesize
12KB

MD5
85d5f2caae2e281f51014da8a3b2a3b1

SHA1
07b3b528faf97cf2d72d4b0ac645d47340cba8de

SHA256
cfbf1d5658844fee60a1db12cf6c14f26ea7cb26b6bdad2941e7a16e1bcaaf12

SHA512
ff314a8fb1fda1d7963fcfa8f437bf4b86cf92618bfeea6fca371ce3ca228a47af1dbc58efaa06a04ddcc3c462af210fca851f61f6d86eb3b8e2b58730e6f795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8713f322-174b-4c3f-b76b-a18351c1c060.tmp
Filesize
12KB

MD5
7fc5ad723c93db3ccb8fe5052a732034

SHA1
3517103a79eb86886419f85d98a896083661111e

SHA256
47021c8ffdcae7bce387c9221b9bfa87b78a117834697f8a1465793989ce88bb

SHA512
98591016adbe3687644f7b5451bcc151aede4882470cf5d5b9213e0d721fd74553619d7f30fa4fa099314e1cee77fa562cb72329e4ad10b7b1a19f056d13624b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4efb92ae7b82becc0b79bd06369705be

SHA1
b955a4679b6f6d351c3f15965b8e0660eef4bc62

SHA256
1d8a3235b9b7ae89b9e5998867579d0ee636658d73a6d34f86da793a5429ac8c

SHA512
c768e743f97c9923f1964af7f213b0dde8ecae8acb4f2179317cba4a7bd4d1a35cc5c440f16aaec4a6120ce8a63067ce64504d46d310be0662cb450b6032d636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
178KB

MD5
ff93f03c3e434229067e3fe6d42cbcbd

SHA1
3a4bbb5fe9a7326d3153c2c60bbc88a973c444b0

SHA256
bf34165124e6dca516504ece4981b2ee9d13d49147314825f2b4dc230b9e17f4

SHA512
398173c95e13e074281647ed73e1d63be50a90e8f15667fd731d9f35937a24704fe3165a586bf247b2126fa9dd0b783372fbbe210e31ef7a47fde21f1d8f8249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
79KB

MD5
8031733b3c3c95eb2f35f4a3288cb275

SHA1
183a4cd8d43d111b676f9aec8df86bf51bd7e44a

SHA256
a4a4327b5fa4ccf3ce9699da4a611c471ec3f241d5448bbbec694b283e4eab5c

SHA512
3752a00079f6d30274b6067907ffe11a83f1eb165b9815ea9c5fdd56506b0879b5e2b1942f9fc0332d357a1e994c739ceb341a5319631c4e81b7b9485b1cea87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
97KB

MD5
290811797e7cfffeb6f9d88b5592b8d3

SHA1
d9c62a7ff2d28d9c44eb10ccabc5837ef83b1658

SHA256
514adf699fc7091145bd16a18fa319747e092c55f6603853512346c946c7d915

SHA512
147f176266cd0a1e485773cbcf9e9133f88b994380b153608f933ec6115e9dc8b37cdd20ab838120ae2d0d5548710743e1932a2197dfb7cd7a36ef2a14d97dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
21KB

MD5
2b4227f6ed055cb78c9eb14643a6ec8b

SHA1
9168bdbfc729e74b1b85900ca5380ea9241fe5ed

SHA256
2fc974bbdcb1ae9337d3dc3ef3c16f3c378f751f5326985c38ccac85cfcc4b37

SHA512
42515a9614d27b5daa9d83d3cb6bc1f2d37ed149062cd3b5f57c06f474ede42f18e6edb99c5b84d3864e4994954da43226496f3c2073e896a2ff8a8eb4835138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
43KB

MD5
12e4ed0037217bcfbefee69c5e08b013

SHA1
904c3f26e63866c339ac8dc206486bd8d1618045

SHA256
470191dbb134f2f6eba27f9c4e78f2a596dfde8f80c17fa6f963e0cd56cc60ac

SHA512
bcd2ffb053fa87aea47c30bd64b544291d4845cfdb222116e7939f14a20c33e6042d29a037070fcdb7a2c27ec2d869691b63e4667079b3de699ee009b97d80f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
Filesize
30KB

MD5
3ef446472c281adffd94f711d3270669

SHA1
7d8663e1501420d7a61fbff3c925967886cf6ae9

SHA256
2c0e3e59011354a2b8e9b67872306f597767bb67ca194620402efdb7b893192a

SHA512
22ca4fd5a01990aa02defa9619b87d572c45d9852dce42014b17a6df4c1279f957d066355c63e110c5044d3a42fef983792932ebc154f7369a88d11bcc867722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
Filesize
51KB

MD5
32b7dadf2dd44a02a324b6385b1ce599

SHA1
7b2b24731a3700108a287c165d5e0c5e4f84ccd8

SHA256
12c97db3fb0aad36de5fb0475bf7b83cd1a28f8492e36d2b44997f3c08a27728

SHA512
5e61e9e157a902bdeabbe4d875cb5f1a7eb03ebab5775532cb172bb937ef427e4f698967eafa7c0b25d0b86617c9f9b8c82adfe3a0f1a0660d871bcba46cf12c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
76KB

MD5
48048dd755d1445cf666601114640e1d

SHA1
bd8a4659b3ce48d957c59446a4b0d68cf359a1e7

SHA256
66599d511c3ead4a3fe0cb4bbc063a96fc9ebf3a56b5a00afef56aa098468732

SHA512
2845e9b01d33e12034028efdfde8a2ee186df1041898132f5c39d442da048bd3531b4130c79146d64e8158b79ee1de89327563335964146d9357f8a7c7461791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
Filesize
145KB

MD5
27e0b0d117c9b50b2dd782e77926c41a

SHA1
f6b69d3570bca5026ce8fd3670224d4f10a5d833

SHA256
f7fa3985fcc91607f1afd125a17333779a8c3e2fbae3a243b1238bba4c63548d

SHA512
632371a460db88e640f90e543bc83b3163ca3d23c474b5ebd6ede20949869886727129538d213a33549d70cafec5ff64256c743f7f87bb140ccc19da03eec002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
94KB

MD5
f8794094ccde1ba972ae76e63f6216fe

SHA1
441f6046d10b0ee8916a24298bfde12cf38db64c

SHA256
65c71b2db0ad3a42ddc49674dd404f3641f1ac44d22389f0e24d112b87f2166b

SHA512
5b1f5dcc08029ed78dcbd448526aa004e9449a331aa9d438bb1f6d6a49af5aa60722a33c3a393aba174a46241abf36c8cd693b4a4caa0a2ad04ef55e31b821f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
143KB

MD5
c0bb7510db05375021c93411029397f5

SHA1
f87c17e6e0fc66f8dc4b9f4b50bfd3bb46a051b3

SHA256
e343032a71720a231021c8f49f730782e23a02e6f2ca8f3dc8c4564afdab1afb

SHA512
964ab510a849c9ebedf79f25e2bbb91b1876f7a5024891acebe4a244831087e43032dd72a73176b9322bc7f58ecde480b10bf463625b5f34dc9fa23516d5b286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
Filesize
27KB

MD5
9609a568e383fe85bb22b9e6f85238e6

SHA1
8b9402e2c4fa477825b4b9189da6ff0da7c5274f

SHA256
3dfcfaabe61dccaaea5f263abf3ca7af5d8abd3425a0b292f968a980061c97a4

SHA512
e4ddcdcbb9e21b0d05de9e5a64080ed053520a67f47f7b1112a5d19a5fc92bfdb50fba7ce1ebaf0a161c8007b078097741b324cd24d10cdf5683c6cba314bf63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
Filesize
21KB

MD5
c99a6d99b8fe6b4737b211b497848564

SHA1
fd44f4edada95fc7136904147e23ea9fd2f63f74

SHA256
9d142e74424c3c33d63812acd9e20a6c8be5bb0a7302af20141f4951c92cac6e

SHA512
811f5d9008aea96d6634477d93d736cab1f093b4f56789cd12bf6bb8a7f2e6b14ba11b8ac73ab7f85907382df0fe14a639a68f026f7602059d2e5a5514b92de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
Filesize
62KB

MD5
1721006aa7e52dafddd68998f1ca9ac0

SHA1
884e3081a1227cd1ed4ec63fb0a98bec572165ba

SHA256
c16e012546b3d1ef206a1ecbbb7bf8b5dfd0c13cfeb3bdc8af8c11eaa9da8b84

SHA512
ff7bfd489dc8c5001eea8f823e5ec7abf134e8ad52ee9544a8f4c20800cb67a724ec157ca8f4c434a94262a8e07c3452b6ad994510b2b9118c78e2f53d75a493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
Filesize
24KB

MD5
c5acb1405749543217889d7c8c9dd6f4

SHA1
79bafc6b375cc8a9a30aa09e79089c25a8373023

SHA256
d04702a5243cd6b4d408ec09d7d9138a06967dc8b3f24977ce576110c530b4b5

SHA512
a3c5f76dd2fc7eb3637ecbce9f3ad9bfa58496ae7ecf67f428b92c6255a27a653019e2c37620470bbeb52ecaa767445eebb9a6b816364fc77f12c9d9ffbcf996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
Filesize
24KB

MD5
47b03971e4b050bea520585d2c0cb086

SHA1
facc8cd3c120f7285ab32c58489a3a92fdd913fd

SHA256
c8a7ea184c79a6f61c400968314d03aae7c327f03efc03603f6a3cbada7bfb9a

SHA512
8e042a0fed141dd7e7aabffa46fe8e98c22a134c1e001032f7181aa19a0d445a64e92f5aac32dab247f6ac811ce2348c0812b9c357bfe7d9cc4df89b7ea350cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f6fbd3fdb99b3c9_0
Filesize
3KB

MD5
97d79f37edecec6e8f155b924c5932d4

SHA1
67f1f527b079bf9af928057d9652c2a6d58d07d8

SHA256
cb27e81bb503c619bdb739f45197d8396171939c797d1c7d18368f60e1ebeac5

SHA512
c5bf06c3eb65dcb11c6d774ce73f9469bea30848ba62ab2099f94f0200b0d39dc5d49cd5ccf2f0ef2b603ea4f5b5616483ebcdcedd5cbdb3b41f65d7bbea1a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30faba46f8cd4481_0
Filesize
32KB

MD5
dd5ede63c0aca60ca6246139faf8fe04

SHA1
a821d75473fd35d850ba1c4573b2f2b62d728745

SHA256
577a92caced2b1e8d5ba7f77f7c02e4ea8b1707eba727b4f572d7e10ec5fb4a4

SHA512
7311222326ab57a1c61d0cd93e789e298d61276d776553b2eb2f19cd5560659faaba4a0162f1ed93751a9b4bfefed6d2cf28d1a21e8a8e2f8700142b07a97100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0
Filesize
309B

MD5
d8a19ed387efe153dc8f066467fb053b

SHA1
9b7599bff594a8a333efcbd63ccba7e3caa711f0

SHA256
62367c35f1d5e74326b3dc5f1699fbeb8472d7b0636653616d70ca2b7e6d50b2

SHA512
b766e12ba0481b0fb034cdb2ce78ca7d8e3617110be6b81ae296b42b272200bfe8187b2a69f835cf87408001d64d454e1a16120700a04232b7a0ec4b4946c832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\482e8abbef9c0889_0
Filesize
53KB

MD5
1a4b552002023ab1efab8dbd91b2be01

SHA1
331075fe8ec439d2d44e40208a9d2619f5aed956

SHA256
f97e4171de4cf79010ea14572182239270b9dc6a162128e4e0dc6ca3b1c1f4c5

SHA512
7620de5b25db64c8f2c425d5b044b50ea3f73cc5eaa6adb6c5a4e461951d4465a2c03825bc28b85127cc1f6a980388bf9a1d4c85d18a87fa289484545217c4e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\524f8705cd95d153_0
Filesize
33KB

MD5
adaf40b7ea30ba04d620eec8ebc0a141

SHA1
b8dc6db3b40b61e8ee31d78c33d246a980a535ca

SHA256
56d6c1986d4e44e20754dc7ee706a7fc35d08ee014f35799214efefba0da11c2

SHA512
cc41942aaffadf1af84ad5b0ab300576dfb779df8837bdb66a23691e259926974212686680680ea377e152081568350dbcf0548d6906ac0065b9d6304e6a45a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\76192e761f27f890_0
Filesize
352KB

MD5
57421b0fc8d4bd6e7efa84ff8cfff7c8

SHA1
5c48004de178145a1fbe5a90a07d967aa45682c1

SHA256
0f1cf4653be68e631923e911f74446c9e4ab64f055b0740f3ebd8aa2b5f5cc71

SHA512
ecfc67a859d3fa50f3e8ac88f8c747dea7c7a9d71cddac0ae0c2387c1551c04f5f06c43919cb37bca1c23ab8e4f5f42c94b544435d6085deb9a7298a5d697b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
df6c723ef92218146d4b2b0e68c5e914

SHA1
333feee32fe068e1704b27fcce1e58aedccd7385

SHA256
d7941f7d01d14f12bf0dc1a2c969d581668d07b01f3e2b6e13c9df96713fc0e9

SHA512
31481f08962fdb5ee9e283fdcfdc0cf93e0b0cd9296eaef12047e8937bcf7109f42ad6b7cbd7c1e25b087bca4254312e9ee40a4286333bbf79e0e60c072d19b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
fee380bbb8a09a67386592278f01b724

SHA1
bf1ba3487e32abdd969abae11d2b990741c23720

SHA256
0eb974611ca7e15b211d6e8a4dfd77e3e278962a49f9edb1412bcb451d46a136

SHA512
d716b290edfb6f3f115a30c569c585fe0830c4e0b7fbd4071892fe4e572262b50bcb266ffe14ffac3516ee8bbabb1244321f1ecc73a2bd9e8043569ee2e97827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
62559a52447cd9e8f8a96ca2ee4d6a3d

SHA1
405d6a812c7ed04e222d0a4f3c468579f7e8d1a4

SHA256
6115435423e2a1e7abdeb10061001cdccbae401ed228e482a0d605f52c925054

SHA512
58a42f58a58455280b1837a3d2d86211b464b5881a56ca80ec58057afca213428ff5dd2f57644c7dea582c725f873802193cdfcddb0e75fff2b7a1b5da371bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
24217252beb427c4ca810088f556aa43

SHA1
a472af57cdb9f677e26df1d5ee303f89366cfa7c

SHA256
f4cee85c9385d5bc8e82677e13b88287b9035495c01ac2d36b06b55ff7590bf3

SHA512
8f31a6bd4ca86712ba8230316797cae48156948516a039ce3ebd221b1be1984e9743623497d570d751b2d33f7fa56e24a607920bd09e233584d33703b25ab026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
d14d8e9b3de85a99d27a78cc80e22e16

SHA1
e83d15e12fff642e18280f14e7f60eb4a491e395

SHA256
fd6eb8ee1e7e44b81fd3e809c068bd0dc5d705a7512282c7ef689e771273264d

SHA512
d587e26d429b4e4721ee8319e82b2e02547a0fa28bc969fc60bbe5247502f69ee4abe5420d28bbc93dfdec2212f06815a8fd6fa9d56519556a56f642bfb991f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
ce9f2106066c699520a692af3f91ebae

SHA1
5ff39ec9ff6cd6bca0469ff6dccc3560b51657a2

SHA256
00e1fe488d96dc2a47dd6717202579b588fc2dc0fe2be6bb791aa4ff321b7f37

SHA512
39ae0c9566bcdd8a058f613d5e61e0ecbc710bf765f0b73a5655f55e14780f4245c4d2d02463e5a94e459b0a80cebcc3a3bac3fb0bf6e2915d4c63bbbe374d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
250330d17da7fe3594591de3a7048f32

SHA1
a6027091cfbbbb75ea4e2649b85b5a601b5e6545

SHA256
a05c05dbd5262f823cbfc152ac91ccb95541a809671875a24313a746f1ea7d14

SHA512
838c80b60c00b1abd52cdd5a26ea24ebbd4b48b419a8562365fc2bb6ad28a2c91364a0186fefe79ef40b77ce88a5db0f71cf22b4ad15a3e1605d8acd4b1e0f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
ee11806604e7ac3e01c8cfc753073d70

SHA1
505fadd8e2c678bd67d39d0b059c92455192c514

SHA256
023c989644b64c97bcb9af4ef7b73bb10d34c053049875bda1a50ea41ec17f9f

SHA512
ab4d16b09f374733e0ccfd5818f5a764aefabd1130cf82878a3ae78c597bff406052f8330f9f833d5aa3f0bd71794fce104f4bdca9d7c88230d341859abb1540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
8322476dd3030ac5538e0a69a59875b2

SHA1
609a2076c83de83ec7e1e74b7a26d245253466eb

SHA256
0de1fdc4339132c28c39c5a3b8ce77c67cb3e8fd6656742577b425952e62d721

SHA512
66b2e84c63085b2c56c2227514973921668d275b4feac52cb4775ee18a603dca82671bce2ee90408523f05bf8389b098f15f2b01904121a9446a2b2a3b3b6967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
223b87a144b021d9ec89d48641297c94

SHA1
cd06a9c7a8fba9e5220c9404f8f4a0ce0b684f9e

SHA256
998ea61371b273f95e7f08dd4d4a8738ec53256ed8b2b83f3cea9fae1c1be025

SHA512
f4cafc570c4e7a29c6cb2c9e7916acec1bd355786450f154f67db7d4b37472d1173444943389c240130f8c35c6ccaec97d58d3c6a78a481405620422491537f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
1d3e026df1795c786ac8f4a523e7be7d

SHA1
38038b914bb54703e1d2b0a4f2ffc91756760460

SHA256
ed06050a9481e807e1c3ca483dfa0d97a7f800f7e33ecf4f569205c4fcf97261

SHA512
bed0cf06570284a7a3369615552d69bb7995c2a7fc78b9203bf2881a9820d706cbcd592f1cec9ac4892b9ab085fc11d041676b4448be47a1d808c5a5a71a0b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
a2e403b2477a64d57fab88ade466c4af

SHA1
38eaa77a44a96e7306c775cb9c344ce525c8ce6c

SHA256
6618039fb88430a4d521027546a1354ccf2d5164322bc6d35d7c1d1241993d1c

SHA512
c5713c77dab404efd2cc52aed4e009fb1a197862fcb345ec21f3b7192807212eac5ce2bd2a7863e6c0e49d09e06b52907b6b60a865f66b12094b85608dcfdd4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
2fd011d86d9562973ee4ae2d9b77af0f

SHA1
a7fc43350ef4cd9c3d12449e104a5b3f7c960727

SHA256
07e0b001bdce7823fd89c6f065b8bc669a21de7a9a657a2c408ab4458a1f4d22

SHA512
d7fb0e46b4990f62129be6ce54e877a2e99228c49eb36ed71b976ef07c4ae1c6c535d95b29a4bac5040a4d98b2cc111bf2d70b780318732ff159558ff7e7c411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
52f13b6e71d6dbf50fa0386c71fb2387

SHA1
fe20b8eb9be40ece9f8986cd958ac4e9f3940e10

SHA256
beb3fe9911aa82e2dfb12d612f33b5c3511a6e2953a7322e80b4ae9b4583e7be

SHA512
d80c664dd7ecfbe0e5667a6bf638f73c20340cde1f99575c7e47fb4d95d5a80d0f1bbd08aa6f3bafe4ff0a85b41ca96d7920eb50eb5fb6a971f03a44a121ad36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
12KB

MD5
ed424df1f22264e7fe7535a955b27ab5

SHA1
5b9967cd429242b18e2d3532d507faee8757b4ee

SHA256
35c17197fa72ba032bd1dc2c6442c3e19e0e6c1d03c80e7dea094f922ecd3701

SHA512
b2555eb17070504aff23c9d33f574ca39b8d548d3e510937371bfa0ec99ee14d170e7cc36768789bee5682ef9f405aaa7312b567bcf05513d6bfd5faf05b77a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
c42036a27afe4fc328b0d1c5b35ab4c1

SHA1
88012f577f12306fca9bb6b3b4ea26461c3a2101

SHA256
0817542a8a8048e4efeb92b9868045b84a35f76f09c2ffd903ccbb41fcb1bf6a

SHA512
69ea4721749a5bf51b9e109afcf269800925ebceffe983f4749db666fb33094e0216a1ad96991dfd9b850b5a606b1c3d068e8332b8b6bf207c41a83e955984bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
8876481cc0f6b915c4296c2bc7d9903c

SHA1
8ce95001c6e03bf01e51724b1d8905443670e894

SHA256
a42891c4a55426e458b3cb1250d9f712a1e9435078b33889e6fb57f0f142051e

SHA512
82ce949b3360a1ba1741a4dd7598e7c38c1f3941242e4ddea4ed89be7580e34aa6296815f8bae102bdc64fcc3fb2595cfa6c379cff28d09ea5c5f524de6cab10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
828cf2d1e8da1837444299d8e651e86c

SHA1
600671779538e9ece7006c442e4cdc3fbc13b867

SHA256
7fcdf6f4bfececb326c699625a2e857965609083b52afb3b5c1c669442b3840e

SHA512
2f30cacac66d28aab7b442bb648581b2a2c674a207c653c3d4b91b11f8f11b8967a0bd74ff677b2451824b5494bd10f79b8fc8e14f81482c3f35a8779ab98b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
67f72ef47d5d6f174498d99693f55b6e

SHA1
b8707bbfaec82f4f5ee1a824c45d86db5f9e0ac5

SHA256
7246de249d3cf123b1672efb70d2ebf6c174323900a2387713444f9851712359

SHA512
6c81d9dabb97223defa415247efedce01007a4f996aadbe887ad65b57a04ebafdf92d5ce0dd838689b8bb1998d7c53eeec1cc8d0d1cb200bb2a4a12ba9651724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
00813f05be7e8cbf93fc76db1fe98feb

SHA1
9edc132bc0684cfb3cfdb2d406318361679b407f

SHA256
a9220b863413f3804617e8aba36495d259fcc13ab98cb01d5c12e350141dd8d6

SHA512
554c44b90f32113b44e3bec1674d24577b680e12b87bee2ba01cf2979c38405ae02b60ccc9f8b1a917a57a551ad8bcde171868133df1559493412772db436df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
7f62efe3e2fc4c6979a4e974ed3d6d4e

SHA1
fe481fced5de98c61802247a71e7eab3a89b3307

SHA256
bd5e0e8ece13250c31f4f2b4cadcc1b4f48178929433b90176bebe8ebcc41e8f

SHA512
36744abd1ed3b44d254df42ae08484d5f4d61ab1ab8fb4700494640b86a54545bf6fca62b059eba631f57d771f1a2ba7496d6b5ca73b5db66fb4304512ba11cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3c2da156dd2309d801c402d6ee795716

SHA1
2b5494f388920fb6c742c025e74a18eb15c36389

SHA256
d480515e85c6dd6f65be23a7d14c9b4dd4ed19a9019fe184175aae1a27e501d7

SHA512
2c532824ab12b163a2aaced71d8236114616a0509f4d9918689e5ca89acc78dedaca3e40ae03401798f1f74e9cf3a568ec1e137810d76f7723ea278a3edf30f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
d1bd3769d4547aac7d5621bc7b583f94

SHA1
b9323ee9fff1862596b78e400591b278d1e273f1

SHA256
ada727129e1b823dde875d6b53b04e6f535e65286d559191850c37e6eeb4e59d

SHA512
3b555c8cb7b1bceeb6bdf8987ae5cc591ba878cbb3dafee4fc5270338d9b20bdfcd25a0a39225910da0e624744f56b1deec66178713c8fca8e0b7481e08998b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
ee9c00e7deb096a1b93e4c6e401de957

SHA1
9c02e95aa4a582def134a199571532bb910e090f

SHA256
ad7744944e3348ac26001b777ef24a8ec3a0d6ea69f30c6e036b31639017af24

SHA512
a0e5d969a786b2f13696435ad431ec15b541b4e09bb3a03542abf52b174555d70d60c19055628369883e87201cf46846822be67fa1a9c9cb0c10688b2da8052a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
132ebe0869e2aa1c8315fedced4dcb18

SHA1
db4fb01cb2051e51978d8b594241d55b6d7ecf5a

SHA256
5ae20d314c046c93765da3086e88ae09d6e44ecd4819d4ce075b7540a0106581

SHA512
6706a1ae08128288eb2441b4dead2d0f98fda9147958f90459d0c2bc00e61dc07a363ff54e9a6bcae4d82f9c7cafcf7a1ae7f8789accb731bbc1b46830c3c7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
8b1bc4c30291cadb0c4a23733b8080ab

SHA1
ff33667451cd97abb314b2acb27f9626b49e581b

SHA256
0fc1865d2c8042511d039420f479288b2d8725567d187f71decf731ff706bcfc

SHA512
6a7898b33f9a514df54204927428d311549584ce6860893c3a240decb5e8633d9e0c3366e548312cbfd8fdf83ad441fa3213233365046627021c33f2c70d53ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
cd23b2ef80913f50a3593953f1d6db79

SHA1
ca24d6c4564d9f2c7aea6bd05f4b3d53e7c0110f

SHA256
43207bace9b4bcbf9e64a15b84366442d60ba8328e19299d198e09cd6a2b81a8

SHA512
8b4df719dfabbfeb7ad1fb0a1340adb3e654f115bb0d929259c0f7e4e2d1ecfb3ef5a928bc304bc15a1521c0196b77c80aae43e6a4da5fc979a6fea459e665b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
a1eef22b6ac10d9ffc3b51fe838d32e3

SHA1
064fe93a27549c18fc01aefc0158a9f424b7ef1d

SHA256
85547ac1e79d3f5402477a0bb359174d437241d4b9b76f760fc81014e31c91aa

SHA512
55707072b8071018ad99a1bd18892ab6ab08e26178bf332fe7639f991bde3ed07bef50dc52a52ec1a4b227a23a8868a20ef882aa89367a038be02955385308c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
b76442e3cad13af16371fb977c5cf8d1

SHA1
e75ee015d8a3dbbc20c0adfc9883d71c79573e64

SHA256
70c8720b2ef4d16fec23e0291a598d2288b1d876ebcc1738e769cb703851f2b1

SHA512
79ac2ac57a666b909dbde3788ab56bd4fe70ca8f8a7f899a11db838e41821a577b0b18589c98ef9f5acad5ccb9b44d7a389dce42808f1a0fa3722a2b7c974a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
c2900bc70b04e9e3e1e8782356d35ef5

SHA1
85001416679e14803f2e64b1fb60ba9fe6da5b0a

SHA256
3402b97aea57a61366e09197459388146cafe49fd0afeb239308e0870f5d06e2

SHA512
64e243478e1ff32816383aa1e3b226fe207e9d05589097e7f898b16ccc8753359aaa8942100acaa5c24390b39e89f07cfe7d157e67b55bfd34d8f179299deed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
de1ad19912ba1f25127a268d68c7655f

SHA1
49f2fe0af7943a1fa66fa77e3aaa0edcc31a51bc

SHA256
a678a1ecf4a61aec359ba915d8d7f9046c3929f9e4e623acd2eff98d3b983939

SHA512
0bd71b8d7ade9fee96dcf32e128cb84b041ae5d93c7304bc368191af839e1fd6ec016ad7aece4e919c99188022a0bc797bf2a035a908ff2a64c2a4b86aeed77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
2e65bcefd1606e58650e9493312354a4

SHA1
2d7decc10afbb3ff7fe15de35c7e94528bfbcd54

SHA256
a84c2d508eaa7ff2eee051cec7b2fdd557d83842c4bd72f7f3178ce5dedc3217

SHA512
6aab819397c6f25652fd66e23ae65422377edfec183530589097bd3355288149bd153645ccc7a454891bb6f3cfda40683258c6b8e9579f74a8659a8ae1e7b277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
59b71bf7ba650f7496a4bb4ae6a0a098

SHA1
0857b9349398cc7d713aaa2ae52f34154fa149bb

SHA256
899c9b99599e4490680cc4dfac3286834ef2ea26b9e6584c50e358e213b3ec21

SHA512
cac87a3145b3b0a9c1af53e63e7ed7b7e3035f69ab214ccddf79203951f4e46a27f99c2b58eaa2c0b458d6e7a60b028a596acf8c2dcf7c7b631fb24021665cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
25fc17720817dc2daad17582aaeefddd

SHA1
783beeb7f5bf463a4dca6965590415028278de3a

SHA256
f70df15f9b72cbb09dec159c20da6153468082b3de229e37c6286636a7ec0113

SHA512
242648993339b42c6acd5ce224e7a85e5c5db3c87e675c0243d087bb58e8208cfe6ecf657fd1ca21bc7823f5bfafc5d5b20d7527e0084043fd0df7e4b65da4ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
bdfe6a017d953e07e867551668cf00ae

SHA1
993015d70059aeb1453d2460287d926ed91707a6

SHA256
f446d3983c030c82d56da198b4e4d0a7a47316b6f788c22894ed97b29790f809

SHA512
f8d957d2d40ce0563d1ee04406e45a02b92c9a764518c6e60ede866b2a0c728dd72970b9d817323e9919b860f7014a54841604996dd1fe423553f549b1ba7b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
14bf418f060fdd7774f981fdf10e5a13

SHA1
5b7d9453c80ad96e30f61a58870150c678144605

SHA256
a2f10e32d9ff8296a733c72692282b3fbe124878b2de66ef65dbb2d2899629f2

SHA512
88ef213a3e9c613df7871a04b12a514a0bd5686f64cc7ca17f39c029f87e32e0e47e66dedf70f04edfabd4ccd8c8f27d71a26c2ee57782ef0319c6a4b340e67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
fbc1457f0ccbc063137def7cd12f50d7

SHA1
0784ff36eca829326f9451438978974402077721

SHA256
4428303d144b714a4f8f4bb70028bc010797a4237fe3b089a8b99cd5dfe3b35e

SHA512
672f26b0b4c1ac12bb8033d9b8634422687cdf2588490388fdbdd0c05471720ef76108dcddff433cd0dea6e9a3dd0a4b6e1ea9e69416c623d86d47d3e698399d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
7646175baaf53bc78bba6cb34618ae78

SHA1
8475aa5c57593ed8ecc49b3c824bb8c024e32339

SHA256
5fc63dac385f68211d1805b4650aeff6b8b430eb7f951d1155ebb67927d9593b

SHA512
880b1dd444361b5b31fdd13ce09f9793cf6a0cf0f0fca45ce8efde1595fae2be5fd01b6184a363dae6a7563667e87b0abed65f84ab33feff8ebdb2429411af39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
9e0d0002282c93cd0772de7128e9dffe

SHA1
01a8b8915d4a94e01ea86b9b02543bd0447f18e9

SHA256
1a925b5c58849f746ec546a7609d1f4852fedad43e22ef9ee734f3d0eda0b8c8

SHA512
047de13238d379ef61461c5b8b8ef5ec1c644e44858f13e9b45b2fd63ed6b893c7a65ad3f2ceef79e0753efda9d167a104b33f930a6652cd88de8f9cf59287af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
1ce86b61d11a07dfbc13a90bf711762e

SHA1
74261d063ab0cf51e0a57b6ea3ea65fd04b84c34

SHA256
f5e97bac312438ebc262b23816190506c71dd441de31722a5d96fe48df9248ab

SHA512
55b39e5c21b9a209e997bdf8d52c4c08f8d0b863f3bebcb94e7c0e1481ca92900a9b5552e349c653530ec2b1e59aa21a9c18dcf401e85d5663990f14ce188559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
ac611a66c6ab5eced1f76c6c3a951f40

SHA1
c6983008011d8ad4620e7f7a629ae6bf5b858104

SHA256
7733a1f3d95e812a697d7546ecccd0fc780c72fe5f2c819db9809510dca48b39

SHA512
86ea23e5c7fe194dd607754317d30fd96734ed9db24b56aa8482f6c48038fb7f764046a86b0f7bb882ab2dad5c2cf6ec161a4e0ae0dc64467d4547038c5c07a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
0af32ede9e23d2d08532a12c6a2ef34a

SHA1
17b71185fd9919c43d24c0f5e168c2b73a53cd3d

SHA256
1b8bb0076333dd10fc0f58d648f7cfeca7398c6a8603a2979290985f108816ac

SHA512
46c06c6a458981c04d458e541fea09e6fd855acbff226d6c2ffbd12e767bc377bf9b5fbfcb8bd4ebd3c46dc19898dbb79264a1d43420badcc430c5b64e8d50c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
68e3aed05750af2966de9df7732a0784

SHA1
4344fc79f3d074ed80c98ca1da3dd9b53d673230

SHA256
a2a549cb5aaf9bbaced86b2fa2b43e4c7faa3947ffde150c7a8312da96f506ae

SHA512
b0ab498bf85ff3634d612b5efad4b7ab174042df470d77ad6e7907347be3b2af81d6414c90584797c59f2d4f539a22ac2029eed9629bb132d9962a249a23fd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
613b0a438ceee4701289f12cd61a3b45

SHA1
7ad5821db106a8887f5fe45503f27ff7ea82ea3f

SHA256
32d6a8769aa34200d5ca9aca34ccf245a8f0e3e4ecb67c1980a6939357c0a592

SHA512
ed619decef21997a79c0d86e402f95a75b32b08e4cfe965e7816881947fe04cf69a1897bf64155f519497b46c022760fa0077967d6dd4fa8345383dfa5cb50ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
138db6dd85a17112a2db481945528d52

SHA1
eb67b7b4a3e9a4056e102438ad535daecd4c6b03

SHA256
5678686fb05375d3ed936ee36f3cf3527a0704a937d3957ab455820a5b6ad53a

SHA512
18363c4df3b8315b4c6e1ec403911a71a6e2dd4d9b6a704010b3e47935968e0c89dfa86862bbabb3835f548d8395f32f7bda61b93a5136e64721ecb21588e86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
6556dffe9489dbec1ee9da6ce4329c70

SHA1
5ff7042c3e9a1cc644701e4c57d0d4e06f303f0d

SHA256
e0ca46bbe036987969fdd247857b91073043378f68b7695d0fcb8f16a44f0b20

SHA512
617661e22dc32768230a1ee1b8bdfe898f15b2f787e59a1328f60e96555958727febe2421f840ac1902714d36eb27a316f17cf0ac6ea4d8cf4776c81a8e0da52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
f07e9a12b7bd90a5cc704a69868cfb8e

SHA1
9034d68b8b8da3703326ac3a8dad97ccdb14e585

SHA256
f02f2008e11c6b39b33826fb29876d50f7f040ae0884beeb5c6a4ebd171e1341

SHA512
b26101a075739410b3d3ffd61afa8e196b2541d6dcbfef85c6b45cc31dc64f44564bd97315e8875f16f2ce78ec35b4ba4674ab873057fd0fc53819552421e73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
aaa6e63c8928d9b2c80ed5986386b2ed

SHA1
a445254f5a64be1ef788261f675c0a79751d5522

SHA256
e06333f674bb55e8ac380bfeec9a73b20f5c9c412ea611e67f6ed10065c80929

SHA512
8bc39a89fd6768dedfea5faa0b37a67f586d530169003cdfcbb2c98d39dafa61f0437143dfffc0ba34b387ac512ef4c27a96a9df7126f0afcbaa1858d46e42f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
3b9406a29b4cd82b32e96da4830440d8

SHA1
1b97433f6f932679b5ec80e51037cb017a22b953

SHA256
1b825b9b3fff44698f888e3bd390ca69393d6175acf8a8f3436e6f2e4725084e

SHA512
cf306bbada19d11c0d63a45fc9017bb309d9bbc2d6e5ea0a692592bffa431f76182d467844d53c511e3e10a135f933a31faa6437db8f10e57840383289e19ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
f104a661c9edac3c72c7fd339f81f0db

SHA1
d89682edbd51a6365890a5f61bcc951876b121a5

SHA256
fa5d80eba4aef8dcbdb4d41e79a411ef598350e516a1b1fed6df4066341c4a81

SHA512
121953c29b5df0b738139f7d047b91694aeb99368615466b1b42487c4dcfa725348a19702d3a67ab6003918966f7f7a5f310cf8e7b541a32e5f622807f1a60dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
cac18814d220571ced21177596c9ca42

SHA1
4f4a2b7fa5de13baeeb0c183a9bec7528f34d6d4

SHA256
0eafd4b65256e39e9b82217d4f2aad647044bca91e3314370b05f6a6361e44d7

SHA512
0555fffc97ec144a3b0bb4ea5b12a0e93b3565f920d5a713d45f39fb869a7779ffec84bfba469ba296e266f9b1a96c0bac8e00b4f1bfa112f9c58728f5348ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
0e3a4ef2fa0dd28ca9521c8495fe0f54

SHA1
b0c35e97146a2bc9acb91b50435599d37023e5c1

SHA256
3eac79bf336ed0f5c6fe71686bc19bd71e63fd8f72bea5662f40d0c476832447

SHA512
97a1913aecdead086e4a1c87f7d05bec273b93894905178e64260d89204e464e3281981a795dc5660cd74c3409cf6d1c7f576f17a529bf8e5fd4b68a4f1c64ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
58c350f32a0f708b0ee74b675f4181d8

SHA1
2d4200c552d4e51c8aafcdb5aaa039dd09828c90

SHA256
327da1465ee1e76368f55abc28e46bd95f3e2cf3a9788e0520e3b4da7eaaf392

SHA512
8f0d964519af1f9bf08b2b5c6c1dc0be3cb9c1fae20d3f6e3aecacfbe025e7a451b394b40063d1c2f6550f30fec9f23dad9622dac5a229a3f7c32adaa575251d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5f41d4.TMP
Filesize
4KB

MD5
5b70f23ec88ba0e77e91888c034faec3

SHA1
38916b5fca7b2b5b7818cf975f9e6d30867f5eab

SHA256
3dc97d5e9ba8d9109547ef432feb8ebd6501cd8e74a08e05d0e46795cb17bbeb

SHA512
a12bcec878ead08db99d86f6f54819a1abb72c32eb8279b108ea7ad4962a047705309d390fdcd4165a31bd8530519567840710ccc776b30b4b7d4d2470082907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f3cf84bb-b7c2-471d-b42a-d393ced40975.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b8f2f50a27ad217983f1c9a221abfbf4

SHA1
4e8699e3b4aa3b06c50aae0fae62e21d5661e104

SHA256
518e8002eaf4ab8c412877689a8b9db8ee2b6ea8de8eb2a44245f8afeb600663

SHA512
6a3fa50b3dc2d5aa2c5f1f5264a420823c2e4b0966488f2cbb95b14ee4e837552f596feb48349797e4a35b3b349cb858a11a298fe7af395b4c5afc3eb2616b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
5e7788dfb631357b5ec2b323e8ef1dab

SHA1
fbb343b3c1f9ca1dcdcf8b2f943d43c6c99f8cda

SHA256
dd04dadcdb9f2c3048b023285760edf570abda2cebd9cfd6cd88e7cce3093ff7

SHA512
f79f5319c8b32b4c7472ae6798fb5c2d28563219c60713042d2a4e0d33e3312f647740f3cdf24de5635223dfbb6c9f73c3cf833c33c2e95900a8ccaf5dc0b213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
c94d659c89a3b705a2e3fd7d32140a05

SHA1
78e43f8dbfcc0a20781ac4e97cb05092a9a096db

SHA256
7aac8701b983adda1bd9202ccf96df3f9c23b0a8f278732b243751f8f00f37c8

SHA512
9242e73055278af047e958503e954b860678c42bd02ab4ac7dd32a81ad0489b379dd943575b17abf87856d123b9888b25d88d23ca5fb7ff5c3a8d7c8b56b0ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
1dcdf1fb009d53c0c65dd57b236ceb07

SHA1
f3516ca810b9214d48513be4770affff29622e10

SHA256
3bd32c882fb78e803c9963b29230702ebdb2d4daa73a7c67a3ff3f0e76f24719

SHA512
69b75bc0e04ad71b7f0eed771254f25793ed294a47cdea50542dd06059c9e7b57e684900407b935e24fa54ae34f89d11a91f55960b821e0725fe3f08624306d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp
Filesize
25KB

MD5
56c16b2262509cd3fce26c4e9295bf2b

SHA1
ea51e102a87c6a98cecc4eae350480870ea58926

SHA256
73579ef1df45659e99409e17b5cf96d1fb74680bd20306b2e003b6219254c6d8

SHA512
2100bbca92f30a34d5966cb7e3e3586d7523bdc27487a40e106439d143d193fefbb3a4230da0cf3e5207abbf2397a05e5ca2417fbf6307f037d67a5414ffc109

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
Filesize
6KB

MD5
05000d8be947e1339b1f89659c055bda

SHA1
b0d06374b8350aeca5f6a1cc0bffd76878288d30

SHA256
29a640e71304acb37e79f16cac1655576aa56b1d7f30ed53a0dc467c5ac4a1b2

SHA512
35884b56a57f87ab1b231295a0c33d7eeb4e6727b437fcfca3b352c75a936f77f60d5a2f8b36bafe1119afc16719749b5648752c686b53aa3a9e012f7ccfaa0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
Filesize
6KB

MD5
fc2dd5c9ecc75f834f3cf4a3203ab0a8

SHA1
b219083bba84e7f33e4df28bbd568ea2be0a3e98

SHA256
d38181486e43eea1b2c54fe35014ff9e84c66659ff17846bf5df54ef32736580

SHA512
287f3ada32db9be96a511e619c51bc22d02f6aabd7d8e1e71797a22472e0040a1a0cccd84e317342ab7c436cf7f0bfe070a695e93f23bb39ee12d04a520b30e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
94b2bdf5a2162f2314ef4fb5e92a64a8

SHA1
ecea15079b5214458923e84ca62d4086598ecb9a

SHA256
637fd60a0271339f42d95442602dc8701bb57bd7ffa63214952863ef6ea379ec

SHA512
187209d4924d82df2e39ef0df04d08b46a00f3832f20508209c4c57c791b72206131459fec19e4e3ae3ada4b3796a85903e001486989664bd37d7a0b67a0301f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore.jsonlz4
Filesize
4KB

MD5
4cc3ff526ff37e7b77b76a6d6dc1dc97

SHA1
4d418e104683bff5a0e7f67a2bdec406e4133fa7

SHA256
7127038c2852d60922bbd2361b4f88e507e079c8c83be632c4ab5ee1554a3e0f

SHA512
f19e0bcb49c7d8b6e89b2043cc9c8c54a0d79ec32e399ef14daf5985d246622212af3647d8492b7a6fdbc3395bdfc927191ee3a446a3393176ba931a1d6e4744

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
192KB

MD5
ac00157ac293d8bed87680352dbf820a

SHA1
d0ca3dd3bac5cf7a75c1ff883e6bd0a4783f5995

SHA256
4d5eb90affec601acaf76e6209efd8ddb4cae39bf7461048387d5ebdf53d3c5c

SHA512
331782195fd488207b36bce4329126aeda3cda8d1f483474da65eccad0a3128e629f8ab38906c4087b6554cc3276c0ddc9f42cd4b2a50cefaf9f07f84f50d5ec

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 608921.crdownload
Filesize
12.1MB

MD5
017e28cd77905a0bd918d7e725632a2a

SHA1
d709e343f64d93ab00c6fc0aa4ae6ab22aec9f73

SHA256
c8de0e92e603214114f8800dd99ecf8cb69ac85caf8010a99ba3f66afe70fcbf

SHA512
0ae6f1dea994d879043b0ef63049cdbd68dd7671b1df53f3688e91a7027dde8de6d193bafeb12f4c6b7f97909d116f06811a29d13c56ada2c774e78dcc5f1a16

Download Submit
C:\Users\Admin\Downloads\release.zip.crdownload
Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
\??\pipe\crashpad_4584_AXRCNOLOSJAXOQPQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/864-2207-0x000001A9865C0000-0x000001A9865D8000-memory.dmp

Filesize
96KB

Download
memory/2824-82-0x00007FF8AD630000-0x00007FF8AE0F1000-memory.dmp

Filesize
10.8MB

Download
memory/2824-93-0x00007FF8AD630000-0x00007FF8AE0F1000-memory.dmp

Filesize
10.8MB

Download
memory/2824-83-0x000001AD5F200000-0x000001AD5F728000-memory.dmp

Filesize
5.2MB

Download
memory/2824-81-0x000001AD5E910000-0x000001AD5EAD2000-memory.dmp

Filesize
1.8MB

Download
memory/2824-80-0x00007FF8AD633000-0x00007FF8AD635000-memory.dmp

Filesize
8KB

Download
memory/2824-79-0x000001AD44280000-0x000001AD44298000-memory.dmp

Filesize
96KB

Download
memory/4156-96-0x0000000000A60000-0x0000000000A68000-memory.dmp

Filesize
32KB

Download
memory/4156-95-0x000000007483E000-0x000000007483F000-memory.dmp

Filesize
4KB

Download
memory/4156-2113-0x00000000067A0000-0x00000000068C2000-memory.dmp

Filesize
1.1MB

Download
memory/4156-97-0x0000000005AC0000-0x0000000006064000-memory.dmp

Filesize
5.6MB

Download
memory/4156-98-0x0000000005440000-0x00000000054D2000-memory.dmp

Filesize
584KB

Download
memory/4156-99-0x0000000005510000-0x000000000551A000-memory.dmp

Filesize
40KB

Download
memory/4156-118-0x000000007483E000-0x000000007483F000-memory.dmp

Filesize
4KB

Download