discordrat | hxxps://mega[.]nz/file/0K9DRb4b#45RJr2vvwkzVnIdacSWD41nP2kwN2z3H-EYO8qzqndk

Analysis

max time kernel
240s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/0K9DRb4b#45RJr2vvwkzVnIdacSWD41nP2kwN2z3H-EYO8qzqndk

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2MjE0NTcxOTUzMjUxOTUxNg.GE068g.Ht6vAA5mH9PlGBHitUAiZh4YuyRS5ymwn2Zzvk
server_id
937847083044593735

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 2 IoCs

pid	Process
5516	builder.exe
532	builder.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
69	discord.com
87	discord.com
67	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 370495.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2324	msedge.exe
2324	msedge.exe
728	msedge.exe
728	msedge.exe
3952	identity_helper.exe
3952	identity_helper.exe
5392	msedge.exe
5392	msedge.exe
6032	msedge.exe
6032	msedge.exe
6032	msedge.exe
6032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1608	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1608	AUDIODG.EXE
Token: SeDebugPrivilege	5516	builder.exe
Token: SeDebugPrivilege	532	builder.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 3788	728	msedge.exe	83
PID 728 wrote to memory of 3788	728	msedge.exe	83
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 4504	728	msedge.exe	84
PID 728 wrote to memory of 2324	728	msedge.exe	85
PID 728 wrote to memory of 2324	728	msedge.exe	85
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86
PID 728 wrote to memory of 2836	728	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/0K9DRb4b#45RJr2vvwkzVnIdacSWD41nP2kwN2z3H-EYO8qzqndk
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff924a346f8,0x7ff924a34708,0x7ff924a34718
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5392
- C:\Users\Admin\Downloads\builder.exe
  "C:\Users\Admin\Downloads\builder.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5516
- C:\Users\Admin\Downloads\builder.exe
  "C:\Users\Admin\Downloads\builder.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,14790714423628516068,2329814100837047575,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1e614a4f170301064fd13481748ab38b

SHA1
3cfb92574c2da45818159d22f20b02d88f39213c

SHA256
2575171db7aa75a1662be30ec28ef71f14904fe301b1f1e7b8ed8ef8cebdb19f

SHA512
cb30259d7629badb91967471b1990bff50760173357647138feac44f378687b42c0cb0b3a28d349feb719459ff56986e2cf38e4cd4def16ccc07681ea764048c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae4c79c02cf19b1c2a7b6c80331dd39d

SHA1
a4f1bf58534d0f801e18baabc7b5c78105cd0692

SHA256
318e452866e794785226fa86dbff5772b2ecf6c691c43fd3599336887ea066df

SHA512
c8fa57f1827f69c1d396c063db152c38ede4288713c12d3be21a6324760177ee4cfa52fe9733b0e9250497ae83289435fdacf2bea301b117c9816791c678dbba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fe1849796076aecb3e2ed57896e2be5

SHA1
6a2b946578c45580246b7b14cce67590e67d1372

SHA256
044b2f5a4603a871841191cb04b95ca00afc2f905ea4bb14368ce2ee95fab023

SHA512
ba36955b07992da212f186d41fa92de101efe762f9f4294ecfe494ae8350f59de3da7ba4ad29197049381c955314940555d5cab79fe1f28be522634fdef2615c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96ef3744df241f26e170a192a537b28c

SHA1
4e803ea6e9eab3a192b09464f5a04dd8564f8965

SHA256
cd281c595125e03fa9ab206f865c06a2c08e205240712cb5dcab2bf94bae69c4

SHA512
05319dd77dc69973fa146c642716adb564bf09490eac0c49e7ab015f2115d5f7f1ea08d11c017b8dcd570a92092cf10e6a8b3180bb51a0ed424ab20a72ab17d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5303459784cf202d8e489a15011192a

SHA1
970c98191331a985e00ee0ceee14f0795daeb35d

SHA256
628b996da4980455420fe4e760d02f218bb3caab32b76c3fd57fd2a8ac7da6f7

SHA512
5125e06fd8a7fc64d5953051d8b2ca6d3124e6ee4d27ed8b87d6e5bef8f5fe7b26f653e4a36a791ac05de3c40098a7fbf80beb18697cd6b0498440470b0663df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
22a6ec8fa13946252938e772e23f1ddc

SHA1
c9c03b04ea1561571d97f7a845ac410e17b2caff

SHA256
0f5d318e8a073ab76b2c77937cc0a63fe28d05aeb72b73a06e5147bf053d1b3f

SHA512
cee54561d169182a9cc65ece22f602a1b02f99c47fa8900f8b3d3acc975edd8bd99d7ee28d84540556c858264c1dae242a0e53f3f16ce6bf0fdce4542c0855a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580f3d.TMP

Filesize
48B

MD5
525831e7a8226254e91b2c452afc0384

SHA1
fcd659320712e6f72ca61541af69d185bdab152e

SHA256
145f743eee4b6abbfb2074994e5880d5e72d967bcdc508c6fdd25ffdef6fcc47

SHA512
2ea38b2cc4d4f3dae594bf052ee416d100f41a378e2a02e7c67a2e724d46e7034b0b2112adced1e19a67436f137e2b035b2153099c42290be5727f84d3f31906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
150c921a5005ee92257fcbfe1c2d30c9

SHA1
fc78ed8ceee03be2e0e2f845e27a0ae3f3934611

SHA256
7df98d6d57107612ed6a03689f367d1883bd683d86e2228c82d60b3eb58a9748

SHA512
d5f138c09e50c4fe9d1e18e39e87e2d32225726db8ff560910701f8b0b71f1f218b43a6e228aea12ebf1affaf26642bd3ae932db09ac29c47d046d8d4a4246f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d770333b21657b2461fb8a179c719d64

SHA1
9e3ed8c2a01de1d1a4cc84cc9347bb6588448a4c

SHA256
7f56855f4c32482224c3a6ed69ab787232bd8d025e101d981e79dd7d43563b65

SHA512
640140c1239f1b6d1a276ed37e05c20afe9f81bf7a6873f98ccc573d624290626fe0d2693210dfb8b7bb85b906bd7f29b68127109225dd88c843dc122359c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ec7353a0980b2d42b287eaf007337603

SHA1
9b521b579dae36561942f52c2cf2837a950c3ed2

SHA256
61a62e80235a3ce26638bdeb134d22a392032e229c1a79b67a9ebc18065ced12

SHA512
e78d772c96d0ebb8ea19701509be00589abb37b8d03ca28efcd537291120a97b59aef7a839a47b405ae5701b357ac97ecf0b87a4313ca0290fa4e0c529d54b95

Download Submit
C:\Users\Admin\Downloads\builder.exe

Filesize
78KB

MD5
a12865b4fa8ebf5fb882163673cdeddc

SHA1
da44bdc13f5cd9daef0e5e57dd55c4fd0130da2a

SHA256
7386883cabf20e803f69427d9ca0c10cf3fc4a61a2f3fdf6304e332eab142b16

SHA512
6f2ab73f9f3433cf2359b6e9294e4d426956b5b752951a38fa0ff9909add65a19ddfd21c2ca28a1f7fb23da42e25cb5ad57ca3dcfcbf36c5e7744837537659b8

Download Submit
memory/5516-185-0x000002D44F530000-0x000002D44F548000-memory.dmp

Filesize
96KB

Download
memory/5516-186-0x000002D469B60000-0x000002D469D22000-memory.dmp

Filesize
1.8MB

Download
memory/5516-187-0x000002D46A360000-0x000002D46A888000-memory.dmp

Filesize
5.2MB

Download