Analysis Overview
Threat Level: Known bad
The file https://github.com/moom825/Discord-RAT-2.0 was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Executes dropped EXE
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-19 14:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-19 14:34
Reported
2024-08-19 14:42
Platform
win10v2004-20240802-en
Max time kernel
419s
Max time network
456s
Command Line
Signatures
Discord RAT
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\release\Client-built.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\release\Client-built.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\release\builder.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\release\Client-built.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\release\Client-built.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\release\Release\Discord rat.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/Discord-RAT-2.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd183e46f8,0x7ffd183e4708,0x7ffd183e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6068 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2192,11314181387607899636,1039931777277316922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2783c40400a8912a79cfd383da731086 |
| SHA1 | 001a131fe399c30973089e18358818090ca81789 |
| SHA256 | 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5 |
| SHA512 | b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685 |
\??\pipe\LOCAL\crashpad_3504_USWKCJDLRWCKGKHU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ff63763eedb406987ced076e36ec9acf |
| SHA1 | 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d |
| SHA256 | 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c |
| SHA512 | ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd4dc3f3ad67d047ce9580d93b5c773f |
| SHA1 | ec4abaa1cca20794ac0388ebf5c98a4a56fa4ffc |
| SHA256 | 2c28c1aff86b7ed34012b1a5c3ffe602bd7c5d53025bc3cb00839a9556f6b357 |
| SHA512 | 912d935f1f735c13e97a4f055611e25d9f64e9cb6da655ad3262386516277961962c748d72ada3933eabf572272efe022833b68eb74ffce28c0d62ca780a5c2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ae6f19b588114f450df65986e908759 |
| SHA1 | deb1f87eac7189ef01fb67e138faba644d8380a3 |
| SHA256 | b64e777b9305a4d6b35b47e16836eb3328caa2f26642e1c55ead40f67ea5574d |
| SHA512 | 47735235eb96b78990def270d183e4b8010ea917d6e7507957a62b3d3eb368eb46ee443204ca7af8b17df50165dcd83d2a74d0d494ced77ab4ee10fca2a7bc63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e469a36883727c743b539ee2a3369336 |
| SHA1 | 40a4569d57e1b3a9f5cbe558b94374876a66072c |
| SHA256 | 6ef517f25a551dbf03a38e7a76671722483d7e4753a69a5c0845bc0ac5aa5040 |
| SHA512 | 1e01f24ac68fa9985302a1ba44ff1a4e9de7b42b90a2a58ca3dd487212934f8145e6f3688deb1b97b5b30484b626c256074fa344c987c302aa8e4b60b878e5a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 99fe6aab08dae23f9aa0590ec18fdf57 |
| SHA1 | 32342e1b06263085683adc2056a3189628ffd59e |
| SHA256 | 34ee3df8145cfc8a7696d121cfefb8448bba1520d401f18a25c2cbc8d6a31a35 |
| SHA512 | 1e994bc2a70083de23c9dc094ac4da2bef0fe5d4bd9fa9d17070a3a68ca45c067ae2d26a985ab0a4effa782257d448c5f6e045564b83e9f152dffb068e3dc0bf |
C:\Users\Admin\Downloads\release.zip
| MD5 | 06a4fcd5eb3a39d7f50a0709de9900db |
| SHA1 | 50d089e915f69313a5187569cda4e6dec2d55ca7 |
| SHA256 | c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97 |
| SHA512 | 75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4c4ed27e57119387b82344de7eb2ea24 |
| SHA1 | 4bf9d92eeee9d44966e77a43ded7f39fafedbbfa |
| SHA256 | ea0e427a6f5d84938c60eb1098a7f3518eb071d70ccabe177b7b639753fcfdac |
| SHA512 | 64e600d0e06e83a828f79dd1c51d11a4cb539dc2286622058fd216b89ef8d605a59be3689233a0f22d9d29d1c4b0527733d058d5b11f1badd6e9cf1a08d5e5ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 192ee1849fd2a8418a4235df2e8c943e |
| SHA1 | 916f9a89dc91d09c536fc2e3765001f2e3fd79d8 |
| SHA256 | 0ae44ec38a298b450a2dbf13510afa380b860efdbde022165c5d4c7ccfc32175 |
| SHA512 | 989e7ad4ae3a08269dc7dc7c66b0321a651808106898ff0dc5beac3730903140f2648251246fe76f30f2ec2c7fb1e500fef16dc290d281bd35a5f458211cf676 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585afc.TMP
| MD5 | dd5d19784ae1c750727c35c3162b79d1 |
| SHA1 | 7bcbb85a803c3dfe70d7f51a13b39884e95b068d |
| SHA256 | 18641e3b950e6e4ba92716bbb46659b7f0663209d4d467ddbf3cae8f8621fa44 |
| SHA512 | e5559194ab5af8708a35749651366b1a4cd8591fec23de477a8c4e68f426c89d0c43f42b3c2a73e5eb990844dab2c82683bde0f3f64630897296c253fa27cd88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0ffa89ce02a4337568c2102a416dea0c |
| SHA1 | 989555792c18561b3c3620b619d9500214d5e7e6 |
| SHA256 | 1b71270e5d07b2caa2356f857042f94cc23ee300e9c84f08aaff6ea4a70714d8 |
| SHA512 | af3d9d3c5ab676a5864afccc2fd15f4526bc9698105f5def47c90321686e4cda78c08d84b5783a225b007f639eb78d40e5830847a0c5f4f496959fd57695b16f |
memory/2788-251-0x00000000005B0000-0x00000000005B8000-memory.dmp
memory/2788-252-0x00000000055E0000-0x0000000005B84000-memory.dmp
memory/2788-253-0x0000000005030000-0x00000000050C2000-memory.dmp
memory/2788-254-0x0000000004FB0000-0x0000000004FBA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 81075975d1b6bf7b118c73526b53cbcc |
| SHA1 | d10a9a6a201433d9aaed19e8cb8f88a04ee8f582 |
| SHA256 | 8cc283d1e973e6a279d62b4a50b8ab9ab86244aa5cff108b495d53e54827a52a |
| SHA512 | a8580f93e7adcf246622b51ade72d718004495d596f7c2b58a6fd33ffc4be3311f0947634c73d16963912414e25670297905ec24f0ebf90089a472130cfd0521 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4f704b2b132d9e95022bafc5266aa7ca |
| SHA1 | 4540dc1e2ba374377267e783bba8881fa1426c52 |
| SHA256 | 1a0e9f2b43449e7e088ccdec496af49bc05e924618a160af31d071d48377148c |
| SHA512 | 1fb643c0bafa90b43e5904a9bf1454336d7980844a083943270d02cd21f75ae825d29c6d70ddc7c73fba4a7088195784916afd747b691cf1e754c9e516d516ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6635554ef5235e45651a04570827e35 |
| SHA1 | e13b226ff7dd7af9b19a8aafcd57df39312aff0e |
| SHA256 | a9ad110236f9396b62004f1969a13c96644457599e29f7ba941bcc0056ed3182 |
| SHA512 | 94bc34ddf7d03544ca56b852f012eb51e2fdcd7398698f90751c7c27c518f8aaf49f247504c229fa64cbbccd2f36bec51a37315f172c8ec5220d8636a6258dd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 00838b884fb16138d827dae0b813fa33 |
| SHA1 | 52bb93c30e18b53ccd49bc6ec4a76abd280cf50c |
| SHA256 | f9e1dcb6d0cf7097a5e53d1a8da3f75131637d32e5640671ffeeff6f91333539 |
| SHA512 | 84113b2eeb64e39e457a9e39c4acb76f24fe7cc0a9699713a2bd11f04d7a662ce6bdc9f3a1d1ce20b2a31e00c5e47902d0a97893582f9d51d33d9c264e7ea2a8 |
memory/2788-372-0x00000000063C0000-0x00000000064E2000-memory.dmp
C:\Users\Admin\Downloads\release\Client-built.exe
| MD5 | 9a6e9a36bf98f2ddec391a67899fec6a |
| SHA1 | 022b3a3ae1b8182a7205832ef26b136a20480ef4 |
| SHA256 | a991bd5cda887ab7347d53c83f027ce576ad1042a52ddfdefe4de827fbd34701 |
| SHA512 | afd5b4028d856158096b1d1d44bad7752d1ee363e6e67ae1cdb6d6438a15cf1adc322ec8b449d25393f887cb7562cb1457b7053232f438c6169aa2df850b76fb |
memory/4100-377-0x000002250C610000-0x000002250C628000-memory.dmp
memory/4100-378-0x0000022526CC0000-0x0000022526E82000-memory.dmp
memory/4100-379-0x0000022527600000-0x0000022527B28000-memory.dmp
memory/4068-381-0x0000026A030A0000-0x0000026A030B8000-memory.dmp