discordrat | hxxps://bazaar[.]abuse[.]ch/download/7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e/

Analysis

max time kernel
120s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bazaar.abuse.ch/download/7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e/

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2OTU5NTM4NjgyNjE5NDk2NA.G8loOF.5qY2P_nm2NPHz3_p8KNCrzjqUVN_4JC64jJgfE
server_id
1269595255653531691

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 2 IoCs

pid	Process
3968	7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe
5104	7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
2372	msedge.exe
2372	msedge.exe
4548	identity_helper.exe
4548	identity_helper.exe
4340	msedge.exe
4340	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	1048	7zG.exe
Token: 35	1048	7zG.exe
Token: SeSecurityPrivilege	1048	7zG.exe
Token: SeSecurityPrivilege	1048	7zG.exe
Token: SeDebugPrivilege	3968	7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe
Token: SeDebugPrivilege	5104	7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
1048	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2752	2372	msedge.exe	82
PID 2372 wrote to memory of 2752	2372	msedge.exe	82
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 3104	2372	msedge.exe	83
PID 2372 wrote to memory of 4488	2372	msedge.exe	84
PID 2372 wrote to memory of 4488	2372	msedge.exe	84
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85
PID 2372 wrote to memory of 1348	2372	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bazaar.abuse.ch/download/7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0d7746f8,0x7ffa0d774708,0x7ffa0d774718
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1876 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3728

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\" -spe -an -ai#7zMap27390:190:7zEvent2548
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1048

C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe
"C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3968

C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe
"C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
be08514fbbb17f2d5e9acc2e0522014f

SHA1
a4befdbcb39b9671da5f8b7f18dbea38a8b42c06

SHA256
c1827a367377046d14ed4ed0bd38d9edbbd297cd7feb683c55446728fefd714c

SHA512
b17995f913ae0910e53f182bd9fe7dbdb08583261570b666104ced0e1541a14a8ca015f87507f32930770615a67eea9b4f6fbbf7cd0efca4fb916179f1d8dd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
880a510ccfb5defbc817a512e0c1f270

SHA1
37bfaec125e3738e8068f5c028fd53a6ea75d186

SHA256
7434dbf46dd4c740ffe2a25ebd8ac08f24917678fb1b072821ae02ca947ff347

SHA512
32dfef478eeec4e66c1a584c8f60d83ecf10a90ac99235b4ec0108e2f9d12b1654e12b7fbff064cf4d8457b82c110fa0f8b2b4bd132e7b3a376a7bda2e08bd05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
767fdc92b6c4461124bd8b209b529a49

SHA1
29cdb1ae8c0a0f1e2b55eb6413ce310c0c96247d

SHA256
85d73b523f9e8db01ee25e076b0f3644990885c3c0c74b23fd3f9d3f1ad0d8b3

SHA512
04db31590776bb64f9e88ddaaf67a93b33d7517f64d014152ebd2a899363a3f92bda6725f68dd854d7a06940b1d06aef12880a320207925850247f0c605d965a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d63e2136505316c449122d7663e3a91c

SHA1
241d7fbc6565e01ace82eee3980747db43f1df86

SHA256
9ed4d0432713d3041bf0fa0e8d5dd93ec6e5528f12b2114fa38c7244ff8afd4b

SHA512
f351d03d6b5831c642b31bd1ced8e2c5491fec9a5aecc1ccb5272df6a049c2b5daebf316f3550dc1ad5a7fcbeaf5ed0e4e04a2e8d37470b238457ab43e1f9541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
488f24b790c861a971335407408cfdb0

SHA1
9dc0f1be78a6b1b96c244d1ad1bbdf90d504c527

SHA256
9d5cf3efb49a7162866d800ce026c362ce8a788d79dbd7d337923a62ae9fd60a

SHA512
58aab3b057dbbead46caf3be5c79b19aa141eea7d0f1d7e807191b06fc29c4e1c4b9b354d1068667f61e10f34c2e7687890fbb17d0ab944489ae3a47c4ff19db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
afd4ea82dc138058b4e13977475dfe08

SHA1
22fc9573c025ff5e0cb4c3b6a615ff82b15301e6

SHA256
20db758033e05861ee020193ed3a5b4e4822d039a33ede1f4489d75359df025e

SHA512
aa48b8682fa6a3ddbba7cb5742b131fa2aa299e2780fda14ceb4061351c23878c31346ae424397a5b9f54b93242be3574c439061642b86473fb231d0078fb03f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83886a8a696bd07d5a14edfaa0793ee4

SHA1
df7a7a65de2f81c826299710821b5659f32b0e6b

SHA256
3d6b8b2832c189a215690677317895002ec0ea15bc66862037b888ec11cab3db

SHA512
5134102196b3cf115bf4793dfab01a398d3b3002be065a561a7888204ede3f99cd29d8a382977d797ec0c1bef3ecfbbdade1717d9978adbfed53605480a93a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
fdff7ede4971ee6ecff1003d4d49dcc3

SHA1
6c2901b06dc2e84307f413c2eb1e7c6588bbac47

SHA256
6077cd0e64bfa55f53031b4802360f9be28666ff747b3928efbe37b70c399ad1

SHA512
3feff131207b94044c3711abcab908979b14defa361f38acfcea2911efcbd14e56f01389f35342c93d9fb93a4bef565fb849489be2003fa8ed9cbf13a3d778b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59065f.TMP

Filesize
370B

MD5
010d090f21c366ca57e5a05cf914f095

SHA1
e92b68f720daa02f57c56e091007b32c67c0c4a1

SHA256
6eea85b6cbf06e265403ce3ec575641fb3d0f0064a2366650d1d4a14b756e4da

SHA512
c88bdb68a1ce0e50bfe012db7f59ac0652b5f4429b0112bfbb6592e05ae9d23c6c5e08d86f81df48f81867b7bbc3413b5c1b6cd823452ca3782d02d69568b895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c910b54e6bf97b8113b40ffff3505f9c

SHA1
b55514aba052635bc1f9478272ffcc66c32d1eaa

SHA256
dfa9b77bf7510494c7ae09ef304966173fb950cb9896c2695617a192a7fc1ddd

SHA512
adf72db99cb9ef5309bca685ec8239fd5547c4fff490ed8079bd2197ecd1c87c2d91423dc167afc4b2ef40713f294427f23357a6336cbe4da3527b003ad32188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4815f22fa2a642a20077952c8b1c5017

SHA1
9b75872b645780bb0c4797ba659dc216a62301a5

SHA256
501a14d127a3ffa295bd2e27d1da38bab5050172ed813e3eb7a0435a076f3c70

SHA512
ea9fa46f495fbc5ef620b57f2c27813877964439785dd3f4f90a45fe97b75eca755d40b1d6f44df8bc6267638bf9b7dae0507e755472d6c1a902b266544f1f31

Download Submit
C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.zip

Filesize
28KB

MD5
645437b685db954ab24695726ab9912a

SHA1
058357f7fe64adf945e1404969076a84bc41b559

SHA256
e27a918435c4210ac6b17da6dda9b9dfc7f1a9b86388d88ce11d9241781c32c6

SHA512
efac60ef1a596756b7fb13cdaacf034b8db56ad254732752aca8b3d4b06dd6e65e02257e5a11e51aff055f1df38aed0f8f5a18ef90bcd51febd3e606c473488c

Download Submit
C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe

Filesize
78KB

MD5
e90737cd3bfe5407b6a79c0cd491a2fe

SHA1
5bb9667c0f18fe6aa36b7a9c6035110a5efbb541

SHA256
7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e

SHA512
85c4be4deb507525b5c78df9d029d2fc7805f1bab2978cabdf541b2f24bbc32a8b310553a0802a8768673ca08cf4adf1938659cda95019b571c54a8815bd50b1

Download Submit
memory/3968-248-0x00000139549E0000-0x00000139549F8000-memory.dmp

Filesize
96KB

Download
memory/3968-249-0x000001396F030000-0x000001396F1F2000-memory.dmp

Filesize
1.8MB

Download
memory/3968-250-0x000001396F970000-0x000001396FE98000-memory.dmp

Filesize
5.2MB

Download