discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0

Analysis

max time kernel
385s
max time network
389s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2NDUyNTIyNzc0MDYzMTA4MQ.GnRuDO.AQtdxU_7x0FGitkTO_ZZxiNPadQnmOCXq5eZ_Q
server_id
1264526183773634623

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Executes dropped EXE 3 IoCs

Processes:

Client-built.exeClient-built.exeClient-built.exe

pid process

5004 Client-built.exe
5344 Client-built.exe
3936 Client-built.exe

pid	process
5004	Client-built.exe
5344	Client-built.exe
3936	Client-built.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

Processes:

msedge.exemsedge.exeOpenWith.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-464762018-485119342-1613148473-1000\{70E6663D-B7C3-473F-8294-5FCCF9EA0084}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
3112	msedge.exe
3112	msedge.exe
1764	msedge.exe
1764	msedge.exe
512	identity_helper.exe
512	identity_helper.exe
3956	msedge.exe
3956	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
6048	msedge.exe
6048	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

5604 OpenWith.exe

pid	process
5604	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

Processes:

msedge.exe

pid	process
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

AUDIODG.EXEClient-built.exeClient-built.exeClient-built.exe

description	pid	process
Token: 33	6088	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6088	AUDIODG.EXE
Token: SeDebugPrivilege	5004	Client-built.exe
Token: SeDebugPrivilege	5344	Client-built.exe
Token: SeDebugPrivilege	3936	Client-built.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

msedge.exe

pid	process
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

OpenWith.exeOpenWith.exe

pid	process
4068	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe
5604	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1764 wrote to memory of 3828	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3828	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 924	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3112	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3112	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3700	1764	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/Discord-RAT-2.0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a87346f8,0x7ff9a8734708,0x7ff9a8734718
2⤵
PID:3828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
2⤵
PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
2⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
2⤵
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5424 /prefetch:8
2⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
2⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
2⤵
PID:2748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
2⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
2⤵
PID:5212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
2⤵
PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
2⤵
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
2⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
2⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
2⤵
PID:5928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
2⤵
PID:2116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
2⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6636 /prefetch:8
2⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6880 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:6048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7012 /prefetch:8
2⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
2⤵
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
2⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6452 /prefetch:8
2⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
2⤵
PID:1536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
2⤵
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
2⤵
PID:6084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6872 /prefetch:8
2⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
2⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
2⤵
PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16622774011880957768,6118282679853033386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
2⤵
PID:5960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1572

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
PID:5908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4068

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5604

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5004

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5344

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
227KB

MD5
a277dba1ffd7ce3ecbc852667e01f15c

SHA1
a27e1e9c2a5fe88cdac2f737a33bb2537d4b537c

SHA256
4fd6fc02d95c915b14678d9931837fc72b8507e8ac4f44e856160a9fbde35d1d

SHA512
8f0e251dc1b73ad429d3f16eee63ec09c30ef3548019cea921120531a73358f06fdf233e1db5fc584d0d95e59dc1738143b9dedef2ef47c8c03aeadee1e5c8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
20KB

MD5
c7420e502499396427f14ef63f279e86

SHA1
200ced2e2864fc555ab9025737626321f945a559

SHA256
e9b087af675cf99a9d580afe316fb78b098436b221e8c172b884864abfcbe2a3

SHA512
2cb4c4d1061efb2ab270a245ad931b788c26898879a8d3393eda4404af31f7888ee89b0dc05db0c3032fdb084b8ba57f64d5693e6836d891c5a7d56b15ee06d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
47KB

MD5
818a47b474bbcefc3e2a2859e374c9bd

SHA1
e01df60fcca6dd035052e1e823c431e0f05eda1c

SHA256
ec14646ac9285ab6dd258848f4b811dde887f353977af397f03fa54dd30d8880

SHA512
7b65f17c269e2c550ee006281d58a5fa6cc721d40c35a21319491f8d8c0d0814cfdbe426708680ae4cce40d9059616a2c11544dfb6b429b61e768e7e33b5cfbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
745KB

MD5
0223f5c79114cb325ef80dc493f25f29

SHA1
3fc0fb2e7d531a67395ff273ba9191b2b3ec4fb3

SHA256
09323eb9b68ea856c6f6fa68a08965c64d1673d62b72970108d782cd6c09729d

SHA512
465b17ac104e008acd7e4e0296b02284e4a295e2a6a6d27fb3511f11b16551f3d21535ab756ca8587724fe63b5cb649baf0d43db682e2c456ee86290b7bf508d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
32KB

MD5
2a3c7f08911cf09ee40d780831e9f7c2

SHA1
90e953007666471cdc4d641a74c58122cc230d14

SHA256
7a46bb2cad4c2a7e23ddd544b6ce502c25ef56d317493dd91ae32881071ce1a1

SHA512
f270d7c7bbc799840491c2e1f39eed3d447fe502ced7dac6f4033efb7cbe37cdde582755b6ac89f553b035c4c05524b23466fbc0d55c938224e2459dd7e8d6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
32KB

MD5
b9400658387efb96b4f53ef18bafd18e

SHA1
03e9ddc38a17e4da4a4ec04d869cdadffaf81860

SHA256
029ec346019b538d20e2b2420c384b3a6c91a31f8e9c3ce386f7b111675a2e44

SHA512
1f094defa20a97eaaf696d7c9138bca987da80875901d25ae05994618b624e1df5a4a8dceb9331f122ace807187452d3d050bc4045049425f681000c100a2c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e0dfa527e272627d4cb7784ca516f86b

SHA1
f4995f30f7cfe7d355c03c82b97bd7b4ac153afc

SHA256
552f27ced51886e4e2ae5d6f0b279dfb4e76b3f9524fd5fb4edfc0042137c64c

SHA512
8d1eb94f336e66f85429ad610962418dbb1c2b71bf0e51501f03ef9c9dd467d459db2baed172c26d4e9309d6d8ff04fe49f30c44f21bf2ded6d5031517b7eeb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
280627bb977080926e71214e5f239eb4

SHA1
11a3ee47af1fef14233e083fbaeafee26196cf43

SHA256
4a879406e452f3761b9f1caea081957aad61c8620471a24c4ed60400c67d5525

SHA512
f40e42182509e33af5ff20e3802e182b84616ece61a0e4f94f84be8361d58ef89574325bd2f00663491141f7cb08cd3d842542114f615961274f89518f3c26c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9cd35188011569d89c82a803610a557a

SHA1
1dc5082eb87c78f114679f64c8e18a055502a303

SHA256
00d0d37e835e022f40bab3401d4902250b1848d2608e5d907e495bb196108480

SHA512
0c29399733a9b51f571e84d1be9ff42840ea9581f556cbb1c0240e2f7ed3482a7b619cf5a7a474b29abfcc9efd21a5f4542d969ab20c0706bcf1aeb3952c4ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
253946d21df77f51776ef2d853efaf64

SHA1
32578e4501957cb4d857a42afcfda89e6b85ad77

SHA256
cbf034d67393b04ce2579e95d0758a225c768704f4b58345f58a3edcf0ad6812

SHA512
4d0eb8da90a8758f82cbf816c2a8f1dea32ba4eb0ce2329ba054620949b2aa56f3b9dd2f6ab7cc52f5f107ee6f48cd0f0b327943698cc6652ff3ccca1e89b451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
492f49e66f236b62aa201d1c4c1beca6

SHA1
2fb242f39f16ea27142f6d337ef0396bf124dc01

SHA256
4ee130f2d3f5d755e0dfb1bc0285ad12aac6e8e20a575f24dd599fbc46d191fd

SHA512
cf32dab2c4486f392cc84324960b4c55576140227ec425f166371c26163446197e7130fbaa8c5f857f60f904ac9330c4615a6eb72c8411d9220f3f87f16e9e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
33fc6f377130d6f3c13e931381c9938e

SHA1
c207a7edc2d704524d91a4c5542df3ef466e3ba9

SHA256
687af005a9ffb7618a8ee6e2af69b41ba02cb3f24d7262c1417f9677eadf1d80

SHA512
cecb614b3c4a89e23a98b5724c2b92d59e4e8df2f2780062634279ca82b0f9ff305abda9016815c5b723efc97d037368f5aeb7a701fe499da163e5b74f3fe4f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56b690483a7c94e1ed05510f5cee7526

SHA1
7814bf3fc2b29c9a1b8954e0cd8e71c4378ec9a0

SHA256
d1bcce05859422a84b14e6054a9d7d5cc0c3ab13d08cb827078595abd0aae106

SHA512
1e1d06ce8e7fbf90ff1ba01c1c290bc12986431cce94771cff9ce36010bbffe28e0257054fab5d074c0ad07f1f0974653bf41719032294384c4a46104e57f164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
271f289349e5bda547e7e8b6c8f36e63

SHA1
9eee51824842446e5ed1de50fcaa47c740d671a4

SHA256
8f664e3b2bc0b4a877a83dac6e2b7a4a096b8dc4792731271ee04fe49e4162ca

SHA512
fdbe773e8a99f1626692c235f47e70e6aef242f22759def020f0ee479e084fb024faa3fed726af1394913b904e2f2dd11d97d893c4fb8672c34bf4a9dc1b3737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9157c775a5ced06f9ab164409fa2f73c

SHA1
8412e9cc57dcc9ba2bec16629347c951bb5b597a

SHA256
6ebff35f3aa92b2867bc4df891bfb9d115d677823faff5c847d7418f58bbda9e

SHA512
0345807c89f3f98bc0607739fd1cf76b3463453a9b305b3b8d5d0fc6093f88a464855c935783af4f2d00e9f9e9f00dfc35fc99fa73fa4c6d84fd03f858ad5d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f9eafce8c16e75c0850f554eb1d767b6

SHA1
2a3ab485d1e0a67a0c0db8fe57c70c24218924f0

SHA256
313756c4f4a9cb47c2455de8004bb8cd9fe1b29013644aaf2c0a4ef1e6258d2d

SHA512
a8c87e176fe2ec84c67faefc15c73cb9ee0525407c44d46de07f3db05c858e69eeb19f7f7686af4535adf7211f343e6546d80153bdcfa180897cb9e9703cc200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3ba82f8438406d01e9b6685548405099

SHA1
b51a7c0b7e1f0ca55b82b91ec180b6258a189696

SHA256
cd628035e4bec49c2044e7c9a37c09c11d86fd6a264a8a675bce53ecd23d54a4

SHA512
b1f42df922c57b23b8f12940307730e94a1c6aa859d1978f39aabec146bdb461c1f1deb20ef24dec903be3bea6ff4b326c866444c4e2490412262ed03458dce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3cc037f363263cb6f8de838c0e9b2c60

SHA1
73d7996582a4fe994c86f97166d60e02919256f2

SHA256
72d6f0ba1aacf5e25a38792802f73a6c9b33bb3221c843357517f67ccf1fcc8e

SHA512
3a6c325de50cbabd267520eaf8828dc69f65de772e5a0eea088753cd8685d02da80cd0f05ebb698c5f6fd9be99f15713e130da40a95fde2aabda2e4d2a3f9b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2f7d3746bf7cf3ddf1a454a1289a150f

SHA1
926104e3147f6383b9ad9b906058ee53a8a326b7

SHA256
557f7c16e38fb77c3a8fb4bbc7e142e5a949e25c4819f1b9b739a9bdf6d33855

SHA512
d19e09f4e73ca457faaff35c8bfa87b772a1c954fc216ac30e26d2a16d1d78d71959ee52fbab02bddeccf04d6af71cd52b374448cfd4bc9c65fa613be16d7bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f561298e238b1216ce2e2ce73090e6f0

SHA1
41a1017f369c43b1b6e5f3db46d68618ef388f76

SHA256
d3274aacdf166cc80d672665f2945bd44be772a2c5403158ee9604da3aba0e56

SHA512
dd1e206a8afad2fb2792b358666c465aacb114414aeab968147e944d363c176d453d89ae73054f739216834008078bbbad6bc1f2528d1bc6b2dd647e8001433d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a2a96bf1-74f0-4fba-985e-8dfef7c1a331\a90c64b0589b1262_0

Filesize
2KB

MD5
6ba0588d3b4271deed682a06c756af2a

SHA1
c2cc61ea2d8a88de4f4b201f8a599916f7f78434

SHA256
da638d2043fb2fa05daf964596c95631cd338eefe40fba29ba5c1812ccec8cb4

SHA512
089c03e687a6fe53b65bdd265aac6f3c5728a4f2fa406db4a4b9b963b8e3509e995d6afae0982dda81ba066d5a569ee1fc741e12d7b06f8321156a48ed2f6265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a2a96bf1-74f0-4fba-985e-8dfef7c1a331\index-dir\the-real-index

Filesize
624B

MD5
0a998618ca3871bcd8ea645ac75a4556

SHA1
f8de02acd87676064d62f6638939479c3d7837a7

SHA256
d41ee7d6250a4be7bff1bc90ac50bec8bd5ca1445f34087f0b50f58d539b6f0e

SHA512
726283f5f928519e67a9f4c86c4e5eb6efee7190bac20b44c17e884bbb040f4029f0c20ccecba83f567a769deb3ff5e5edb4d193dc6cb5200a30a5c94d4230ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a2a96bf1-74f0-4fba-985e-8dfef7c1a331\index-dir\the-real-index~RFe5ab6de.TMP

Filesize
48B

MD5
b7f90f3b4d3f6bf0511cb497065051d9

SHA1
d9c2e474db7c04341e774451cedb383cadd81c83

SHA256
913a4f65c8a199ae6e3aed24edc7fef71a8719dc1192b1ecbc2c1114822e7a9f

SHA512
cf8b3f40397946e1225fe5c66866141fd4b761b146d753d237f38a3e531435bcf6351fc703e6a1eff7074e5817c73a3fa7e280e89a1ef19a21cf9362daecdfba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad2444a1-7927-4a4e-97b0-1f6e84ec02cc\index-dir\the-real-index

Filesize
2KB

MD5
6dd45e1e7b0bad7e6a36080a5123d9ee

SHA1
62726053808926a2a4cae1438397e94f0fee338c

SHA256
854f32302939bf1d48572dcd73965fcf5dea8b5c107d1e9219fbb6f186de1b2f

SHA512
c19cd916042a1e677e6e657d0a942eae994e7bad02410090c6b0f5725a1ac77bdc448d7ea57511c0a1ec812e30454455c58d7be41187fdc133c1a519dbda77c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad2444a1-7927-4a4e-97b0-1f6e84ec02cc\index-dir\the-real-index

Filesize
2KB

MD5
51cc0622c827b6885f8d680c3ebeb3ff

SHA1
f5fe43a0bd82500cdabe50632690fd019c98f1fc

SHA256
31f1ef5685b3a8dbd803b53f084e6de0690a1bccb18029a602da34bddf60a867

SHA512
b33e4d4c4e38b5ba41acf607f626df04b25516afad1769a2161e570ac688ae81defaa638011a5931606538dbc3b5fe222ae98686485598217a3e4af0eac6c761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad2444a1-7927-4a4e-97b0-1f6e84ec02cc\index-dir\the-real-index~RFe5a5e7d.TMP

Filesize
48B

MD5
a3fb7bf9cd6c021c8325f4df12c66268

SHA1
72d06d0d48d0e8acda25d5d130b6f329223ce4f3

SHA256
73250c9db6bcd98309c00e99520d3c582ac49a5385a2a776c018582879990ab1

SHA512
778b0cddcbf4cfbda9ea24847f4984cb43cb01df4ed93fea87b76f95c30dd50de13434bb1a7f4474649774b9bf8779b94fa977021521b3f29f2432446bfa05af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c9cd16b5-5ae7-4df6-a855-96bc9a31c4f1\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
12bc12b38a583020db8ea322a1963b33

SHA1
714a989a463611a0e27ce043bb4c9c0f5615609b

SHA256
f7ba89da452d040933145f82b457e355d8a01789229cd52db502953b9ac1f505

SHA512
650eb68e5015889f3c761611a55f427e73aaf604587c49ed95925b42ad7c5639bb77088e1a882bb2bfd03df3a16a199bddf1ab9cc03baa67795b3bd5bd26c04e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
3fdf71d23c8a6c83326351948505aa14

SHA1
acdaf5673cf50f9a3eaab4ee12a412bb3ac0b7a0

SHA256
97a548ae2a2aff64f653063bbf641f3b370385389be12fb45525b733c587ea34

SHA512
3bc021e0b08e011a4c9cceebb1d494c374edf394d96621e7b81e9fa0330c267d107b8480d74b5e4bb83eb727092512713c520590214cc8f1fc7a0ef228022503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
88c4a4e1b8864b99c89a6cc557186200

SHA1
6db3566d9a1141e4edb844818bd5a542e06b7463

SHA256
682914629f241c9503db3fd716bf0eb4f2e4fc63d7db5797e72ca0eb7d761460

SHA512
d87503722012ee705a89c3d31b901de6bf263fc299624a7394d3f76eb321d2073149bd3f75a2e01c9a107f8764869978673c9aef99771baf636778285fa6882a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
4921fdf3320fa2036a0e95edca8f21da

SHA1
2b12059f753a071bdaacadca5d4a48cd513ee52e

SHA256
18672c178b7f6a6d55d5603e362a5ae9afc17fd265f0dcc31cc2a3555e4cc731

SHA512
e7c24f34220e458ae9277f28b5974048f1017a55ae6b731e16eb4d64b493eda62625f3e1a53e16204c9f0e9cd85c00f63b82954dfd33b013d0698e11f2f8a0b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
e1f3c59b2b98b8f5de18543b0a96d2fa

SHA1
f67e5903c2c79f4b46f28951fe3cacd363849d55

SHA256
45af3763215ff5c87998523f783e97798fa3a88cd064fc9a4875031192db25f0

SHA512
802131586e3358fd018cc03c6f34c32d72747305e89c8682961b77d3d7c26e7f132d3e117045e18c60e2b866ff5eadb8500160905b0b6a0c5c5a71552780ed18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
71e6ea3dc92c09d72fdc09223ff36513

SHA1
f101878a9b0f114a51331ef0c006a3eb5a1be5f6

SHA256
7f0a40439c351d6e9621b6c10da12a3cf9a9ac8f27b71c46484926b243e24fc7

SHA512
2c11538ffc10781d2c933668aa162b41f32570396461005e2eda7c0238d39f828d685a018ffb2e5bb8378a209cb4a973b55ab86c6a104ce995500db77fbf79df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
2a184eb3fee58e513003a70cf6d32de8

SHA1
dc60c9009be78484fa270b28236b9d6b22a79221

SHA256
0974ca5e114ab6c00c947a0939c68de21a8cce27219f2ffde1b040ac033674e2

SHA512
9b5b2e876d6a74ad01a5ae6be06825c1d7a76cfd9bbd491c3e0a06ee3af26d3c11e5eb5b3081ffee250f757841bb625ba4764b36beda8664a782b6983324ab05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
30752b02044d9b8babc96a97bcee1b21

SHA1
94d016dc8db108451505a77693c87033e9ff90a1

SHA256
990dbe726e243589adbe7c21a4a99e3dad73ae0e58e3e6c877b08ce4b5c4cb72

SHA512
a47c0fd58cd23b3b9e92e59a8fbad9d027e673da547f34535e784898bc25587598ba5c1b2b87fff4f2379d2335fa79b0bb5b688886478faf708f92dba0122011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
16KB

MD5
fc0eb3e15275376b7b568aaea2ae0f7f

SHA1
14c09d512e0cffcdf14fc86baa0c54a3bf60e867

SHA256
3fe01bb3a946baa8da789234c55622614b7053d3857612fdf3669259d1d68026

SHA512
bc3340f66c737803c985d433818d7841a554f90e506068ada14242c79992b61069f0dd908cc95d24f4eb68397885cc2b7f04989a7ce487770a268a9c23e7869d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
157KB

MD5
0ec3caa7fd98a8a9527fac8160709bd7

SHA1
b54f0d52df12b3245908f277200008f0ab689b27

SHA256
7c18a651694d775083524b2c6fe296ea5c112e1ce1050fe32b59c38c974c6b2b

SHA512
43970e84703d43ea0caea16b8d038384cc88cde85a25bc5d495684fe32203e40c30a753a7a2fe565e6acf452798e8c337b90c393818d80c6222a5fd562ff5825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dcda7c436d7967acba43981393e93a16

SHA1
afc49b0eb7f3ad6023d277a12915ab5ab5fee1cc

SHA256
06351dbfcfae0030bb859cea5c32f575142eb58cb6d7ac56101947172d3662e7

SHA512
5441691acc3129b8c5f90358387e64ae5c14423e53c4995e276f565540fb6764ed4e1d69694cc8fe79a523224d4f7a7469ce1c22acae44f68951af8acaa7a91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ab0c3.TMP

Filesize
48B

MD5
5519be415bd0a937134a6c0370912272

SHA1
12546785458266606ceacafa8aa87016c0709091

SHA256
b0370a9fd51d2d7c8ed2bd02eb0baed5a6f78bf64b57cb9762ecf1a4fa0159d7

SHA512
043ad4cde4c04dcaec3fb5bde7a1c665f4528b931fad1c8d341d00892aa4ed54e61b98be0afd4b012d17959f36beb4854a52de23c2dbba791e5c60ad32389628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
8644654a3ba36c719ce2ed4fde5f0ffe

SHA1
356d472ae67e0da53b16c92a6aa1af299fad7cd3

SHA256
b8f2484e885ccd13e9bc12fdf270103627b2ae29c72e598ec0438e6763e7994d

SHA512
deda1483e0315307b3ae98dab2685846f62efda894cc987240bded4eb72da1577d04ad392807750c743820313905fa85ec1aeacfff92341ebf7159ec7339587e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f5d11875e677ea95e731203e5860f0f4

SHA1
a242077198a50268d8ddd28793a87909dcf83324

SHA256
4a340383767969bfb2970ea719d6bbbb0e31329b64803c88b7b1ea8c2843a909

SHA512
1c09df9968b5a82861bcc7e529b1f6cdc33078469110b8308ceb43e3657baa3021041c1197ea1d1ebe70efddf67d0584cb128776eff073803a2d0300f85e1af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed4cc725a0558b66c61b2f5ac8127ef3

SHA1
0584166930f4f38ca9b8a9aa0917cf009f1f6195

SHA256
e36880b7affc806760808eff4aec912b3acb2aa6d9e4f298d8d0445001bdbb4c

SHA512
b929759af903d50b3de250c0ea00ac9cadc72ae65c53edbf0fcbf5a370cefbd60126fadd93c024b2224385bbe911c300e82d04dc6fce080cfe36d201c8c12060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0f5d555c2c06200dee26e7c26fd7a24

SHA1
7250cd25d36698ade60068562ee356f19bf6d043

SHA256
6a5460b38b4f747d2043ba8c4594fd796a309117deb394f758fff2fc057bb8b0

SHA512
c25003a91ef6e78179f9ca0ab0c70367b08e5408a8232c5fe849b9df1b6e480cb469706acf7b30c3c19d3a89aae881565ea3c491ea6e371b846da3a1ec53bbd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f136.TMP

Filesize
874B

MD5
00735cd5f5dc2550cc759bed0e0e27a9

SHA1
d5c721ad324e6f6f141be40a671b1367e32ae08f

SHA256
1a1316632384e8cbad7f0a42c4d46be4aaad6ed2880c3f03e7a7e477916a03b8

SHA512
b9679493c099ad9e611130f712fe5bc9dcaac54fdf1ce878e6eb68ddd2f53cb98d256aaffd9f1b552cd8ab1f2da4aac96c3f45d6a39c8580ff04e3bc557a6da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4fb7e65aacee9de79d5bce64c92ae0af

SHA1
e3aa02ed7e19303971929c2f797a4fc9d11c8ba2

SHA256
b3ae9383890d6cf25e73b0435fa946678059587c14ab174218df5f163a4c50eb

SHA512
4cb73b3a771b7f31dd3f3ba2a56abe61c3757f1e8a915615e6a677e0c03455cab532e94b97a5307cc1aa382e39d907bd4593a7446248353d8e0c1b4e49513881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9c0a4e374d633f281536c591f52b16b

SHA1
dcf42fa5a383faf328bbce43612f1e45085184f8

SHA256
a9cdd5bcb72ff7d2bbb521f9a6b6b2f92e3fc0db7a2e862975eec984dba754df

SHA512
9fd5cacc67f1e6fff8911de64c2218bea53154a18618c922021d23574ba1bfad8e710e4c8b45097f3754dcd44a96b7d029846fe5682d59dbba80158c71ed58c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e2131b2d595cf58f5afdc85c7b9db1ab

SHA1
98ef1624e40867ca7aad059e318b25475d2b014b

SHA256
517da54aa2f1d562fe1ca499a252947f51f8e7c57f65734b75998c16aa80d677

SHA512
6bc180e6ca2b4fe6f2b87589f4c715331c3f2624cf7673f37807ce937dcc311962e248ef53be3939dfb1baf7e859fa51a7d0430421af0313beb6d6ca65e1990a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8e7c40c99debb8e4dd6879f86d8646e9

SHA1
6ef09d994820ecaf27b5d7f91eb04ff1d97bf190

SHA256
0cf21b306154f362162a56f9b8fa5df66bb953a02f906daa4713047931f45539

SHA512
709750b7bc2a61e195632de3ff2c781c2212309ee0a385317e8bfe221e313307f68d74412ce3a1b9c6be22e8bc4833e3d3f3aeaa1deb078a7875aea4b7fc013a

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
a2f79834fb9c3322263ddda70f10018a

SHA1
4c7728e6ec3d32e0af719abd10ece0dabd5dee83

SHA256
61d6bc8dab450a37721fb3baf189721c0b9667c94ad1c7e5454247bc4234e6da

SHA512
4efab8c64e31b2cea1445d5e65fb96e477b40133c1b311fdbf1f358c4a6867e186e9b7f695577ac9fc1ae35c01de8b696dce6a97c0c6fcdba355ea655b987686

Download Submit
\??\pipe\LOCAL\crashpad_1764_EVYOFPTDORSKXRFT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5004-1475-0x000001EC99000000-0x000001EC99018000-memory.dmp

Filesize
96KB

Download
memory/5004-1476-0x000001ECB3610000-0x000001ECB37D2000-memory.dmp

Filesize
1.8MB

Download
memory/5004-1478-0x000001ECB3E50000-0x000001ECB4378000-memory.dmp

Filesize
5.2MB

Download
memory/5908-1299-0x0000000006690000-0x00000000067B2000-memory.dmp

Filesize
1.1MB

Download
memory/5908-289-0x0000000000A00000-0x0000000000A08000-memory.dmp

Filesize
32KB

Download
memory/5908-290-0x00000000058B0000-0x0000000005E54000-memory.dmp

Filesize
5.6MB

Download
memory/5908-291-0x00000000053F0000-0x0000000005482000-memory.dmp

Filesize
584KB

Download
memory/5908-292-0x00000000054C0000-0x00000000054CA000-memory.dmp

Filesize
40KB

Download