Overview

overview

10

Static

static

10

Client-built.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16-07-2024 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    7a00b5c817dd0b9474f4d240bcd31f43

  • SHA1

    634b7287387198ed5a17b7871f4a997d70d0d11a

  • SHA256

    8a1133fca1b901fcfc30def8281195377e0ca6b9aa3aea6761d3052bd158a8dd

  • SHA512

    7266e58798bd41c996bf44ea1be451a35104d93a8394c10c50fa112f4842de24dccca989e04014d0e006212dd1f95bf91cf6691e8a54ec03aaae8b8300509f7f

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+zPIC:5Zv5PDwbjNrmAE+rIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIzMDUyMTczMDAyODUzNTg5OA.GXsfBL.GL3qISVGeFab0vYpCvUtoH7bg9zhMan1d7KAis

  • server_id

    1262688535409070121

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3124
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9b45c3cb8,0x7ff9b45c3cc8,0x7ff9b45c3cd8
      2⤵
        PID:3528
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        2⤵
          PID:4072
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4860
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
          2⤵
            PID:5052
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
            2⤵
              PID:2944
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
              2⤵
                PID:4536
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                2⤵
                  PID:896
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
                  2⤵
                    PID:904
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5032
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
                    2⤵
                      PID:2664
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                      2⤵
                        PID:5064
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1448
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                        2⤵
                          PID:3492
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
                          2⤵
                            PID:1032
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
                            2⤵
                              PID:1428
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
                              2⤵
                                PID:3288
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                                2⤵
                                  PID:2944
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6148 /prefetch:8
                                  2⤵
                                    PID:1212
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
                                    2⤵
                                      PID:764
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                                      2⤵
                                        PID:4792
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5217141498322976579,12971735526344873139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                                        2⤵
                                          PID:3584
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:2408
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:3572
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                            1⤵
                                              PID:4576
                                            • C:\Windows\system32\AUDIODG.EXE
                                              C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C0
                                              1⤵
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:1636

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              5efcc43219d778bd14d32016100f2708

                                              SHA1

                                              b06f6726698a68781854bc342a54e06bc4562217

                                              SHA256

                                              a7534c7d125854f7fe662a7951443cad1d1ff0d8d3eb537dde5a381cd3415666

                                              SHA512

                                              6bbdf16b41bbc3ac5d4e2b93683a712d56eb58719799f69cb7240a77f799928b48af2771f76d9d7829846db12d0116e3a8ea6c5d0f02d5e840db1b3c018480b4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              b26cef15e9a3cc82fb429a163f96ac6b

                                              SHA1

                                              718ac4822198b1a21f43b6941d0d8df107fd0015

                                              SHA256

                                              73af2c2ebc9187187d887e4abc8b04561c55f36f7f9cdf20293d522ce5c2f506

                                              SHA512

                                              87f96314ea9a1f394d24de5657e61cc6809c961fd05280b4875a06bb928f4e19dadf725fcd0417f16c93cdceca349dd27dd95d0f8f0f756020322803b2f91cdc

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
                                              Filesize

                                              211KB

                                              MD5

                                              151fb811968eaf8efb840908b89dc9d4

                                              SHA1

                                              7ec811009fd9b0e6d92d12d78b002275f2f1bee1

                                              SHA256

                                              043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

                                              SHA512

                                              83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              0ab30c5d681f9bd0cd4a5b948dbd51cc

                                              SHA1

                                              4072f3961251acd97346cd29c106ae073c384e77

                                              SHA256

                                              383c806f1b92740882207aa2ff45cfec340dadc2ed9f20d10d1720328a4b771c

                                              SHA512

                                              7b4cda29bc583e514ace3da58428a480f0477a704712c7c60d4bbe83c1401cb0ba7c0863e1a8c939cf0d25cc31f570507494927615bda58efcdd758149a5427a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              7KB

                                              MD5

                                              f329c0ec817917fe6a798f2cbdf64b91

                                              SHA1

                                              477916b434fbc269cea566eb42681960963dcd82

                                              SHA256

                                              01db1e12da1a7dee75d0b1e82230dd345e1458126a1c37408e04a49397ecb404

                                              SHA512

                                              5108b923bd0b9fa28a74d27a220fa90607e8a4e7004d4176026ce271442bdb6150bee7b95fd986249b27d68ad0a619eb53d6fe9a1a82e09865e865a9bb3d5bcc

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              c59279a968c20000527869de8d17d077

                                              SHA1

                                              25c2508e075cef388d61f055104bd3ea13d75db5

                                              SHA256

                                              c4f11e5ce80171914541af5b068b6b6247ac1c6099c30b55a83b81715d7673a1

                                              SHA512

                                              7dc7056db51b46f58bf8f55b6bd92df8e5926f7856e99b0b197900b951be55c1c6178bd2109e8e5fe5ae4c46835105caddbab8bb754959973cc99c12d876debc

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              7KB

                                              MD5

                                              862f197144a8abf92ad2020891711f42

                                              SHA1

                                              1c43d2f09545bdce23bf88415248dfca6fadbec8

                                              SHA256

                                              67bda2dd6fb84f158f58184e97059563695fd63c906ce4dc4e697325655338d2

                                              SHA512

                                              0cc8ed04ad21c345c2bf057970579f14af6595fc193fd4ce9a79c5da4d26ca57266eb0926c6141a6c34a248345fdf97d696a4cc6f51114e62fff807a08a6cc2a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                              Filesize

                                              96B

                                              MD5

                                              c58e026d49efd7a5736a652de1f927e6

                                              SHA1

                                              3b4a553487cee52f552c0f59cfc7205c3bc4300d

                                              SHA256

                                              80b4a31bdc3f0d7d075c9cf1e2bc93bd59f5b906c7d84a1e892359b3bd116385

                                              SHA512

                                              87ea94ab4ee5999d41b2d2fffb93b3d45989dc549a869553b2f2794b05b965f286ba7ce07a63c5ca7f7930b8eea9485dd925598ff094017c7c772fcc8fe1ba1b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59a0f9.TMP
                                              Filesize

                                              48B

                                              MD5

                                              1c9cb16560982de3b13823276623df91

                                              SHA1

                                              9ba5c89d7656c74ccb9b767723176dad99695f3d

                                              SHA256

                                              44d4341687751a42369a34bfb0b9135b58ddbf03681d363a3c8f2d393343316d

                                              SHA512

                                              5948c7a1af5f70bb182ca76fe9b5cf0db8f3acfb690d0b42ffa6ddaa60695648b40fac3bdf404c6b83bb9e0b7fb22e6f029bf85ef667913fb88991b8b682e5c5

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              1KB

                                              MD5

                                              ec9c88e4a379cb4950104ac380a60ff4

                                              SHA1

                                              fba3b232d8b42ac2101308cc4138f8e9da47e028

                                              SHA256

                                              03249cc7e163d14d6d6f26fbac51b6c531de0071abba4ddf309f1ab5cf00d125

                                              SHA512

                                              beccc14b71bf5ffb1d554570beb46966071f5ea1985f89a017097a9d5a83abd13aa52c1856dc611864e9b332750ea9f1f975dd0f0e29a6e11042115c543130de

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              1KB

                                              MD5

                                              c7a22f177ee94f405360863087a6cfc9

                                              SHA1

                                              16753afd1573e8d668fcb3e1d415c844696f4a3f

                                              SHA256

                                              fca1da46fe461f3b368a9d5d826279e48baf2b2fcc575696bb93649c858c3c09

                                              SHA512

                                              6e23cdd46244a8153711bde67ae5a79ac45edb2a33f999a2cac8f366c994e44c205d0f7ec15f03100f785ea9fae05c9fe5bf3a8234a24fac14536353635cf3e4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5996a8.TMP
                                              Filesize

                                              535B

                                              MD5

                                              8f91fafc6b4fcd56a61416d45c6ff491

                                              SHA1

                                              841c7778009076e225f8241eb3a0d7db9ea0d81e

                                              SHA256

                                              e217d77899a5ff0e6ddf0e70d53d597e2e25c525fb421f9631b14c1e0c53b4cc

                                              SHA512

                                              17ba417d0054b41fe2ceabcd8a50c4b69335fe972cae71a1af78cc18a69d175f90d095fcf051d388096809a277ba3b7fecef922d52f197451af1ac74b8c24655

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              46295cac801e5d4857d09837238a6394

                                              SHA1

                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                              SHA256

                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                              SHA512

                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              206702161f94c5cd39fadd03f4014d98

                                              SHA1

                                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                              SHA256

                                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                              SHA512

                                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              00f1a4774f7eea29583982eb8f0cab4c

                                              SHA1

                                              79e53ee9528091a234435bfcbf77caca146d4001

                                              SHA256

                                              b6f5d0ae089b2f5a2f2b54f42fc72f0c9c9893d42b023a7e1cfbb6dde93fe5f3

                                              SHA512

                                              969e7bea71f4452393f271b1366923b5242f473a4ede4130f41444dc21d157eb6fd9f844fd124c722ec348707b93296d32f225ad1d233d1b0358fbb7001561c5

                                              Download Submit

                                            • memory/3124-1-0x00000221FDB50000-0x00000221FDB68000-memory.dmp

                                              Filesize

                                              96KB

                                              Download

                                            • memory/3124-0-0x00007FF9B8063000-0x00007FF9B8065000-memory.dmp

                                              Filesize

                                              8KB

                                              Download

                                            • memory/3124-5-0x00007FF9B8060000-0x00007FF9B8B22000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download

                                            • memory/3124-2-0x0000022200000000-0x00000222001C2000-memory.dmp

                                              Filesize

                                              1.8MB

                                              Download

                                            • memory/3124-3-0x00007FF9B8060000-0x00007FF9B8B22000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download

                                            • memory/3124-4-0x00000221997F0000-0x0000022199D18000-memory.dmp

                                              Filesize

                                              5.2MB

                                              Download

                                            • memory/3124-6-0x0000022199310000-0x000002219931E000-memory.dmp

                                              Filesize

                                              56KB

                                              Download