discordrat | hxxps://mega[.]nz/file/ZY5GAQZC#lLOrJE7fhrS0UqlD8Q7X7W6Vhgjq10wYM5kXGfbP0sg

Analysis

max time kernel
136s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2024 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/ZY5GAQZC#lLOrJE7fhrS0UqlD8Q7X7W6Vhgjq10wYM5kXGfbP0sg

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTA4MDE1NzI4NTg4NTY5NDA2Mg.GXvt9S.ITft7z1KLbrM6yimBrvDzlhSWow-zInix0gFDY
server_id
1042489874802020394

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 5 IoCs

pid	Process
1408	ports.exe
3036	ports.exe
2428	ports.exe
5356	ports.exe
4512	ports.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1266786182-1874524688-71015548-1000\{C83B237B-A7BD-4C32-8C0D-309937FE2003}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 760294.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
1084	msedge.exe
1084	msedge.exe
2416	identity_helper.exe
2416	identity_helper.exe
2268	msedge.exe
2268	msedge.exe
2488	chrome.exe
2488	chrome.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
5128	msedge.exe
5128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
2488	chrome.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	528	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	528	AUDIODG.EXE
Token: SeDebugPrivilege	1408	ports.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 2952	1084	msedge.exe	81
PID 1084 wrote to memory of 2952	1084	msedge.exe	81
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 428	1084	msedge.exe	83
PID 1084 wrote to memory of 4420	1084	msedge.exe	84
PID 1084 wrote to memory of 4420	1084	msedge.exe	84
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85
PID 1084 wrote to memory of 4112	1084	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/ZY5GAQZC#lLOrJE7fhrS0UqlD8Q7X7W6Vhgjq10wYM5kXGfbP0sg
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8efba46f8,0x7ff8efba4708,0x7ff8efba4718
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Users\Admin\Downloads\ports.exe
  "C:\Users\Admin\Downloads\ports.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,912860411443971542,11435546527954687808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:6084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x404
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8da1ecc40,0x7ff8da1ecc4c,0x7ff8da1ecc58
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,13031015305233921509,9489624031188290083,262144 --variations-seed-version=20240729-180130.470000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,13031015305233921509,9489624031188290083,262144 --variations-seed-version=20240729-180130.470000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,13031015305233921509,9489624031188290083,262144 --variations-seed-version=20240729-180130.470000 --mojo-platform-channel-handle=2268 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,13031015305233921509,9489624031188290083,262144 --variations-seed-version=20240729-180130.470000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3412,i,13031015305233921509,9489624031188290083,262144 --variations-seed-version=20240729-180130.470000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,13031015305233921509,9489624031188290083,262144 --variations-seed-version=20240729-180130.470000 --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,13031015305233921509,9489624031188290083,262144 --variations-seed-version=20240729-180130.470000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,13031015305233921509,9489624031188290083,262144 --variations-seed-version=20240729-180130.470000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4776,i,13031015305233921509,9489624031188290083,262144 --variations-seed-version=20240729-180130.470000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:5412

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5856

C:\Users\Admin\Downloads\ports.exe
"C:\Users\Admin\Downloads\ports.exe"
1⤵
- Executes dropped EXE
PID:3036

C:\Users\Admin\Downloads\ports.exe
"C:\Users\Admin\Downloads\ports.exe"
1⤵
- Executes dropped EXE
PID:2428

C:\Users\Admin\Downloads\ports.exe
"C:\Users\Admin\Downloads\ports.exe"
1⤵
- Executes dropped EXE
PID:5356

C:\Users\Admin\Downloads\ports.exe
"C:\Users\Admin\Downloads\ports.exe"
1⤵
- Executes dropped EXE
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\646596cc-acbb-4d40-9c4f-742acd2eade6.tmp

Filesize
8KB

MD5
119d886c70920bcfea14d5e8f26c2aa1

SHA1
0df6f844c85432718d4df91dbce7a825bfbfbaac

SHA256
7b174458289463b0a8159c88aea61509fa4d59e54ad295f1ca6ead6e02561030

SHA512
889a543b5d344302e6630b61c794404f704ec7ab082fbe02eaa3b8f4f230515b7ccd4926cd2e1a768287011708cfc452e2e6cd3d8a7ec8e158927cc9786332a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
c604e82ae80cf9e9a22c9b29b2d959ce

SHA1
4952163460b033ce53167b6ec35027d4569bceb5

SHA256
b099f10e55317caf6563738731648c92395681e35d4ebd010889efcf6e9dbbf4

SHA512
0b01f0971ca3f08a38bbd4e04c5b497470d449cca7fbb9afc44b99df2c9ffc4d7cf4908dd55d2f78cf5344ad6f5df0ed11d6f1702267c69810fa505634007e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
490c9d5a9a17bd0de0751d7559df1066

SHA1
921f1331fcbf23c37667c510284bf59d8e339b88

SHA256
68ec6e976b2a33513104a92b46d13a620542913966658643d00eea134f90d214

SHA512
6f0bf7094640b253d97aa27872cf1d6c6e286abecee053716e39b678a5247e1fd31284630fdb46b9a38decb0df074c150ced4d0d3ef90030a10fd2560d017bd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
64fc01bdcb23cbe949fb927a2d8a4886

SHA1
652ab0b2948505ce07f6d8b0aef48b1310c38cfe

SHA256
96e833ecf09b9786edf38129d318dbf823eb615be4f955b23f4f5a817cac10b0

SHA512
46cb41c63763b30692697b43996380944fd2408027ad82fc244d39919684f75d7580bf3d94ce65f044e7ed68a3a31a7ca178c36ac4749f22f78b6281d108f363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
99e15c6fd9652386f75ce6e2f3b8a02c

SHA1
89e7a4c51a2e65e83e164cdec0232b0c6bb1fa95

SHA256
4a30dcdd86065f61dbf880a8c39e7b49f43548581b9474d03b43a8c800f374e9

SHA512
da395ac3861245478a0005a610a9f3e573b87b8517776bc4a70af680e5539b141c61485b9616110421f7bf35bf554cd27de4d7386c6285463d07aba004426d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
19a6a62d95e63c3dc8e99fc1fbbdea35

SHA1
e7b824afa045fde22bf6b36edb0210763d25c0ae

SHA256
0efd4bffa300fa17dcde5986df6f0fe0dbf67cadb279822984024feb0589dd4a

SHA512
3610bfcb0e493c5f9896fc8b3e51b576f6677a65b2560eff7dba2a1d7c9a41b7aa324554574c591c3c31119063fa4186eb23a1f7ec59542c3d42c35687103858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
750af9b0c94d802bb516f858a1229b70

SHA1
b3f673b35f453666d14175dcf686b79079ed2c37

SHA256
aea01fb595e8f54c0087b3c4cb242b555c2f6ed15a43ef3ac2982ca82eb45181

SHA512
a6e321b8cb1e79f7b4d941aa73ea97e0bb26a7b310383a684a0580df5de3aa1aeb41ec829f76f5fe9ac1f67e8504fdc09e8d133e1d685c01ff278dfbeb14dc5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7e754ca95a0de3a0e3d0099ea4afe7aa

SHA1
b3fcc6094b73fb1c050cbf68f5c34e68fa89db4c

SHA256
6114adf7d91503d4d4bcc5edd3b6d087a4af45a691536893d13e5b55f6e98e1f

SHA512
b1265c4c02c03316f4baaabccc7a0b0bd8ca81006e07d069e46d5e43dc7740b50ac74f84020ea0433a204e3e97a9d7625e8a64ea36b6f8b3ccc3cbe3dcd67050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
139810928733294dfde72f55e4487f22

SHA1
ced00953fd7d2d096b5dd04ec7f3f1363797a602

SHA256
7882d13b74ae0895124747978124030b0c0b6a4c08cb9c9b95b03a86fee68b40

SHA512
e8e751d6fb602b0fcba2b12e8cf468a66fc1e7945f809e06493d3173195ea8ab3b37742061e5a06fe6a3bf07ff940a666ddbc159c26509c6f87269007595600b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1783ad572c70a173a13382becb8c65cb

SHA1
672aea49515f7b2fe69bade9e817438dc2997dd3

SHA256
49fd8f09216a90b728cf715dd52e1839c383a3271fd3c5345517863caec1d51d

SHA512
e45305209abe07b3397791eb61198d11dc0b5e194dd92e67c3d3db7eb29199e85d1e937c158d0850faa78bb7ef28fc36c688ccd0a4568d17e35c1d4c88a99489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bd24e4ab2913beff0aa2aebada7e983a

SHA1
10ac98415b788bf29edc418c2fcd5a69565022a9

SHA256
0895d726ffda7e525dbdb51d38571ee042170769e7459197d1922f5c42c0c4e0

SHA512
48f2fbc1aabb294caa49098db3d58fe9ae25ade1f6fd893aee8f4f05eb4a98ed44284132ddf73c846242a791e68680bb6c9e7feb38ad5623cd88abe1218e8a09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7f0ea26f09144dba39ba05c4b20fea50

SHA1
03b0e68fbaa212384681f61aa811532c17f1e071

SHA256
b621c4966f0afe8139a8085b8b520bacc369d8cc1b538249374dc275cb46c160

SHA512
ab4bc16d371cd3d892a97902913f6a2e1feaf97b2f92c861915a7f44f5067fdab3df6ee22554d91ac008d7521b162793fb7720a2367c00270473f8c7a343ee05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
98f1c71444fd31336786b2b7f2b23ae1

SHA1
efc2a5a3114f125e8e5015d993c85d7e19dcbf86

SHA256
b020322c56bfaa21697089a43997d3f377d9bda055cdcf4eed2f14d372a97300

SHA512
b1ddf8dff146f50e90244aae8743b4909132dbfe32ab3bee39d9fdbd860b2564da0e9c75b8cfbc121241a3f2080b307e5bb1d57b08fa916776633590d30d42cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
16ee12ea29d4aa376836fc40ef602f6b

SHA1
857c67d1431e50f55af5f814ceb68104818d3026

SHA256
e99efd6cad5d0788d0ad7f851d0ff8a3da017e75c6f71b1e69c6baf1b83c4076

SHA512
35b2aeb52ba41d5afef1e771ba7b60b99b73ff1f17beb629bfd4e1e3527c8e1db0fc77db258fde7cede343f83f1bc9154467f9d80fbd9418e9b779b1676d71a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc6959b45520607ecb5734ebcc2a15ad

SHA1
ed7a60f47e18929e1440704381cbcf1f582baf9d

SHA256
ca1d69d868243e00b91ed826da2473ad05353eebf34108a6033dff5fc54cdd13

SHA512
d2e948368212c594e69d8dfc4686d33d034aa885184dbd135c8d7b19618bb29270ea3ad58a6a0e6927bf1965848e2abcfd801a711473b7e266c3372549caddd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
b657dad4b9b9c044da90348648cfe374

SHA1
ad69742c829df729edd2b0400a1ddb1b51f00601

SHA256
82402a32478cec2da19b1804f5722e183c9cbfa3c011adfbb2c1f1b8c0aea41c

SHA512
21a9987e9c5053ff1ed62e2ce53e0613be47df1822a8c2a3b877af25b968d3546687e5b6dbc58ce453cde4c770befaf151e292ed9ce9e009fb7e7a6ca99fcb3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
5de9a434180d563a8b157c6248a65841

SHA1
9b05f24e552898a77d49d45ea6595e9361ed2317

SHA256
3129477f6aaa1b21fe68f15404954047fd2a2357908f3ffd5ccbcdf62418f374

SHA512
262a4a8ef9a72531123a0e3fa26f338088061d3337e0a836fdd1d501dc0bcb4f70a0965ed1c75c4211ca3f81a868308eb6ae0922a4b8168d064837df584baf20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
d4b00b574844915112e577a12a9387c8

SHA1
3cbaf23a31f03b5df8d725269f264acdb5ce02fb

SHA256
3d8e36836cfc363337c3aa892a06781545cfdd075f73e7fbc58bb8e72ba332d7

SHA512
a2d1779929c14845b0df5845d59cd6d6a7fa305ec19da86928bdd69baa08c1d5d5d97416f66549f1de970a0e84551e30c81a8e8cea323326683e46335a58ee35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23b6e2531d39ba76e0604a4685249f2d

SHA1
5f396f68bd58b4141a3a0927d0a93d5ef2c8172f

SHA256
4a486d7be440ddf2909be2c2b41e55f0666b02670bbf077ac435e3cddc55a15e

SHA512
a1a7fef086526e65184f60b61d483848183ef7c98cf09f05ac9e5b11504696406120ab01da8ed7f35e3145aa5fc54307c9397770681e4d10feea64113e7a57cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6ffd468ded3255ce35ba13e5d87c985a

SHA1
09f11746553fd82f0a0ddef4994dc3605f39ccec

SHA256
33103b1e4da1933459575d2e0441b8693ba1ede4695a3d924e2d74e72becabd8

SHA512
5d5530c57faa4711f51e4baef0d1f556937a5db1e2a54ee376c3556c01db0ddf628856f346057d3849baa5db35603b96a0a9894f3c65a80c947085eb640348ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
fdc7ac131c05bbe2a0935d92720f75d1

SHA1
07d5cac7d8c35268ba0fdc1e3b03de8c675270e2

SHA256
f6c04e2714088659383f65de90b78fe5628073c96e572d2e1c640889daaa34c0

SHA512
dd4ea9a651b607367b054ad0874b3fd4fc6c39a91f55434eda9c6d799ecf7992a997e1858f96e753c598add62112535b2bf43a0e056432e6c3e3fd2c7d020a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
564cd019eb5208d2d1cf205e98413088

SHA1
249baa28be02829913ea304889a84971de4ac5b4

SHA256
1f2a1d6714f28aeabb5ce1978d15e70b4747ea1b5c41ce1093f1fba4a4c186ee

SHA512
516acfdbf723ec9b18136a3ed0c26da0b9bf0ca3bf9fa78852e5ed13f0d3c0e818ced151939f240c5c8bb9040ec2f0b07d60551267c993f8bf47f2fde47342ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3548c05005cb177c0f740e9fd387e90a

SHA1
2a74fa4a84f18af786664d9c882bba3da0d59ac4

SHA256
43916e362e214b12cd585bdcb676f8ab94975e8f61eb24373406148b59c4b86d

SHA512
f65a84863a92dbd77964a869e319a0990720123057e75d8e7c7afad0de08b418977b7b3b7abeff3a48bdb1569d813427c60e26529783b123a9b0b9d6b8396411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d19c228f861cea7d6de04015ffefc433

SHA1
fa7548c1b12bf62e03f27d1010b836cfef335ad6

SHA256
5dba46b33c33189f04638e7a24841496928b4c1e276e8b314dfd775dad7dd6e5

SHA512
34cc0b7ec8cfc9f6925323503fb3bf68ccf387e4ad0f82d11d522d55fdcafb7f492bab77a33102e8dc96bb923273a47f37c7fade3342132d5693c7a72bde3273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582d26.TMP

Filesize
48B

MD5
4bf32181c6aa1a799c4fce02849f5c77

SHA1
5ef1d46bd270724752ba04bfb80bc88ee1f5bbda

SHA256
a8b0498450d67694fa7c006a813a8d30a702f3fd086da7c8be41c5b069c833af

SHA512
5ed004363158f5ba9ec595f313d35923628e112f6e744b5d5f97d18488163cb871ab1bd9ef13a070519440c5f43fff1b915b699e67817b26d5f7ccf46d66108e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
20aa7005b5c700847c3bb9c1ff731d4a

SHA1
4e8a7ddc3323234fa58593fb1488d4516fcacec6

SHA256
26becb0f362e01e0a002d7625969602b0100d3d79760ff05887bca4ac822da52

SHA512
7bb2f3b75c226fde2143d57d1d398d1b8eba1e3cf5482c06b73412d8479efc856f1d47bc7a1a43e56ace74d6722ece1f1805c8fa1f731c674f822b9caf11fb94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b12e125e6a457bc38735c8f04e236f4c

SHA1
5037cff33a947a5228ca17a25c86c0ca35944022

SHA256
795dcdd63f797cd665217b741aa4a757143f809e7ed108520c3c3d7cd1f0fe8d

SHA512
d98fe72e000c1cab7a5410d11cb378e687ce0b33a60bf27fee7608d90b8f2680a558bc21fb6b91de2bae9f6d543271322ea1ec04d61c205d8cf67226d863537b

Download Submit
C:\Users\Admin\Downloads\ports.exe

Filesize
78KB

MD5
7269ddf0d40fd8e1896d535039da3592

SHA1
2c80e665538bac58018102d768492f1fbaff85bf

SHA256
e0188e2b2567e96b4dc911433d5db2a614aa6d0850a82c98824594431fcc1e28

SHA512
b9e2ba76b30aa5ac9b2ea0741861ca50e6bb2b0f9061a44cff24ccbf5af978bd8066a476c0aa9312ae802e6aa1c68f2f87c513567a5c810e148827f7ba7e1c51

Download Submit
memory/1408-178-0x00000232D0B10000-0x00000232D0B28000-memory.dmp

Filesize
96KB

Download
memory/1408-179-0x00000232EB1F0000-0x00000232EB3B2000-memory.dmp

Filesize
1.8MB

Download
memory/1408-180-0x00000232EC670000-0x00000232ECB98000-memory.dmp

Filesize
5.2MB

Download