discordrat | ae77dfa2d9cf1b4d2a8a6d9ec02534a389d41ae52930724aaf6611d7b510e6c9

Analysis

max time kernel
136s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

catalyst mapper.exe
Size

75KB
MD5

107d71e92ff83fa8d051bc6b55bf6cf2
SHA1

53f75a688187ba0af9a1ef8233f99a8698ee8872
SHA256

ae77dfa2d9cf1b4d2a8a6d9ec02534a389d41ae52930724aaf6611d7b510e6c9
SHA512

2da422b599a0e80f52eee68136a9826fc12436fd10a614f5d30c1706a12c5a4b94d67034957f829fe3a84adb32d120ca1b71923ad73aa7d290a308a4c55e339e
SSDEEP

768:q82U3ydQEeFDdBc7gz3BE0btciNnA69g4lm:IUXVFAkz3BJbtlB3m

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NjMyMjA1MjI4NjA1ODU4MQ.GXaTOL.L1Bde1kmFmXuyZ3LK4kGy4Ab9YhMt8b3KUVyNU
server_id
1174076539189612677

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
2268	Client-built.exe
1936	Client-built.exe
3392	Client-built.exe
4668	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
93	raw.githubusercontent.com
94	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{DBC988C3-B29C-41DE-A83F-1576B01C75F0}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 641456.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
4496	msedge.exe
4496	msedge.exe
1424	identity_helper.exe
1424	identity_helper.exe
3928	msedge.exe
3928	msedge.exe
4664	msedge.exe
4664	msedge.exe
1684	msedge.exe
1684	msedge.exe
4424	msedge.exe
4424	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2268	Client-built.exe
Token: SeDebugPrivilege	1936	Client-built.exe
Token: SeDebugPrivilege	3392	Client-built.exe
Token: SeDebugPrivilege	4668	Client-built.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3460	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 2036	4496	msedge.exe	90
PID 4496 wrote to memory of 2036	4496	msedge.exe	90
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 2812	4496	msedge.exe	91
PID 4496 wrote to memory of 3092	4496	msedge.exe	92
PID 4496 wrote to memory of 3092	4496	msedge.exe	92
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93
PID 4496 wrote to memory of 1792	4496	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\catalyst mapper.exe
"C:\Users\Admin\AppData\Local\Temp\catalyst mapper.exe"
1⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e04346f8,0x7ff8e0434708,0x7ff8e0434718
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7296 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2268
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1936
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6923314825378014376,14853868948123325924,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6512 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
37KB

MD5
14c460a1feda08e672355847ea03d569

SHA1
f1e46ac6abd71ebbcdd798455483c560a1980091

SHA256
d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f

SHA512
cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
21KB

MD5
a6d2a865e9f16ea305950181afef4fcf

SHA1
082145d33593f3a47d29c552276c88cf51beae8e

SHA256
2e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2

SHA512
6aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
37KB

MD5
ecf848914187ace4c8a757028d19b51c

SHA1
7fc0a198f47f74c8a7c7814ebc35032ce10fd441

SHA256
ec13ee490d2a453e28fc99dcb950131112078f684a1c68089a17aa508c792ca1

SHA512
81bb10663afae3cf7b8d63e4ecf37e68a29d4c43159b5a12fd31b433cd27aa8c96319f8d5ac05a37d57339fdbf24ca2974678a0745ab8b93fa2323ce9f7f31bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
24KB

MD5
3f78316b5485dea877ff986c00eb6b0d

SHA1
0ce8623b7e34098655883d3674b4265bd73bbb64

SHA256
0ef4b35cafab7842d4aa4eab3e9fb270d8d89011125c08d49c5260c3cc246929

SHA512
1056a68735f58a8b6795f28407fd03e645d2fa09bf6fc73d47f6db09e4ea57704a70094a6b70daeaee4b2c747e648958a1b569bdb489636c7cdd2ce01b2eac12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
57KB

MD5
1d9313f850dc7f90dbc817920e650fbe

SHA1
cf05a1ca3e477a5295c6b82cddb21364ef9a8c93

SHA256
bc1c1dc9729b72ca481ca91597830682b83fc30c2637f9c73c762e748583dea7

SHA512
d0033fea8fe30ecba6d09580b20cbeaa0f927c7014ab2b788f6e75580ce58e07eec3e53a74228d22f7f95ab6ced8cfcf63633aa1fb1e969569d8a9708e7474c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
137KB

MD5
e947e95a0fd8df1e8c8eb7cae1f96f09

SHA1
22f36705b4a47f05fae77201e936a5c65cb05bfa

SHA256
14fd0b00467eea3d8b863e4aceb343135fa64e8a3b4098d58765199a9d2062a1

SHA512
24b9a4b0b5ffd6ae11ea6cc76d88da96cd0579254dcd463e1bc5ddd99d9850773ae861594ad053d4d07882d4970267aa3789940a4eba63c0543588cd9b293dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
22KB

MD5
9ec8ba204f6c45d71c998a0ce1dd714e

SHA1
e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c

SHA256
a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a

SHA512
d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
17KB

MD5
7d10a6106e8f9e85ae68e310ca2b8433

SHA1
32046f676521ae8b100c0ef88e5e19e1cc49cfe9

SHA256
0c00f8f0acc2ac3079edbb2fcef864743e5ad79da49241f6f28cca83984f7204

SHA512
78bac570118c28fad9bbe3ab261668743ceb81a0229c9bb2267db4228bd9eab1bac1bb07185347cd3fb80a6af62e15e587278a577f215020368399be897864b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
19KB

MD5
6cde00d4c70f65945125b46ffb494046

SHA1
d86ea8b9520beaa539c88febbaa73c14783106b0

SHA256
ff91dfca2f1749052b460ebc05256cc222dc8ef7408aa515661bffcf65b20f88

SHA512
9a423e5f783c1f08085577fccd454b9be7952636710c95b98b99795b4fd790c3bf1d8bb22fc39288521890d0038ba5e157f57bb7d9ea0e745544c2db5ef6b2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
23KB

MD5
f30b3adbd12ee3ba8ab0cd893cce815a

SHA1
5459a76cccb9e142d63bc55374e8ad91fc745691

SHA256
bdc003b7a18d5eaac6d285fb402fed92e1adcf485ffe61ccb86d74b9daced864

SHA512
600f6a21667dd707d8e8c5edfcd4c267966a553c506693c3ccbde414ba48ceb84e50abcedc907a951354d14f719aee997271e15ea298cfb351ee0987137de09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
1.0MB

MD5
08f12a7b3f26309c1da9e2e871977627

SHA1
f9b7e0107485f663738e0d108522d026d267a945

SHA256
b771d0d55b93415ca3a364b44839d25b2aa8666dbae697bd5159631f6ac49d90

SHA512
847d3124bad6e757f0a052ac62b7e6baa919c29b11504fcef751131fc5526100c564b774cbcf6c0157fa19892c604934c9ff0cfa025bd25c69dc372775f86e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0595c3770068210e_0

Filesize
366B

MD5
65ec359b35af1a97c98db34eb6d445ee

SHA1
52f5a51969d11bdac6c957d2477cd5dfe91c8fd0

SHA256
094b6093de067e708686a7bf13dd9aa8877d86f490b460325b1811dbf28d4007

SHA512
f3d28b4a5945f44e1a638b5837335c8c056e02b12d57bc77372984463556094d4531a32d3cd11112eb79c17382831643495e98dddba740628c6a293767e1d440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\078ae1b41317b22b_0

Filesize
72KB

MD5
9382c715a48477d0ca9c9efeb4af510b

SHA1
2079bfa31b171034b1822601392f30745cab5cf5

SHA256
83d0cb5617b5e3ae547934adcc229d5144b285236886146ed04c1f86a64b5312

SHA512
da6e94bedb716ac9cbca503829333b43f913d746536fdcfc465d331a03a56b55596ef31d04cc963d32ba358e6ff29f1d471acb91ccf8756b12ee15959462bd78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\079c108c6774085f_0

Filesize
8KB

MD5
ccf7c29310f6185c220077343ef60038

SHA1
ba239e07dc08d7d9b01482cfbcd20c9ecc9f934d

SHA256
74b57e9a543dccff18afb8402dae968d07bf79b947418c86e5fd6c13ebe3c760

SHA512
123b67b7957ab90107071ac19f9c5ee2bf3b81bf8a4b492e52038ceed8143d377a2422ca5ec02199610cb417f0ba2f0a08dbcace2b9e386206b227347c3ca7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\32025df6eb1a161f_0

Filesize
1KB

MD5
fd76161cef323f816dc9777d434e1ffe

SHA1
e9abe6aac0244d1ae3b7c87050a0db2cc248e0dd

SHA256
7edfb1e215bfb48cadc712454019bca148ce98be0698d0becc50d608df984021

SHA512
9e6c7ae70675bc729c3076af9c13dbd904581d46fd1a710a304ce1d636cc631b12fd958bad6787cc5d063473a90f132a43dce03bbc91dc1b70055585ece571fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4225b26574bae895_0

Filesize
2KB

MD5
e88f46537a4234d522fe6dc62bfd652e

SHA1
9b34487af8c175bde75bcadda209cd83a5889daa

SHA256
0c9ff28c61ed2b1de81080c87f99bbf813258c42f537f22c9ae87f7d62b96707

SHA512
62061408c9a8a367419a909bfaa6fff1342ba284640ce83021fddfc4ebe093b7b2b4e9755747329d6b16f32bd014d353a587460fb992c0612582e415ebcd6adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\423ce8329728b76e_0

Filesize
2KB

MD5
1695f7ee7e12b2b431b44d6ee86493c2

SHA1
cc903cc1b6714d9ed1ab11a053e3d5bf4e9046f2

SHA256
33841dece5eebcd891dd09a7332056d1279edfc33eb30d6f7d36593753114fd5

SHA512
cc676aab17ae3982fad939ef433758c0687f6e94fd8bcd414ff18aee1b6071582b5991550769fa511f8b67d5e79a5ea5df0d1c0f50989c4f0d91be9173695dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42eb60d64783d177_0

Filesize
13KB

MD5
331247674adef99629fd2260e1d77865

SHA1
153d766495237d991778b5723d360bfcc5fa856a

SHA256
f90841393bc2fcfc7f19eb6b110137cd4f99de780b67a33394e8a3c0931e53ac

SHA512
6228e5e0e184dff098f396d4e23960cb8c1100fa3f958137f9a2e1b1cdb82fcd981819cb4fe8ac26541caabd96a9c5f746d26f40ad589856332ed6067cbea400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\529ee60a780f9229_0

Filesize
3KB

MD5
562b468cfc1f3469a12f80005c72f512

SHA1
2c4b19161fdc6d989d380b3c51702415b67aaa90

SHA256
14e99b9c19a9316d571c5e6d5bf4aa0dc5b961369d5cac1e37539af7db063148

SHA512
3719b6de5c8e07b438b713dd0d2f9b77f0cc673470341875acc5e268fed17f685fc80fbee60ffe90c6c7b0fabb4735f2e1813682ec86b9a31349a5215c3d7c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6de8c943c82138ca_0

Filesize
1KB

MD5
4f8bcab39ba6481ec2b6b6dda7f17c49

SHA1
8f664d7690f09628bcc771b801921286b3b4bb95

SHA256
b3a682a3fd8e035a8a79ef7dec444037c0d84ffc521ad58321a210d6ac9c5b60

SHA512
a6e01da0334c6bdd99d0a3faca86bbe4ccc5234cf8209676d6a3f123817dc616ac0a72d62df50c2da2a382dda50bd6c94caf2b4c0f09e1082603d175e7e9ca9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7270c5871bb1e51a_0

Filesize
27KB

MD5
304ccba3e32e75b554384349075c0b43

SHA1
688081a34ed9314744319c4b31a781219138df10

SHA256
8fcfd585d153a0edd2525c0057f1cd9f2099824e863277f226e5749c7f202a8b

SHA512
4b37df2f90689f0f3e265d95c67161a6fc7510105f0018c08d220f807fc17282e1fef346791e6ee63cdf35386bb30a4a62b731f1de62b9bda8218913495efa03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92391157d458a91c_0

Filesize
2KB

MD5
da1da84ad1927ababf693d3d367f289f

SHA1
36ea7d8790a5e805723f25aef0ce46fcb4f54391

SHA256
dc937de29db0d2cda518b3abc8218d9d20a1e8d487bbfcdd3ca8535c38ec2eb8

SHA512
b7390d48264eb64db56cfdce1513aecc3472aa87d79b619bb96797ea79353b59ab97fccab62951bea38dd38357879a48ccc76a02cb0bac5a4b3a80bc433262c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a08211c57d898b77_0

Filesize
1KB

MD5
9b37cc8cfa1622608137a70594be515f

SHA1
2214ef8804be5d31ec9dc59aba3032816d4bf9e7

SHA256
ecbb0d8b4b3ce6fa9e8e78c6e4d6f907408e57d274161dec7af1b5f7b30d5f57

SHA512
c7a3846947857850444c4aeb37c94034dda47af663b2da2609073df3f5e75a6e4940c1d6d32f8b1a0d87c930d844b3815fc420831aac8185c4ab3139fe03007d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa61758ad53dced9_0

Filesize
1KB

MD5
bd09ff2687bb62560811048adadb56d2

SHA1
e9f756bdd8702ddbc96f60d8aff035b42333668f

SHA256
a74bcafd1e34d70a4a07a57ad28771b77187a3e73ca922820a2a52b4581dc424

SHA512
4a5198d2a42e52d16768872ab213758f2c47cfa82f0fd4559f2791e5ce2a1ab765caf0a174c88cf8817ec6df9cd7b3b01389d22499c2e6056d8639330e9421c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

Filesize
34KB

MD5
43bb12bd9d3ee620d77f098f3f5667a6

SHA1
17c98980a24b71ea9476146d39b18d458baf2e24

SHA256
8886b3c8e6fcd379a4a8c95b7b08652c5a3203b600b19a0a91f8a61f5d82258b

SHA512
465e4af48f58180954c07edeb406878648242899873514b548d77aa07d288ce8db92424a82ca23921abeff2cd2f07adf887d92f77557cd8ba545dc25e360b950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efb47464905bdfa5_0

Filesize
1KB

MD5
1a7aaba0018c88bb1418bda2235eab4b

SHA1
c36315c5f63e0658d8f588ae10a5fd3f8489d63b

SHA256
292926ccf415e8d46169ebc39f32e3aa4a89664adbd2e62e22d9b22527ba9d52

SHA512
26ec14c8e15006f8bb7252db0d80e379bb81bfcb9b3df9c5bf87f2ca8c7e59c09c2e21dea85f064dc51a09e0c9ca68bf5c31e5b64717f6276a05a31174e3efb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
492cce0fb3b6ee8d3b4045135813322d

SHA1
0ef4570fb9a402b98f921b74380b32e8ae8b1596

SHA256
5de69cc02d911f2fcd73f75b53d739eff44dd988e0d4b835e1057ba57f51edf1

SHA512
975984f6133c77246abfa053e254d3069a743cbce37359c6417a067d25f101a3eb19747ec04ceb5d639186ca790e213c7115dcacccdf0cea99b1a3d9e3eb8e3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e9fa3c06072fefb3ceec5771f070450f

SHA1
40d2557767fc416f475fa4e51012030a315ba5c7

SHA256
b2f3a2b039e25cb2c2f3a55153f4b08d2ac65111931c3bb0592ea919f7e08aaf

SHA512
1db4e76c0d287b61fb97fb7b659ceae5970028ba1bea046b0420e554403e9c48b2830c4ba69f6fd55da0281b893bdbc660f4129f37d349f0f5d01f05059aae13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59fea740af12206c9fc59d63913faf1f

SHA1
213cae38050f6d716e4e4eb7740b7bb30d9d161c

SHA256
19dad0a65ab6e2aeaa2ac85de908dfbb07790270c1bd4fbbf081b8a0840cb98a

SHA512
8fdd8ff9626e8edd991d5aa610ceaf6f65b53d36736c94f3cd80a3301e15e2394be9e5432748aac750a8383809906590ff09c735b678b35ed069e4368408a635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c21c6cf8fa2b32c72e45b8237912c878

SHA1
995bb0dcdc5a0269d7ad4f088475679f4e61e84a

SHA256
8aa9582c74e01a00e71cd764e6798a8ffbde6f8629cac3123083e0b5462d75ed

SHA512
6effe82a629d3ca51285c2e07d617873e51fa3ba7b07add789db58772e67e119ff11d5233e4e5edf31b8deaf3ac809e895d11e0b3d01a31eab0871a12bd7e3d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bbe33f2ff5ad45e3151ffdd4f4d55903

SHA1
4d99bfe6dc8a05247968efbadf9901eb4946beb9

SHA256
157d6ae29dac673731575992dda2ca5e0883098afd83e81f412887a1f00c4f9e

SHA512
d1c1571d3b1c3f9da5928c5f1d1b133c9dc5377066b8c9dda69db4e1baf19868a573ce53ab0f5f514bc018ec81054b48cb6d0baeee5b4e72994272d345c01c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7bef714e31e91a07b8db9d13265805d6

SHA1
88e8e3b4adf8dcd88b804340059846f4dd09a2bb

SHA256
6a59296df8a621c0352dca09ab172de90b7682ecddb3e509f7cd7d570d0035c7

SHA512
8e08c2e866f4d4628e1a9fb2c8da04b8ce09d39d270ae7db8dbc0e3bb3d3bab834004d8cffebb75336c201200d5ebdd36aa3b003277f17d7d9a1471f62344bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a49603b7d7f134ef4d1ea1e5c046afb

SHA1
cb2b48dddf7aa179150975dabe6999a0642f970a

SHA256
5a4c550d3a6019915389d3cce116a7b374a78c629301b0ea96aa67cb1aeef58b

SHA512
889c27c497c23b05d803e511df72185f9ef886daf9e059ead96f6bcc99a600b77612e3a51f218681afb4d35f4ce53cbfd1b3bad24606f3711c9fcb09eddf368a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d14dcca8421c8745463ae3b181a1e6f1

SHA1
626c62ad09341ba1643214e9ba950292237b4906

SHA256
dec71986dc20fc456a2eb053e26e7e01b9605d594b35fdbb7bdb6db8e19a49cb

SHA512
2c0a41a30932a800049af467098f0e949464a52475dc48f291e4343e31550a4d587ea8134f52bd43efa8e0ad4af4084bbbebe647555ebe222c4f1090fdbf3139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5fbd962e32b6c8b933d0f9a133c038e5

SHA1
fa8a0fc7ab2bc15a9c158acd3684b246978c6fe4

SHA256
4e51fa43ed79308d1d31293d3bd6927d2eb1c5123f97d00bcbb2e37ce87cf72d

SHA512
48bcef782a21681762fb6e670b3da8242bfafb1a4877e5b93cf9cdc2dc2d530e6be5a55a162beda4b484108c58d4066aa46065208932423a9f63cae371bf7426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff5e42a9f47b03cc531f99c2ddc52001

SHA1
abb668c9d4790dbd19ff6e56d93e61a6115fdb2c

SHA256
98dbc8938418eddd6efb41d2277f7783dddff43d26461cc7b6971e0d0548c00b

SHA512
ecfcd8c8e6de1b21fe08d2d333318eb8f9d259f7562902d642176cd93a54678a86fa8b5f4e7c8f5b311ab7211db2df27e1356b4cfc98a6edadabff00fa95f0a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8685dcf198bc7b769443cf31d96e8d51

SHA1
f92b52047ae696613498ad9df3aaee886b50e94d

SHA256
be88ea76bbe6dae331228eaa92c8fbac04dd395118641f965fab597c6568a3f6

SHA512
cf7ea43f3f98c4da5083d532a6cd4335ac2713377b08ef8ecaed1e5fc51fb1bc49403a1d85c3f155788f3c191f9bac556fc04a516ccaf8b47463315256609dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fea62785567fcae479143173ca661ce0

SHA1
fbd4509dbad7183af6d44a00e15f3e1876640eab

SHA256
a93b07220674136c34c91e3e1d17de2376606523e127ee5381c919939e0a0445

SHA512
43aede21b0d0c7af475656c17b8b098a95f5d294f16c08f62490d05547cdebac5ec9534a94fd5cf9e69e7463992b53605e0c254f8306f233593b02361f0ce31b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a66e510e3a597cf2c83c5c45332d4fe9

SHA1
39891340ebb308369c1689c5f3a5a713315dbade

SHA256
c7bc1425f0dd73a295f062175698af494bd87c62334747c8507b60b97a529a60

SHA512
2ce5c88edc35a76b3c860b9bdbfebafcf7aa3d520b48899f2833a79ba5aac6880b55a34f6400453d4e54d72a9ddf9778e17321a1faeee90edb323d7cf02c5f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8366141fd244084f12279eeb969f54f

SHA1
c8ef16f3de2b1d7ffb211ccceeef2b4f1d709784

SHA256
c6eab4fa7881326eb91ec281a65dcb0a8e1cfd195afc189d81243ea23b6f82a1

SHA512
e17b662017ab65644738803fa7a732a5d1c294adeebdd943796a9e942481d866ae8203fa1fd54033e3fbe30c0e268d74dbe6e874f0c855cf6d509541ad36c327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15848af848d8ef8d906ebbabffb04201

SHA1
868e75dfa37761ef7cff8b77d77ad3a5af0af682

SHA256
9b429557c7a9f9d3f85600e0b29a3b072b6ffa2e27f086e44d8e251fbb44abab

SHA512
153638039c32b79f0e9d57cd91513f4fe10a4697c097ab70f2085e806e36c2cba20ce0e3c683247498c0cb1cc05ddb3071e4d2c7dfa283cbd99f6e18ccca877d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc6cb2b43341c0d7ab64a4515d8a886a

SHA1
48c4c6e68bda9d06f11ff1a8e32ecfd07cf007c0

SHA256
cc72e234c650cf6448bf8ed08516919ad6c15a868cec2347a7ff000988a79031

SHA512
024977da8966bffa425a45893eb52b093aa11da1abd24290584ba8e87777cbe684f1561fbc7f23a7403b10bc9bd639394c6246c477e752f892fb7df2f11c63b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ff30.TMP

Filesize
1KB

MD5
634ff344a52f72458639ce0920ee127b

SHA1
4745bf5709801ef2e29074345d5a2dd945b51924

SHA256
8a715c524d4dbe3e3a1cd9f69de10d0b2b6614bea1e540e2816649450d0a001d

SHA512
246ef58efae5eb6552864401cd6f16a551d71e426be5d24a44132efb3aefab927eee58c9c0df7917bdc66fbda39203d65aef68ee78b5a8ad90b3c7221ab66bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2c26b227e35f0d96013c3911837a998

SHA1
9458af574e5955fc2db7a60de150d3b827675535

SHA256
901910c8801399cbab55d0a328a6eb5380374ff2225b07d629e6936a8bc64d5e

SHA512
a3e253419a9b2fd9fb25e41577292956da4fb8c9eb3d2ef534d0c1ef8a77bc9e10c4b8894b3ab81e287367acc1838a74e80b091680ea50527eb29f0aa139134c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91459025ee681dd8015e0765d21b6d37

SHA1
c5b02366db782984933c53e3d0bcefb632611192

SHA256
7c0780a7a746bc76538760f3abdae90058b15e628a2e00669d1ba2ec387b072b

SHA512
71358d42aa958486268f8629bf1a24fa70bdbaf1ee82d46d4a84330382569b619eaf07cd5d66b691dc61a7fcd9903a3261dc1d8f11607c445e83a62629ebba11

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 641456.crdownload

Filesize
78KB

MD5
9ec096031265bcb05e5387e82168c0b3

SHA1
73f06cf2f83ea34948ed7abc1efdb7a56eb5dbe3

SHA256
4e1fbc130ebfb635bc7ab358ac8d9eee9ed9225359f01d1c01fb29e29d8ef9bd

SHA512
56b95d7644975ec6e77b2baa6031707111aad41c908e557f75bec60a652432d3a5a9f07ead71631a7f4a9f303d587996b0319cfc597d6d98f582452d242c27c7

Download Submit
memory/1424-0-0x00007FF744990000-0x00007FF7449BA000-memory.dmp

Filesize
168KB

Download
memory/2268-1343-0x00000188F5E20000-0x00000188F5E38000-memory.dmp

Filesize
96KB

Download
memory/2268-1344-0x00000188F8480000-0x00000188F8642000-memory.dmp

Filesize
1.8MB

Download
memory/2268-1345-0x00000188F9900000-0x00000188F9E28000-memory.dmp

Filesize
5.2MB

Download