discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0?tab=readme-ov-file

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
03-07-2024 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0?tab=readme-ov-file

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

server_id
1258135516776501258

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Executes dropped EXE 2 IoCs

Processes:

Client-built.exeClient-built.exe

pid process

1992 Client-built.exe
4960 Client-built.exe

pid	process
1992	Client-built.exe
4960	Client-built.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

Processes:

MiniSearchHost.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\release.zip:Zone.Identifier msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
4840	msedge.exe
4840	msedge.exe
4192	msedge.exe
4192	msedge.exe
2004	identity_helper.exe
2004	identity_helper.exe
924	msedge.exe
924	msedge.exe
3388	msedge.exe
3388	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4192 msedge.exe
4192 msedge.exe
4192 msedge.exe
4192 msedge.exe
4192 msedge.exe
4192 msedge.exe
4192 msedge.exe
4192 msedge.exe
4192 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Client-built.exeClient-built.exe

description pid process

Token: SeDebugPrivilege 1992 Client-built.exe
Token: SeDebugPrivilege 4960 Client-built.exe

description	pid	process
Token: SeDebugPrivilege	1992	Client-built.exe
Token: SeDebugPrivilege	4960	Client-built.exe

Suspicious use of FindShellTrayWindow 59 IoCs

Processes:

msedge.exe

pid	process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

4316 MiniSearchHost.exe

pid	process
4316	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4192 wrote to memory of 1896	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 1896	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4956	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4840	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4840	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe
PID 4192 wrote to memory of 4136	4192	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/Discord-RAT-2.0?tab=readme-ov-file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8ab793cb8,0x7ff8ab793cc8,0x7ff8ab793cd8
2⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
2⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8
2⤵
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
2⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
2⤵
PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
2⤵
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
2⤵
PID:1096

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
2⤵
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
2⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
2⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
2⤵
PID:240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3528647206056898898,1899308021001569957,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1672 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:560

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1108

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
PID:2076

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1992

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6c9e5afa53a396c5663f22632a417d09

SHA1
d0ab4eae378aafc7dfbf87e22a3113a642f0633a

SHA256
50ded1ff4676a285d97aca12244287f807e5c9dc5d258a63fb22a248557fb9b1

SHA512
543d694c98ef09020792e911313b31da77233a39d7de4d7ebe320bbd82b6c830f86983bbd5642b6c546b50de90e1644b80e2fb8400dd95800ec7c44bc17947e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
46bfadfc09e91238fe82de0fe30d91d2

SHA1
5da9d92d08803a52c63c1b96c6027e603e5fc3ef

SHA256
99733b0f1fec41252c1cf23c4a77b60aa371815f1c4c6fca5b0f81e81edf0f1d

SHA512
594994c4261e410c895b7f9b83562cd35eff449acb8fe1c124939a9e6c6fb8153516aff2445719fb73e8ba9df98c425ab30f247aa30571fc4d9cf2979f7582ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
d372a18818a1a01342adad327e8c8d4a

SHA1
a7bcec8b7a913e04dfba9f268ea282515bca49b2

SHA256
a89b6af61528dc3c40011f6ca26bdb691172719905a578496b3d9d55ce383797

SHA512
5b3663901ba1d462f9a3b43aa08c84607c45233790710a17c90ca9fd8bff128fae3ec19f96a5578b4cc3199b4f358728d6da6759ad9ed21ea15bc22e3a2bfb02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
496B

MD5
791d98b59c93c2e06725b7f86e8734ca

SHA1
2a6ce2a182a6ce1a84a0a1d2139c3ea3304b6159

SHA256
5a77e89851e696de392857cc1c730a7df35f4a3f0f57f8ac0de0bce6b36c063e

SHA512
a0b8d7417b57fa319fb128e1bf28ac9141397553204bbb4bd175113359a6d32ac55148b86f10f551fdc27f306e0a9a0b3b06ad1e79c1a76fbc8ad98bf3d3b15e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
76c8385edd93fd72c8dbd9e0bfb33448

SHA1
2f53b66cf83ca483f03e0b298238e553bed70a10

SHA256
5622b544cd75073c888a711fcae63de6952154b70c4be404db30d622848e5f75

SHA512
889d1b8b2a97c58a1c7b9611a9e79b833c4f987932d6fd9df18f2a12e48d48a78e449c04b6e7b6458c10e2c438472c6f3974e3fe19bca5e94e3913e8e07dbd2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1eec8716f2990bede5451c5da284be58

SHA1
2ee2495cd821758dc7b801e8d43e62941fc7091a

SHA256
c25d6eab7b747abf5bf598215102c50084595162cbb6bc5c238cca81072dfc3a

SHA512
ae61d43ac337bb9196173801f041640e31926c71cce6a92517462edab9aea20721d0656cb0b72a0929ef505b36fff7a0237d350020e00fb68262760b32b0569d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cf0d26b35b256fd16da04d446f5ff723

SHA1
2d1d0ec123d297f35edaa282d2fb2034870994f8

SHA256
368a0c61f625ce0004dfa92ae9283a537643f4c735ddb2864c6ab1495eba530c

SHA512
576be0bb4886212341930487625c1c3d9205892cdd137c855b8a8b6b826353101ea08c31c0f425146d638a0c7082af082ffb110f17b731741acbc3d921cd4c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d3d8fba529f17780c91865a29be9f521

SHA1
0cd69ceeb164c77f06b662ad117d5a2a5b9dda46

SHA256
92befdddffa50739bda937d15250bb40b10276f0d94d9e6361bf3d47851c9cfd

SHA512
c83a5ad7b0a27f4b0fbb8053e8d40410dbcdede9f75320f1ede42b9008c919322e661be0b6e8ca7a8106d8d3412392dfe525b489655c576c872359601b8ccb50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
cd6050d3a6e28fcc0a9df3e9f978f892

SHA1
7895b95d23de6bd2576f4a429ab578ce73f5cf6d

SHA256
89c9102fa54294c738a0a4ea65cb93f59033074669fcda7e59d09cdb552f9b0c

SHA512
02f866882c952386719a340be79817e79d22e1c040d8b7e13d52e511b4c1ac721731e0e039623027c0938d28dad36ecf6d6a7f969667bfd29884d24204a014cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
844B

MD5
b37d87a2c926b56abfb41cd83366daf4

SHA1
d57c5f83fb79c42d91352624fac023839cf878cd

SHA256
0b86790251aad4d4c44ebeb79bc7bf56dc1571d99b8375dd4a8cec01ef26397e

SHA512
7f7e25ead3039413dfbe14c74c14a332476cc4f7e0495675ab753a245f1ff5ad38eb2e84b629b51365d0e720e72229eaf007636a8e328eee15481e2c15889b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
844B

MD5
d6c09e34b5f64416a802e1dfbd677f7f

SHA1
e3815de59e88d64c445db93bff32328143c61e65

SHA256
2c4283c93e7363d181aaa2354801e7e16dc046409c65f2ffafec36a0be72b385

SHA512
1cf39d372b91038a7e751b81af05c6517920e3de583cd2e053467d6b02ea798b6c9ea284ef3614bd6913fb09c64cb4abde1ce7dc98161319f290043c8aaf163d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de3a.TMP
Filesize
844B

MD5
db75cabf3cd667428b41c5b99853323b

SHA1
5ad65eefe13c908a28f0e579c1e10af8f8b029ad

SHA256
d2303a1c800ead2ed19959c580cb541e06832161a9ee3021472c4287de7cdc58

SHA512
246439cc99bec2a856ef54d72e1e4318d3307525fcccaaa05861205117f7937326f64247ebb19ad2f276a40271e7b5d65a04961a4c43b18ec1fa296b1e3d2cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
0d3d7deb80e9c8726b61d580722da6d5

SHA1
95d979e2100cd202c7f7d71c8d46f9c0108eb04f

SHA256
dde3cffd9bdccb75849c213f49a396f6238d1e8dbacb0841a7fb75d1da38140f

SHA512
17583aae9decc51b55ce7457a27bd1abd7c8377c24044c409fd0f50479c2dc0d58dc1921f76dd8ff9d9ad1330c968c470d9b2bdecd79cdf308763c65b4c7a1ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
35610d19707e5f13de5566541322d7a4

SHA1
00a83aa661cae8716a84247d6230422f2aebdcab

SHA256
320f9c276423bfdc384fdcb3039ab47707fd73e2078bb0d2c46053f115fd31a9

SHA512
3617562b777054f3bc44cbb16a30a582a09fb6aa7025a3e68caacc3e9ad77d8d6fec24fd80f67a895d98010b542c6d9a7db0563cbcf0224cec9273c7ae60e46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
a0931fe603924bad79950b0d65154eae

SHA1
e1f2ffbe465b10489230f05647824565ea7d258a

SHA256
68a534928d5c8bfba50aa13504085a56918445c5d2f88e9bab6dc8949b81629c

SHA512
46d68c4667e28d709f25dac1fb8b1e20ff2b10b519a13300d07fe442dece45da28366e217f84ca11113e74a5194055afa5598e68a9435cb0a9c60ea4985fcc21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
821014dfc62d57f58ce1156a8b36eb8a

SHA1
2739bf89a004fdb9f3f2e96fafda5077bfc41865

SHA256
92f29f0ff32d93bd6ce729692cf2778f1c14e38ff01c2afcbd3491821188ad2c

SHA512
8d1f7e793c9ff9a9ca9268e9ffb78cbc653f94dab721d3396a4182927cb823951606b3ddc425b63b2eb56642a4993ec628ec0246457cc396f03e64ec93e10b63

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 784750.crdownload
Filesize
415KB

MD5
8ea5323915b189ad31e937133bc963f8

SHA1
26e7d388a67c29587b54969d50fe46a86dbed42f

SHA256
f0702f21d143009c8c44eb64b8323b8d21a8b6c362ae7afa3434b2cf99783d2b

SHA512
2873fcd2b2ae41c3643630487aeac72a0d68224d89f7899ef2a89e60cf46899f760bf8276cc5149cf9dd610a0e3f782ba729e17727bac7f56786a55dbc3667c9

Download Submit
C:\Users\Admin\Downloads\release.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe
Filesize
78KB

MD5
61e240a0e18d505c389053fe139b24ef

SHA1
94882ae3339a48919b603ef443f63b8d89f1c658

SHA256
8e21511c9686941367fc5a7506622f7cf633265416309028d5f2e18cbb28a5b4

SHA512
9c9e4c0caad5feaffaf01fa6ba20fdb1e3216ed93073bc20a6ffb505c04fe03df06b25e6db6d04b333d478acaed46144a2678d8d0dff7f4ac8067f2b478870f5

Download Submit
\??\pipe\LOCAL\crashpad_4192_VLLBNUJGXPTGSSZZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1992-344-0x0000022783270000-0x0000022783288000-memory.dmp

Filesize
96KB

Download
memory/1992-345-0x000002279D910000-0x000002279DAD2000-memory.dmp

Filesize
1.8MB

Download
memory/1992-346-0x000002279E110000-0x000002279E638000-memory.dmp

Filesize
5.2MB

Download
memory/2076-279-0x0000000004BA0000-0x0000000004BAA000-memory.dmp

Filesize
40KB

Download
memory/2076-278-0x0000000004BE0000-0x0000000004C72000-memory.dmp

Filesize
584KB

Download
memory/2076-277-0x0000000005190000-0x0000000005736000-memory.dmp

Filesize
5.6MB

Download
memory/2076-340-0x0000000007960000-0x0000000007A82000-memory.dmp

Filesize
1.1MB

Download
memory/2076-276-0x00000000000F0000-0x00000000000F8000-memory.dmp

Filesize
32KB

Download