discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0/releases/download/2[.]0/release[.]zip

Analysis

max time kernel
1049s
max time network
875s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08-08-2024 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 17 IoCs

Web Service

T1102

flow	ioc
57	pastebin.com
92	pastebin.com
100	pastebin.com
130	pastebin.com
134	pastebin.com
35	pastebin.com
38	pastebin.com
108	pastebin.com
169	pastebin.com
208	pastebin.com
58	pastebin.com
99	pastebin.com
135	pastebin.com
177	pastebin.com
91	pastebin.com
107	pastebin.com
176	pastebin.com

Drops file in Windows directory 18 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastebin.com\ = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastebin.com\ = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pastebin.com	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{32352597-B1A4-4FC5-B43E-087EDC2EE9 = "\\\\?\\Volume{38FC5F00-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\release.zip"	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "541"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastebin.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = af41ec35cbe9da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastebin.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastebin.com\Total = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "3336"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = a09368bd2cf7da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "429959733"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "591"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://login.live.com/"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url5 = 0000000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "650"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url5 = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 958b874bcbe9da01	MicrosoftEdge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release.zip.qrgm011.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3136	MicrosoftEdgeCP.exe
5260	OpenWith.exe

Suspicious behavior: MapViewOfSection 34 IoCs

pid	Process
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	1668	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1668	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1668	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1668	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1004	MicrosoftEdge.exe
Token: SeDebugPrivilege	1004	MicrosoftEdge.exe
Token: SeDebugPrivilege	4068	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4068	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4832	Discord rat.exe
Token: SeDebugPrivilege	1828	firefox.exe
Token: SeDebugPrivilege	1828	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
1004	MicrosoftEdge.exe
5112	MicrosoftEdgeCP.exe
1668	MicrosoftEdgeCP.exe
5112	MicrosoftEdgeCP.exe
3136	MicrosoftEdgeCP.exe
3136	MicrosoftEdgeCP.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
5260	OpenWith.exe
1828	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 2208	5112	MicrosoftEdgeCP.exe	76
PID 5112 wrote to memory of 2208	5112	MicrosoftEdgeCP.exe	76
PID 5112 wrote to memory of 2208	5112	MicrosoftEdgeCP.exe	76
PID 5112 wrote to memory of 4120	5112	MicrosoftEdgeCP.exe	77
PID 5112 wrote to memory of 4120	5112	MicrosoftEdgeCP.exe	77
PID 5112 wrote to memory of 4120	5112	MicrosoftEdgeCP.exe	77
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 4664	5112	MicrosoftEdgeCP.exe	84
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 5624	5112	MicrosoftEdgeCP.exe	91
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93
PID 5112 wrote to memory of 716	5112	MicrosoftEdgeCP.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip"
1⤵
PID:588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
PID:4528

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5112

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2208

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4120

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1800

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4068

C:\Users\Admin\AppData\Local\Temp\Temp1_release.zip\builder.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_release.zip\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3136

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4664

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4780

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5624

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:716

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1664

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5788

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1768

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5672

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4216

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:4200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4656

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4380

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5740

C:\Users\Admin\AppData\Local\Temp\Temp1_release.zip\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_release.zip\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4832

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\Release\Discord rat.exe"
1⤵
PID:3956

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\Release\Discord rat.exe"
1⤵
PID:5952

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\Release\Discord rat.exe"
1⤵
PID:1936

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\Release\Discord rat.exe"
1⤵
PID:4492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5260
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\dnlib.dll"
  2⤵
  PID:5420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\dnlib.dll
    3⤵
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1828
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.0.1716306737\1933823952" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1668 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9df2f3ad-adeb-4a7c-b2f1-7102322ac267} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 1792 23d762d2a58 gpu
      4⤵
      PID:5872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.1.49170387\903275078" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d9409d4-d7e1-45dd-8fb4-1b3a6b89bbeb} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 2168 23d76206e58 socket
      4⤵
      Checks processor information in registry
      PID:756
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.2.1427968718\1661018369" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2716 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01caff79-da4a-45aa-9fce-db653d9545b0} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 2676 23d7a2db858 tab
      4⤵
      PID:5328
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.3.2081277909\923213400" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aadfdf12-2cd3-4d65-877b-915a6315a80e} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 1112 23d77888d58 tab
      4⤵
      PID:2668
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.4.1494705326\2060580849" -childID 3 -isForBrowser -prefsHandle 5008 -prefMapHandle 4996 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cf3fd08-7355-4593-b638-fbb30fa72027} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 5020 23d7ab79558 tab
      4⤵
      PID:3960
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.5.1828837991\1833200263" -childID 4 -isForBrowser -prefsHandle 4872 -prefMapHandle 4844 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41ca2565-cab6-47c2-ae94-cb26539cfcef} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 4804 23d7d32de58 tab
      4⤵
      PID:5900
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.6.1342145669\2122700253" -childID 5 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d39dd9d-3a16-4f87-a95f-f2c6c99bd0a5} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 5256 23d7d32e458 tab
      4⤵
      PID:6028

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\builder.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\release[1].zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\KHK2I4Y6\pastebin[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GFIKWQ4B\favicon[2].png

Filesize
7KB

MD5
9e3fe8db4c9f34d785a3064c7123a480

SHA1
0f77f9aa982c19665c642fa9b56b9b20c44983b6

SHA256
4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9

SHA512
20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GFIKWQ4B\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\K8171U3A\favicon[1].ico

Filesize
318B

MD5
de86a6f000f8f84e20bc7eb2c7d320e3

SHA1
35af87deef9e6c081d834d08963ada2530dc0618

SHA256
6a5e064af00286681a3ae734e5407a2ea883955d875c5490e597d1ddb8eda021

SHA512
e06a8f3101e1cad5bb965a8543fff987a2e22f8ed1fd9aba00c86bb937118f75b280bcfb1c6649f5ec96d6182582aa64a346e7dd7637c0f73a26f79b3a3aee96

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\K8171U3A\favicon[2].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF5C765430ABA080B.TMP

Filesize
16KB

MD5
45d63835fe0ca513e884859315d6b8fc

SHA1
25d4e60678f842f1d227243bcafd96ce96f09a9a

SHA256
cf94b2c79871e80a68999b36c530eddb200dc78fcd1581ff2b9e547c2a6ee05e

SHA512
013c35dcd98c9d7a267477e16a0606c57c6373ccab8ccb85e9921d182e33b950e183d2a5d90a91e842cd51ca069dd84db66d7339317abbce714b7bb435f8ad00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\adv1[1].js

Filesize
551KB

MD5
97ff0381b22b71b3c9ddc6bfb22194ca

SHA1
ac17707fd285f0b6b665b2608904e760c35f8244

SHA256
d410d93959817aa2fa479193dd19c86f002602da563a0f76ec05643fb9934717

SHA512
a1416b6991b2d5379682a746da4e2d0ad780118e88d5971d9c0c85cfc2e2bae937644b04e0a170742d34749e993c54b9710965809891bc09e046003d65aa7f11

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\app.bundle[1].js

Filesize
36KB

MD5
c987e6b761f3c2025f2793a0be087a07

SHA1
b1f392377cc47efd07c82bb20b159111859cbd3d

SHA256
441f4b2c8ce22e54955155f09aca309ceb06fbb62e9fcbc77ae5a3f92cd543c3

SHA512
067e1b06d5dd6cbcf55f9f6dc84f8153aa2902b0e7014bb9e18345e0371f2c2150dd803094b38f8a36e483e44d737a4883d71c411cff25f1dcbe61d50a27a1bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\bootstrap.min[1].css

Filesize
118KB

MD5
7f89537eaf606bff49f5cc1a7c24dbca

SHA1
b0972fdcce82fd583d4c2ccc3f2e3df7404a19d0

SHA256
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11

SHA512
0e8a7fbd6de23ad6b27ab95802a0a0915af6693af612bc304d83af445529ce5d95842309ca3405d10f538d45c8a3a261b8cff78b4bd512dd9effb4109a71d0ab

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\codemirror.min[1].css

Filesize
5KB

MD5
c92ffb8ce20b78666f1453644062e869

SHA1
f56900763eb9e36f66c1d43ff2c053e0c92a0d4c

SHA256
d2a825261665cb81263ed12ad17e2c030aa44326e59c486301bc8cb12de3b563

SHA512
c487fd01d25abb028856dad5459d22e271cfeb53a0c7d7d24409022de72613674bfd4f22a16a43bc5080cb875c7de70def61c707dfbb15f423dda88eebc69a6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\info[1].png

Filesize
1KB

MD5
48afeb8bea2d1b4c3e20ca11603bbdb9

SHA1
a0ae025a693bf1580bb119a84e208d08d90bd221

SHA256
703d23efcb49183ab7f2795739f547fcd42c3d73e77f47b6c614892bb6666cea

SHA512
c4e0f9ddd5c598c22ca20dee1aaae9043eac89ce005528b7607e1cf7ee29b18adce89f8ba2c59e5bfc4eefcfbb3690a42100aba9c2389e798203e29949751b8e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\js[1].js

Filesize
276KB

MD5
d3f1a2903feee872a524527a46374edf

SHA1
c303b1bc6658d2f3098ca1021bbe97c030e1efd1

SHA256
d5e0bdb3655311f969f54254d29e503bf23ee5c6528b27a679743b4bb1f2390d

SHA512
b5e18a4efe980a0242aa995de0b07f8695c3c0bd3edd1e85042fed16acd426a21a75d9fbc5e3643f7afdfe352c1999f1993f3050d8eb9ed59eaa73981639b237

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\kv-widgets.min[1].css

Filesize
724B

MD5
7783b45d2975e96153a67af32aa1ae53

SHA1
68d9c64ff810a17e12218233decf7e2590a30a29

SHA256
145e429f2c19e775cd9cfcc0de7a3fcec6d0e9624dec74ccd3e7efff2d4c86da

SHA512
3de308f4b4e9859d6d570c3f292d1d8a75bc32f07b974b40e592093999f79a913e35b0176d67e85689c8b1e184b4b550d14925d3b5dce15f6f3852cf5cfec84a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\select2-krajee.min[1].js

Filesize
3KB

MD5
b55dc4d52abc6ae475c0b1301523dabf

SHA1
45be13cf51ac7189f0687b66392e25fb1059cfac

SHA256
185e59a8a5b1191b2bb3f3a8ead5c5375347a4c284b1232a5d15c7d058d8c987

SHA512
f7df67fbb342cb37e9f956a65374eceb65e530d13d0fc3b097ea26ab0a6a0bfd4a8df9ef0d98516570fb4902fe96134c9b3562ec2e53c2e02805006eeda1455c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\select2.min[1].css

Filesize
14KB

MD5
9f54e6414f87e0d14b9e966f19a174f9

SHA1
ae5735562faabd1a2d9803bbd7bf4c502b5e4f51

SHA256
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81

SHA512
9cc365a6e6833ebaa5125b37217fd0e7a1f7eaabc1012c1bde2a6ea373317966ec401d7cf35a31d1c46fed43d380196b8aaa329eddf92a313080651e51720f9f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\app.bundle[1].css

Filesize
132KB

MD5
109e87f3055c4b728fa2b18697d4b72a

SHA1
226d178dc25a2275bb89d6e72b1caef710b6216c

SHA256
3e602bf5cbc6b2715d4cb4d1d17414b038387f971de019e2791d55e8bf23059e

SHA512
c3921c2ea3cc52457d1a7181b0c39fcf03e34a1cdc69b3d53a7bcbbb387da40b06b2b3c0ef8957e57cc786d0dbbddabf1bd080e4c2e3860f45ea5c40d16540da

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\bootstrap-tagsinput[1].js

Filesize
18KB

MD5
0766d57b7e92eed3618898c57d719fa3

SHA1
4a15dcca9f9d2941ca3fa774fc86aca77d5c7335

SHA256
07a31fb51092b5be28b0d96e4b8a6a39c6cfe0dcd6ece71604fdc1feb505d074

SHA512
dffb1b19a0485c7b5fc5cbbd44bb4dc6a36a6daa7ee96e8be5a8a02bfbd05cb388a900b7ed57225cfde3e5e3f2d28371266574a80d1846de515ca2d85b612e3a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\guest[1].webp

Filesize
834B

MD5
e735280494908c6ffe52f20c45c0c764

SHA1
0cc749d147c5298cff76776da39a58f0495f415d

SHA256
e9ffea70d9901580be4cc160eed36980ce7af29cb07fcd29dde54d67b323e8a1

SHA512
a896ab3cd8a3ad290aaee8cc301d9d6a9606f75be2206987a41122da5538937d6114ffdd589a40ce1165ab9423c48850d87f2385c4315573abb28125962a9a5f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\hello[1].webp

Filesize
2KB

MD5
da5b03553b28cacc927a3374a80b9be0

SHA1
586b10528c4c888ccda58255df5f50680c4c403e

SHA256
0e1bf559a0ff2b782db1ed3d774b6bf1379c4cfef4fbca73cf0d046da0b27c18

SHA512
ea134040568ac0709d3f295e7135902d126f4e5933c3a27defbfebdf794d2f401fef5a67503a90debdfcb01749fb98f38143dea08909651727576123aeac9b48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\kv-widgets.min[1].js

Filesize
671B

MD5
5868c7dd8e6c4a915fb91517cf7f6439

SHA1
f4adc6a889eda9e9ec5904d4a627338526f3d02b

SHA256
03b9eae54b68fb4c3e243b7f57d50a6a2609a3875f6fd9a6a6e12ae3eb0418a9

SHA512
0f1b448fb1cc9790e53d994c8fd14397fcbc1957c9a8b4f55bcf3f6d4ba7ce4c2b905dd9a0f340851e17b59c7e2782303d21006ffbae06e7bd046ffb51df657c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\vendors.bundle[1].css

Filesize
1010B

MD5
eaed091b5b5607c95821320ffbd0b9cf

SHA1
3c1c8e37a2f6a26c24e30027f23fc40c7c346ecc

SHA256
9d790d8d644d85ba75095d8bce6dc947331745cf9fe0187d7b564505ffd41e53

SHA512
a418ac5a5e1bf6e92c1dcc2d3f63cd2eee5ac6042b9e12c61ae292c3e316b5fdb939be27fab753adb394f745eaf09dafe1cab1b651ce6102626f912f9c2d39f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\vendors.bundle[1].js

Filesize
212KB

MD5
d551cea49f30462482a9308f2c29a8fb

SHA1
9e17413abf45e38b98da1e401dd33dd2d26c4c29

SHA256
89f6780a679f814dde634d3c40c0cf83ff72c1d92f679e9264f2badf04e504a3

SHA512
a4c24bce9703fa89a6268f0f38aaa4638b5a948f32111e9a00425636f376b957d62f0ba390f8dd57cbd7f0b4d973ddb372a6c67a26938ba7b58ab3fd212ce472

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\yii.activeForm[1].js

Filesize
34KB

MD5
ae4fd2200378095105352864b272dadd

SHA1
4d27dad6fa27f4f8e3f6e352496d5cde9c6f176f

SHA256
9d17fd9e0bba9cd38ac6a41ba00feb6c1b15611859b7d0c092c22ca24f2df47e

SHA512
e5dbb06551168e271adef2c23293412650b4ecdad73cdbe622524662db1ea1e91016e9b0710be87dca7b745bd9149414f7eda918cadb5f6a7cecbd6aab5014b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\0IM3S1W7.htm

Filesize
43KB

MD5
c7cc16b34ec9a7e9a75e88d510dc0ebe

SHA1
f799e232d75eaed9ce1233132e673ea201596aeb

SHA256
eed433007eaa2de75ec3ac20866fafb4b86de32b49579f1da560315d403eac89

SHA512
dbec8eb6ba262e062149ba418aa409848f8c9f406ea4d910654d10cc0ab8d3f31e1c3264723cbb60d15eddc559e7dbd20b525aa0d3d0cca05886d4da8cb98730

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\1O26OWR0.htm

Filesize
43KB

MD5
901a1ff80969ac06052068e1c3b41fc8

SHA1
b36e4f142e34cfa758894d066d4c46cddc235016

SHA256
13669890769827c0bc7b6c30c10094ee33abba630321d99de30fcc1ea40d636d

SHA512
654047d2f34329f61dedbe193b051b0011551f855d0afdf19b3cfe1f9918a6796b71283b6ddb6d95987f3fdf9b13e74973cf40b0e43a2dc3293bc32e69857990

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\5RHOY8L9.htm

Filesize
43KB

MD5
17d439c387c8a950c3bddf0a37f80e10

SHA1
2e1edc96bf79f02b0419b92450b28dac21557fdc

SHA256
9399e828934dcb80ade63f4d0246ebeff8d648dba766720620c33106914c2366

SHA512
bf355ce71a622b440fd261efc14b1496085c05c64e6863a3e1b870f99d42ccba7b18e5442389c548f45b972b75c05da712021e7df7e6c848bc0ab75b15b265a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\W3GJVEO6.htm

Filesize
43KB

MD5
f08d3d4ae8c6a60af0273a1d67eab532

SHA1
77dcd19cd28af6ebe4593e6139c7a3612b5799e2

SHA256
48983e49a6fb96feb65b90a645e92d580d29fbe55119a2abaa243ba4cd9163aa

SHA512
04c946a6148b5f6dcd958cd1cd0be3919df53ae0a395973b49380fb8792af5d4d73cf0a3a1caf19cb7a73eb3be33645e4b769171e9319233c98d6baddb8d0d9f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\WXCHH74I.htm

Filesize
43KB

MD5
69ed44207c024f8c6f36b9c866c63a89

SHA1
c075aeaf9571e422917bd715f43747676a60ad5b

SHA256
fb5e1ba217b62ea554c40b4c0399537b77cbfb9392275655ff4d54975f065c9b

SHA512
c1b2e7cbbd69e9271cfcb8573b8ccfbf5a515e05f3d401b10cc85e08c2780aac0a4ebaf3237fc9435012de00cc6612de2758b8310f6a6584bf6e00d7472c2a05

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\XHJBDAW3.htm

Filesize
43KB

MD5
6810f33b4ff13998c35e086e1e5c4a3e

SHA1
9a86a2547a8782bf643975c626ef6ee2eb987c33

SHA256
b294bab564496e574e0ad1211425d4556b3a22045652cbc1ab867754d47d314c

SHA512
c3acf610cbdfed147f1455cacdddd8a941b12ecdb9bf4a67416624e684c6d1dfce70ed97132cd1817a6b4899ccb209c0d2f15e302415957382ae73d455a1cdce

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\YPIJ9UQ5.htm

Filesize
43KB

MD5
9485d75c1ff18da8d961baa77a4c0da5

SHA1
6ce5a55334373ea0fd9a2044e72174928b955da8

SHA256
2921bea2451be3826ab04c8af4dc66b2f290b46b162617de4745bf83465be295

SHA512
67c85a850ceeb266859641492b7e23ab93463a93b53f1b985eb024f9d4b84c030b715fd938e132bfe123e712042ed029d45168a8741782beb26718c1435921ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\jquery.min[1].js

Filesize
87KB

MD5
dc5e7f18c8d36ac1d3d4753a87c98d0a

SHA1
c8e1c8b386dc5b7a9184c763c88d19a346eb3342

SHA256
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

SHA512
6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\multiplex.min[1].js

Filesize
2KB

MD5
4bc4c62ec13086275e091c6d6305d34c

SHA1
f2c147a9acafbb9f0d9da21726dc54cbb919ed6a

SHA256
bfc98b28f8951d6d1049a22635e1850217bb67d6ce6498b8297938b2a60a2c80

SHA512
9819184aaab299ad7eee9d9448357e31420346a89fad3e6bc4855b821b4127f03d98691669ecfedb9a475d10b0f9daa005af9c9505590a1c352e03cbbc681b0d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\release[1].zip

Filesize
143KB

MD5
3e09803ad785ffb425a0f94fe454b856

SHA1
c94d778dc6d36715b4fd48711564bb4dbd61a055

SHA256
c6392f97d3d989178fb0b79cbdcaa0bdb6ec857aab667c7070e15b8fc86ce16f

SHA512
6a71ce654c3e16c05bd2e06bf9a23d348e9ae08b889aca79fcf5637811723c84a9710e8e3b2fa292ce13755079721410655361f44ea8859aeff5e7c9098ec39c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\select2.full.min[1].js

Filesize
77KB

MD5
fcd7500d8e13d2b2aae5d3956dc3e21d

SHA1
aa40e683c82dd844db73fde37048cf7fc145135e

SHA256
5c6fdab80cb86a279695dccc226a1fac50e2c922bea70242edaa28f52b7bad2d

SHA512
65ab44d85b09e8f383f00c298239a1ae944b9b452dea7e450889dfa4a1aee11861b380d51ff5551b56b526f86f14f856becf1537d1afc005e0c09a3d3e2b5090

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\simple.min[1].js

Filesize
3KB

MD5
27c37266a6e3c26cc99036ee17533f55

SHA1
75bfdf5c1b43522f627230e9cc8303de183a92f6

SHA256
9ad7952e57b6d9896de50656a69d5d6e805054f586577fb0e0d9edbf00703876

SHA512
34be834ad1282ea6a874ff5f2850d29ba4b64700209c3b1525b81df021d885ad1e654f564f8a92c0ba5ba9bf881d025e2045903c60b783a8d1bd247e7b077e3b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\yii[1].js

Filesize
20KB

MD5
11c2f7dc661150befdee01a23246950c

SHA1
597b845967289c989c7f153453313f2dfd9a6ab9

SHA256
67bed69f23af460ec3341aefcdf793955c250fbf879589de4b93d17b8ec4ae54

SHA512
832f2f165e9c9a6dfbfdc5999c31ac5534feec5bc256ab2fb1faffdec028defb5886e3ab8b68d6b2af4fd5df2a0d201270efcc2a395b1f089307c709e1acd14c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\bootstrap-tagsinput[1].css

Filesize
1KB

MD5
60354ae4669e095130de19d4ab509773

SHA1
e17fcd18a5fa1383fd25bdd8213174f55bd2a727

SHA256
5ff466857c3492bc9b5c0bfeaef7797f107581a0c387ff6e1ac3314e2b084a40

SHA512
187ec2133d99236607cdb87d758c83fe656ea3aa35f76fad3e8c981e14e185dbeee6666d945e00a02771f7b51d9c3b0cfab7b564ba0d63a6c61583889cead838

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\close_promo[1].png

Filesize
1KB

MD5
e04ba5b7d4ef4477f0fecd1eeecb8a5d

SHA1
3102c9516e02f6de067a4a1367b7f41025c5f0ae

SHA256
3e2c5ee3e670df454c774cd417f12f4ca3083db68091f9184fb29efd2af4877b

SHA512
5c7dafce3cb65db17aa8c9c1bb948a755e3a7898c27a784a9427a65dff89e4668ad1de30568e7d9d80c076e3d8370bc29e0fc21476c25dc15bfe798d627684f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\codemirror.min[1].js

Filesize
166KB

MD5
3cf1b19c821e116fbff4da6cd04ca58f

SHA1
f72e9e36a9c2afa343440b0fd82deb64af9c0ccd

SHA256
ab459ca945e177fbe6c9a5a0509bc16440fb80976e47b184676b0203682460af

SHA512
531713958b0b91cb8664bf4936732c7e8de9ed515299c8018c7d5551233cd8e924e678b9d9b93bbf3f5fda9f83d559cc70d5263336f3816a9671d2768fc4afa3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\linebg[1].png

Filesize
375B

MD5
b9d3fd2f70ce593bbb4975c7f73a1489

SHA1
bbd74c86705fde0b0f9d2926addb03fc683aa5fc

SHA256
d45d1b49b5918ea0ffa0b3d119995b96b558147f618f0ea1897906252be7bcb4

SHA512
f4a1292ff1565d977f37e97a7138f2d62297dce487c6f3fcf01f170981590401a01f1f9eb4b1a7cb29ae90d7aa7beccd4042686cf565c10336819b426f1329a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\loading-plugin[1].gif

Filesize
847B

MD5
13630905267b809161e71d0f8a0c017b

SHA1
f64e5f219181bc7baf10cdca31d454bf6d9bcca1

SHA256
abb2c87444ef9f0ad7ff70d880ab21728e26380949753c630fa1831fe62b8026

SHA512
039408fc742192479fe6d4e01574fbbe9eb87ef6d49737428e3ae84312f210d183fe05e907c5f5cb08a72bd642624d2d5a567a8a1bfaa9a84555ec0b4f36eb35

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\material-darker.min[1].css

Filesize
2KB

MD5
2076ef4aad34626673721fc043b738de

SHA1
748cf62852d5da25aa5e8d3b2a5375234f6f409a

SHA256
36f7867d65852095da9627424ca794ab24b58187ccbdfdf637fda7b57ab417f8

SHA512
d8e8571f8225de7dad1cac0b2d20cf86b9209cb042fba9471864334858b772181507a0c9fefebe9dbc7e5d83bd0ae810c87545ffc0ffd24dc7c7579a50ad8af6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\pastebin_logo_side_outline_support_ukraine[1].webp

Filesize
9KB

MD5
a501875a0c38a36855f0f8cc051e7ad1

SHA1
b5230a67e8617a9b6b839f9616b39bbf0d92ab2d

SHA256
8774dde16f1ae45a9125b8689f96cf18a14207ae1d31ba4e584a2ce95f94e041

SHA512
ea9d3ec5472313a91247e4b873ba83d4c19b6bd0da88960d7d9c9012c0fdf53b701173e62ba9412b026ee3bba7c5d9da4bd5d1f30aa32884581954adde055572

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\select2-addl.min[1].css

Filesize
880B

MD5
d5e3c2c67aa3020b86c12c280f6f7b2a

SHA1
2a47336f93fbf9a1d0d0c35d8cf263b5eb17934b

SHA256
3eed9e2140abe64d5a2a5e030bed4b49b3091d51f1196c9c9512466bee260225

SHA512
7276b5ba29297a7770c12aacfc6b85ee5e575a4ac239e2556f017aed7fcf9da035ed8aae4752a201360f994911500265c00ebe35cd0f54bf598196ee966f922c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\select2-default.min[1].css

Filesize
5KB

MD5
051ce4cfaa0c67d019a1799e836f4c64

SHA1
54b213e6feb718bb2f55aa99d7bf3d62c3635ed4

SHA256
f26a52e45d695c38e0ffb6570a09e209815e3803ba202464ae34d09199041a08

SHA512
83b062d4c9f4b8ea9abd2dfaf281887ff1a0bd162be0e8fbccc172135f7acd68c11086c53cd68816766b8a2faf556bfe4c2abab63e6fa25e3e96b5c1f6c80480

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\spritesheet[1].webp

Filesize
45KB

MD5
b4950b0daee072f8f90f09fd86b93b71

SHA1
28092814c39ce565d5a61e8e9f8ae1fb5f52af4d

SHA256
d7aee5871211604e24ffbaf5cc5d2c3f3e737be1362e829cd75250aef1e939a5

SHA512
996efa88f6732142ef79e3f90060068764b7497c9bd4066e22fae9cb8883c81954657d70dbe5411a79fef69057d110a26c8e523ac5cc1f2a1bd54c29ddef5a11

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\warning[1].png

Filesize
1KB

MD5
649db18e0a1a19dc5209ad676e0758bf

SHA1
14fc90714d19fc5648cf6a3af2d857e80e90fa49

SHA256
ef510f0f85c4f2820c804a49f9595ed0ba7ea2ebaff7d3f27a4d1ad523f405cb

SHA512
b5b7f00429aa9288e41d53a8c90e4907a5165115bc45c98f2efbac056ebef1c31b4b7940ad89d24d9fbc387e7ac5fc37ad95b56390a818e5cb5905e5ff34bb84

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\KHK2I4Y6\pastebin[1].xml

Filesize
17B

MD5
3ff4d575d1d04c3b54f67a6310f2fc95

SHA1
1308937c1a46e6c331d5456bcd4b2182dc444040

SHA256
021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44

SHA512
2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
312B

MD5
fa75db9eda0ef043424bb10fbdfd31c1

SHA1
b63c85b8989d53cb2f6d9ef013e69482fef9298f

SHA256
cf27aa2416f37df89735e9234c7caedf06cd1461003b6739563080495960c991

SHA512
4908e2d97f774e242bf978166feef5882471d706cc8caa9d02e3f55ca5b7dae8341c669532b9ce5d430615b513b0528e7a25ed6d134078d20e87d6301104ce47

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_BD094DBD6C208A0E1DA0426D465799ED

Filesize
471B

MD5
4282de0bddce7a0e8fe71318306f32d2

SHA1
a94a979e6c1564a2bb4a521aafca88df28cd8b95

SHA256
2057076009a6638447dbe4253ed2514f165bb69aaaf22e87a3e3fd11890db599

SHA512
bf5a8f70dd6b01a34a302bdc7cc4f456609e1afe3f611a38d05575866ecea3a2848128bbdff94c48093b1ebe6683a108766485f07c76e1d8d818b05685f152f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
948c3d1f9262664e48eb09f0cc5500a9

SHA1
aec45e4456a4778057de96802bea2d9e5957051b

SHA256
7011a3af7e88a22895f8a7d945fcb63640668db64d8b2acb6875e364e5a31641

SHA512
6ad2c961fdc9605ec140de83d36ab4b5fd26b67d153e71e66a224d4086ae7513af3c8ba9ce0668545225637029f85cd55fc72e08fdb552b6f97c72e16b475c63

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
400B

MD5
8ab0fb572713ad0009cd9ff0ff114f78

SHA1
91edda47d23a5ecac1e9e8e0633b1b0834cdd22b

SHA256
b04dee3bfa54a31c0d902eac1a3f34d779f4323670b270535b5b411e465d027a

SHA512
ae6a184d665af89a831093d9e398380b757ea3359154bec6f0ace0b6135cb4e9385ea7d29ef080223651a7aad46b78efbbdab328395dfdefa25f4c551ae97bd8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
2830a4df38060b56afbe127ad462f9b0

SHA1
9faaefd33d1a22342e24f7afe896b2a30cb1e97f

SHA256
1d8b304d957eacd33038a7a35bbfe458b6a4e09ab0a8c51dad354db42552cb46

SHA512
e687cffdf01a1d4b3aeb0da2bec23e54f6dee5765319df0c2a4e92eb37afe34bf27ab35722537f114df48fd1c24cb77bc1348420c3a982b77d506b6a7e728115

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
d3c946a874364ef3f236c13eb8a46d60

SHA1
938a937a249e0f771987f54e8d0595a6c223c8ce

SHA256
f2576fee304eb12b2643e5767294355e1fb42b048b7d826e2184de68e1696808

SHA512
07764a05c30603e80e5ec851a35f01a7b08b83882769624b8076cc153cfbd402f06c7349c82d474c43320a1516c047c073555fbc6875295a75ebfdf79c80533b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_BD094DBD6C208A0E1DA0426D465799ED

Filesize
406B

MD5
3e98fe178f1179b0242ffec280ba2bd1

SHA1
30573a0619120e069c465782168d0dc8652e5456

SHA256
acf888a02365c376baab898604cc98527b98ce65bc6fd8253448da48bfaa89d0

SHA512
5cf42ad8634b1c8c10a1bb5ca034cf435ecbdfed2ef625788813f9ab3ce8705ea3c38fce8c6b37ee6a6baef017ad0132634f0c41939d95958e68317fdeeb1153

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
10d94166578a60f192ba74ba786c1245

SHA1
665adbb69cea81fa85f7b1a668f1ed6843483bdd

SHA256
2d9642165675808fdb7486250dba725200f0227a11a10a9a8c424ab93616fd47

SHA512
2aa89f47d88beea631610e9e79e7265c1540335f337bc7818cb0ff78279ba7da2ae6fc6f8a494784276e619b1bc3ff809dfd93fca7dddb54835c300a6f398350

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\53b5d83c-920d-4419-ae14-68a8b011f49b

Filesize
746B

MD5
b98609263c59bf8598637f431f4e3f79

SHA1
d105d6bf2ef233281b2557658e64d1799b50da6b

SHA256
f09ce675fcb4c5c36010e6abe3be499a93d3c261f82c7a3385c64d7052aabbc0

SHA512
e96b59efb3f5ebe96b2b86ac3f200d163cea5c6aefeb079d99f6355ef1817615cdc805b7a85cdb9a1d894b29ce5fdbc37d5448ac0f4b29b023e66d056ae2c06c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\5e6e25c6-8a42-44b8-91a0-a6362ab65eb3

Filesize
10KB

MD5
3c307bc8b57f7a7da1f5d3aaee752b4e

SHA1
1c020c897ba5b12d6ecc0df0a888ef2861533e13

SHA256
6d8b6b9a9494851fc2763ec2bfe9d50716db7d3f3a4103918ce3d4690383d541

SHA512
0b8405d219052bc2519bd793b41daae9f3136d3315480451f907231c3a0419eb9dac0789fc0abbfc240d90531372614cb39eb5ccabe92fd4fb6a34c493125b12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
c78c478c87f9e094733b6d664cc03ba2

SHA1
ebfe6475beb2b3891917690318f8870dd94f0221

SHA256
29546169e4c171a6c46bb943f183880f1b55d77ce662cb596440bc52690dde4f

SHA512
1a96ce2f6089f78f15f01215b1da332b4e1807d1718dab7ed0fada3e2cbdd4d6445e879186f4225c25f9584dfefdd5c58d4cef6aa358acf7c32a10a1cd0e39bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

Filesize
6KB

MD5
8e284bb97cc59dbcf89a4358246bf5f3

SHA1
05187f94dfe789461ed755dbdc6f2d21dc3b4abb

SHA256
4544d205785090d7117680e48754037ff02f85bbe2f4cc581db91504fd5b8740

SHA512
17be510bf828c04a6607f7453d246928e088d790c6f9b221d042ab3eea84e00684981fd80356a44ac6b58f914398c3d0d9c3cd925ba864e354af6fbf1837cc8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

Filesize
630B

MD5
a569965a7dd7b4280a1857f93d090e49

SHA1
c5b32a3476c3bae0a14dc526d649bc5455eb9b88

SHA256
ac65355db6899a742d94b0fc09955ca1f8cd95840d322311ca01e822b1e0c26c

SHA512
d50bee8e7ff6b758614fa3ef2be24fcbed1265a1076a823eaa9cb6499512136e995420ef502b3cb7acb3141703286d15cd1cf18c3449335793ff6236d319da63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
731c0e733fe1e3123d366af7c8e578ae

SHA1
9756304ea773dd9cd96e5996dc79de2ed6a9ae9c

SHA256
8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359

SHA512
d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

Download Submit
memory/1004-35-0x0000021FB38F0000-0x0000021FB38F2000-memory.dmp

Filesize
8KB

Download
memory/1004-16-0x0000021FB6520000-0x0000021FB6530000-memory.dmp

Filesize
64KB

Download
memory/1004-0-0x0000021FB6420000-0x0000021FB6430000-memory.dmp

Filesize
64KB

Download
memory/1296-106-0x0000000005A40000-0x0000000005F3E000-memory.dmp

Filesize
5.0MB

Download
memory/1296-107-0x00000000055E0000-0x0000000005672000-memory.dmp

Filesize
584KB

Download
memory/1296-105-0x0000000000D50000-0x0000000000D58000-memory.dmp

Filesize
32KB

Download
memory/1296-108-0x00000000055C0000-0x00000000055CA000-memory.dmp

Filesize
40KB

Download
memory/1668-45-0x0000025F3FE00000-0x0000025F3FF00000-memory.dmp

Filesize
1024KB

Download
memory/2208-71-0x0000020AD7560000-0x0000020AD7562000-memory.dmp

Filesize
8KB

Download
memory/2208-68-0x0000020AD7530000-0x0000020AD7532000-memory.dmp

Filesize
8KB

Download
memory/2208-64-0x0000020AC73A0000-0x0000020AC74A0000-memory.dmp

Filesize
1024KB

Download
memory/2208-73-0x0000020AD7580000-0x0000020AD7582000-memory.dmp

Filesize
8KB

Download
memory/3136-264-0x00000226F7800000-0x00000226F7820000-memory.dmp

Filesize
128KB

Download
memory/3136-171-0x00000226F6CE0000-0x00000226F6D00000-memory.dmp

Filesize
128KB

Download
memory/3136-182-0x00000226F6F70000-0x00000226F6F90000-memory.dmp

Filesize
128KB

Download
memory/3136-134-0x00000226F6700000-0x00000226F6800000-memory.dmp

Filesize
1024KB

Download
memory/4664-470-0x0000019392C70000-0x0000019392C72000-memory.dmp

Filesize
8KB

Download
memory/4664-466-0x0000019392AC0000-0x0000019392AC2000-memory.dmp

Filesize
8KB

Download
memory/4664-456-0x0000019392D20000-0x0000019392D22000-memory.dmp

Filesize
8KB

Download
memory/4664-472-0x0000019392CE0000-0x0000019392CE2000-memory.dmp

Filesize
8KB

Download
memory/4664-454-0x0000019392D00000-0x0000019392D02000-memory.dmp

Filesize
8KB

Download
memory/4664-458-0x0000019392D40000-0x0000019392D42000-memory.dmp

Filesize
8KB

Download
memory/4664-450-0x0000019392AF0000-0x0000019392AF2000-memory.dmp

Filesize
8KB

Download
memory/4664-452-0x0000019392C10000-0x0000019392C12000-memory.dmp

Filesize
8KB

Download
memory/4664-474-0x0000019392DF0000-0x0000019392DF2000-memory.dmp

Filesize
8KB

Download
memory/4664-464-0x0000019392AB0000-0x0000019392AB2000-memory.dmp

Filesize
8KB

Download
memory/4664-462-0x0000019392AA0000-0x0000019392AA2000-memory.dmp

Filesize
8KB

Download
memory/4664-460-0x0000019392A50000-0x0000019392A52000-memory.dmp

Filesize
8KB

Download
memory/4664-439-0x0000019391E20000-0x0000019391F20000-memory.dmp

Filesize
1024KB

Download
memory/4664-478-0x0000019392E30000-0x0000019392E32000-memory.dmp

Filesize
8KB

Download
memory/4664-468-0x0000019392C60000-0x0000019392C62000-memory.dmp

Filesize
8KB

Download
memory/4664-421-0x0000019391B80000-0x0000019391BA0000-memory.dmp

Filesize
128KB

Download
memory/4832-3600-0x00000227AE610000-0x00000227AEB36000-memory.dmp

Filesize
5.1MB

Download
memory/4832-3599-0x00000227ADE10000-0x00000227ADFD2000-memory.dmp

Filesize
1.8MB

Download
memory/4832-3598-0x00000227936E0000-0x00000227936F8000-memory.dmp

Filesize
96KB

Download