discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0/releases/download/2[.]0/release[.]zip

Resubmissions

26/09/2024, 21:09

240926-zzh16axgkp 10

26/09/2024, 20:57

240926-zrkvsazgra 10

Analysis

max time kernel
687s
max time network
690s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
26/09/2024, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 2 IoCs

pid	Process
4828	Client-built.exe
2656	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
62	pastebin.com
65	pastebin.com
309	pastebin.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4796	msedge.exe
4796	msedge.exe
4360	identity_helper.exe
4360	identity_helper.exe
3004	msedge.exe
3004	msedge.exe
2368	msedge.exe
2368	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	5496	Discord rat.exe
Token: SeDebugPrivilege	4828	Client-built.exe
Token: SeDebugPrivilege	2656	Client-built.exe
Token: SeDebugPrivilege	3184	taskmgr.exe
Token: SeSystemProfilePrivilege	3184	taskmgr.exe
Token: SeCreateGlobalPrivilege	3184	taskmgr.exe
Token: 33	3184	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3184	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe

Suspicious use of SendNotifyMessage 63 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe
3184	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3332	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 3056	4796	msedge.exe	79
PID 4796 wrote to memory of 3056	4796	msedge.exe	79
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4000	4796	msedge.exe	80
PID 4796 wrote to memory of 4560	4796	msedge.exe	81
PID 4796 wrote to memory of 4560	4796	msedge.exe	81
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82
PID 4796 wrote to memory of 804	4796	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e7c83cb8,0x7ff8e7c83cc8,0x7ff8e7c83cd8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6192 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10162717933629636009,11338244082997648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2792

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4500

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3332

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5496

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4828

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2656

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5400

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3184

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\builder.exe.log

Filesize
1KB

MD5
ac45cc773216001c355992d869450b47

SHA1
1f19c3839b521e1bf1ec7928f32f45234f38ea40

SHA256
c9c03abe98c496376975747c9b617f5f6e1b50aec09aa8be31aa24e81254901f

SHA512
3d73620a59089bc05d60ae07f0811ddacd1661599eca096cd9927813f86dc9cebac1de221691373601c743250694de43e408a9e607e813fb28260b1509f84574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
27KB

MD5
f9f5c08532746eb8dbb651c04f4377bf

SHA1
0ed6b5e1348becd4ca048e482ed6dc6583ecfcb6

SHA256
6c0fd820c15009c6fcc97301ccd217d783e43a8e5425b6d91f43fce3b95f3bcf

SHA512
43b78872700d9287bc6efc4d339fbfe022659cd8af69d4c40ab529ce5114fa3882e44d28d60e24bb8080c4d99cf110b9819ecfa758e2986aeff0fa4562f3a62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
34KB

MD5
cd28431242d66b4fc00615b887ac5805

SHA1
4c03d0ce1ddbd9e7e43be1a56149d0dbd0437ffc

SHA256
8eefb6c2900b6184c43c6844c1abcb416131953406d7e3077676b7c8a86009d6

SHA512
f59f4771144e39902a5af5aaad84865e2c946d1fe7d617190775ef136e8b9045ea1bc8754c78597e1809b75f74b6e7dd0f886299825aa80644bc6b7c7ffa3e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
16KB

MD5
d2178b11f22be6356c641dcfedc1ab8b

SHA1
e8930be2abbfcbcda456fbce6477df33f4313613

SHA256
6af4c566fa57001e63ea5ddb2da1a2e98f545c09fd141ea7871a311b82e34efd

SHA512
227b47e7702f8d93d747061ab08dca0025eb96a05cf5416d79f1a5816500032bc1cb4dd791103df209c5c6d781fe2a6827d33aa66e5f5025c394220bb94c1f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
46KB

MD5
79947998a75b3f9199e88954587312c4

SHA1
0d370f7c028d1eb1681ffe0996012402ce3520fa

SHA256
911092ff36328c610285d72d3ba18fb95965e74f21422b1e8f54f5263db1e05b

SHA512
e59a704a877d8874b8acfc8726660f11a8af77c740accf80b38dc328e54234650dd1ddad444d6532d8de3d902179e191baddadaa25a98e618d6b60aefb1a6685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3760eab6f3687bc9_0

Filesize
267B

MD5
d979a11abb7ff8b933e83cfba2021697

SHA1
813ab08d5674132d7cde628d3deb8e7095938913

SHA256
7a3221f714c208f3f9659e2fb9c058874e6d83585d25c1b77f410cb8aac2cd23

SHA512
072c0716604913ac3044117bf94ce86c037b1ab7b8f6055b388862f0e9512262b512c85184d218b988d6c5af2e9fcf86dc9a084edb0e9e3323e124cfc8963a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\993c01bc305fc80d_0

Filesize
69KB

MD5
bf64bd2a11d5fe37f574ae639601e4c6

SHA1
6974d10a88e987fddaff589e8e77d91759c464b2

SHA256
e113b47b161aee87c39e580083e2cfb9635ffe93bae7174f2f6183342d3a9056

SHA512
03b3a4880789fe9cccce1ca019bc79701136808a3642a1feef0f44d3c963ba577cb4618d2df3f133edcb1cf65752c53a2904f2e3b7e37517f11687cb62ae51d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
48102d00c9ff7fb02617159271910fc0

SHA1
57151e433575fc849d8a647b43adb3a15eb372b3

SHA256
204efbf3b89159272feb9f374bbfb09e3f2c103330cffcdedf9855c6b6dc2e39

SHA512
0050e8f3cd97f44ee40c1fe6ab1ba4f366ddb4adfb78dc53c1624849002d54196279a412b869881a53c2ba87fae82a2e0ab729701d30fb28366f198898762495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
af14f0a6aa49054ac2658427fdb42b71

SHA1
02d7505f71532fbce608d70a8bd82485566f614a

SHA256
24fe91e1ddd2acdad2bb620d1d897dcc13c5b1ce92e8d4bf4d020436398fdb05

SHA512
b8511305389ae00256e4499cf243eeeffbc687a3d042ae60beb92d012eb13c4f954c8781445aef6debd49aa47a2d1cb32016fd48770f2a6aa8e051769cbaa358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0679ec2db51e390d5bb354fe18955ddc

SHA1
737590e739562b9af1ab002fbd63ca5a4be036e2

SHA256
ac568fa1ec9c1d219c7b8669a7cd04243f9be9b9ded91be70f7d8209c4c21117

SHA512
60c24cc59fd9c282ae147bb08fb9c6700df62bbf41d833771e398046d6102095c5817c941a51202410894b17be5da464a79e00e3a360b1f168131d0f27944b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2ebff5eb31ded101a96d6dbab9da3f78

SHA1
d9495bdc5971ca9b38ab247bbcbe563cbfdf2f2f

SHA256
cd8c5685e25f43fd9e37b1da50379ab53b68387ffa09e2114563e02a264fbd1f

SHA512
c865140a41a793a51f171fcc7e52782344d64fb63cf8139bbc849e47bf6d99fe37edc344c0ea4dbf701fd381a3670cecd0e62b9d88236dec0115c4ecd38b1592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e87d2cbc67ee05100f65613fa86bb0de

SHA1
112c3c6ad4a11a83dde32ea7d07f4daa3e91ed3d

SHA256
a7e5ba5ed82683ac79b8288386c268b32180e2682fff85144b2f8a0af2d4346a

SHA512
e6a2d30eea69e7790b0fbfc8803163ec04627beb8175c4883cf477d58566fed99fc95e9df684536d36fe8d9b1684a677a94e91e41fba1d0d335488cd800b5063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d278c33b1f56e62e91340c039947b4a1

SHA1
aa5044d3f216fa098a0d18f65c07e361414734a7

SHA256
b9a23ef0a7dc8e1afd17ae516c4d22b3f177943fcee9fd99d5e5e6f34695456d

SHA512
68dd05d293b458dd666189bc20303f8a82d2cc41defa3f4faf3fc9e9cc8d6a22573f388497d9fbc73aba520d669b99d2e0360272f714b3da7bc6ec7d94125c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
82bffb785cb0c8bf9aececa696257643

SHA1
b76e726220ebe88eb3b1964b9453102f922ad9ee

SHA256
93d4a4d408f60eeb4a7d5aba0a1fcada56fd1b1fbb9c2520b022248b36bc72ac

SHA512
7fadc4ebf3a3a4f0e7f1376c9c285f37bcb449cf84614fb54c56253e55defb6486263ccd656c4b28a6205b6b936b9786937d9bc1cf31755553882ab9fe6afa7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
97f9e30d27d1d61ff15d7f1c70ce967a

SHA1
d6227bab2cf59ec1563a622f9c2f154d4144027b

SHA256
ab6d2a23af4158700c918734d6671c2aa7f52d0ddf5f75b689659a646cbadd71

SHA512
0ea20f981ec43e497e4f393c231e46be1003f259497e5f633ba22c93ef0aace2550d1f82af8be9c9ba18fee06144c39ddabb30d53ade97a993dfc859318ee4e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bbf1a532a11fa14f4911147e55a1e848

SHA1
6f6d1133d476be1ede99528d856f990d962c4ded

SHA256
a4042ea46d17a307aa14f3a1e81d117332cb06c7bc5445658256e7c1b3ef9045

SHA512
af036736c15e5b8891f86704fecd1e29f3737996276806a02f57e813c77318f6a3242392e706966a1f51180bdbbd0a9e45a576334f8a0969537318a1f6de6342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
43920cad7d245b40fe8361324efcf1cf

SHA1
837e5ac141ee4cd8e2578e600346d8d73da758a4

SHA256
119426835ed4ba3cc0428c95b14d99aede38f8540ad98f3619d5651dee600d8d

SHA512
cdbf9c22225e6ab8dda3ed436efe5a3d71d7302e2c3a447809b896bba6a1ca7e767212a39f7f3373c3a4faf35db01e4ce95b352495a74505b854b189cb43afff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
41edb737ebaff4336c4b51f904801cad

SHA1
934e05562e52fd4de57e1c311070dd9a12ebbfc1

SHA256
b8ffddc10af0e8b19e890b401d2166d1d28ac1d36d8a204144cd175b85346348

SHA512
9baf276ee09bbf40bcfce87ed73ea57bf8fa162122cfc65ed01fce94157e9e08b1136f2c8566fb5a9795e48b27b5ad01494c3b6b352212b4c8e3bb60add5b7c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
2e6370e2ce3bdd0b94a87a3c635c03d4

SHA1
a2f200a1f242d21e34290bd96c0468412d59d092

SHA256
1dfc52cf7fae6bcf99805b2bd914d60348e91560670098967c901818bdc92683

SHA512
30a1db6923e737bd4f11ec5577a63adbca5c5b030661896dea9b0c35d1dd5f46fc54b38706b28ae3cd47ce8f2b173de646c14ae6d1fe69ad0d67479bd06e4e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
ee77ee0ddce6df6a4cf39b6d19ea6b4c

SHA1
d5407a3c365266b7a794e647bc17ed9e06b4389f

SHA256
79a078c39145a1dc1c27c15f05bb7a39bdaf7aec14fd85a2dcfd36b95a3f5b36

SHA512
1841689b05aab9ba73ac48bb390c148e92d218b07da6b89bbec900bcb84055fe2080115545933d495f6e8f2506497af930fbab1c68cf65ff080f2d5a61b30eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e91b6bf5c9c9e93e6c48858e719d2b4a

SHA1
bce53e5a07735362e13c5bba10e7acf7396bda16

SHA256
75df79793f21a2f34fcfe0ca29ac1afc82ea3523f5040ca4d1e70d944fed3a15

SHA512
038904bce970c4ac4ff9e1a3ca74f3ca03b2230c5255f038461fdf0692fe8285d296318d1ae966dca8df3dd8a6265a38fbf2d05bbf70ff9b012d8336cef35a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8dad1ada602f026c3e04abd7bd3f245a

SHA1
d188d9413835d238dbc3ea2a116af56885127583

SHA256
70bb8915dd4ece9cfda973399ab509ae04acfd665890f19373c07af11840f25d

SHA512
b0785446aadff2e6bde3ea390a46dda6cd84b4b9fe992b3322dff8147fca3621aa96064d111d8b810dab906c15dfc522f09236aa2d628300f24a813cf6715325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
297fe4ec189a763193601a145a6153aa

SHA1
fd9e0a64989c96d3f36cabc59b72f47c4501bf79

SHA256
5cb130ce3b9b0a62386d467b18f85c81142197c445ba472bee2bb32c50a77f87

SHA512
1017e9c55c01dc5e00b1569f62b48b8bf20badab699b5fba3247a2bf6fa2f515e027db4189707a46b94fec65e992711449884df5f9c956a6e19600cfa647bc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa4a4059f9bb97411a401cba49c413a5

SHA1
d6ee1271b4fbc04e8e51a5df8a84ada99339822e

SHA256
39c63e954aa038c20051fabf8311a527ec4dc190b4fc217bf528359496c72d22

SHA512
7ae38ec2ea2ebd456f2792b9b3fe9df493172f680714f471cf530558957df9dfb2b563a7f8ac2f016ee6b713fc4d07497ab6d7f171e72556a7e726332a139d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
273701bc4c0aafb01163ad88d2e4f117

SHA1
7e780f13398b0988d1356b3c0b02cb4320a5ab85

SHA256
7f52215f79391bffcd25553f50d161e98cfbb9d9bf1ab64a01853233c270aef0

SHA512
6d217b1b936c3495c946e99c31f1dea2a077d77bab70fabee3d46f0f455940a948bdbaaf562be1c68b069fb97d246fcf8dd58dca2c60e6b4bcd5287ecd206e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
bf265c9d70069e55b505b7fcd671d82f

SHA1
367ce591cf660544eee46a2175b73d96b6cd68c7

SHA256
d23c9235716a72fc6cc5c9d79b2b249f0240cb1b2427abcdeaadbeb07d18ea05

SHA512
957196862a23e3c5beb425baf6502b574523ec4047f16079cb6388c75c1c954ab3f14e8361b9b9e1b6fdcaaf07d5cddadd0145d98257e0bb99be8f3676c953d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4cf62a74291ed71e7e1e624040fc8859

SHA1
b833a325801b1d4bfb9cac65a649463784169212

SHA256
b7f788eed9722307a2ba6f04a82c85319f00848cdf236904099fb49b2494b4f7

SHA512
db8ea661913d28875511fed5b6b9d705dcf364e4d4cc6d4efaffdffa2bcf9d49c047014b6876b9fc9e475fa01edc1668d3e944f3f7f94eb3f68287d3533e4eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fdf89bc9a06884c6851ed909d7f445fc

SHA1
47365727028070b132bb63f3121147f03a7f5f90

SHA256
fc8155bf1a99ba12339cb1f2b2ff5c4284813c762fe41bef1cc20d30d861fb25

SHA512
8db7681923700d44c45440904a4678200ffa2d8c1511c61e184fa909c8d8bb2786d8950f758ef9882531bfbc94ee5d8fde55f6c81af614777f43699f23eb3462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3a252444676664e5ce3b766593c0c2f9

SHA1
fe68f9e16554e067374f186be4d11a0a88da2f7b

SHA256
b10bc0cd534c6e2bdd9dc6603d0a8394d69f142e987705d3365d260fd3484bbb

SHA512
c1af3dddb0d793af11e5c0270f02eafec89db7d6d9ac609de04b329be7a5143cf716840586baf26f68a59649afdfcaeece86d16d5f50470117c6cc62d39c46fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d5a2739b9823c97311cf60cb17f0c8c6

SHA1
4de40e98d3c8e8eb4622984d3546c0ffd318272a

SHA256
169bb73fe871d90877e89d388a107b36a362e6518c9d02c195985222ba079b35

SHA512
d971949c2bc5b8ddf7e607a06d70567dc5d79b6beadfbf38e1af44d9cda1c94994ef7733e60a9c4e18933cc20a8c2166aad471a28d9cf913c9a2f09d3153eb27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
30608397e1975ac4b0b4e0767060838b

SHA1
c27a34944957377e37068504c2dd46134a3be59a

SHA256
35b327ae71e935a3972622f95547623adc9788e127a293e9ca2b280f2bd67bf8

SHA512
cb8b95b3cb708f6739e0922bd81944200d1ee7ba1ee25d4d0415ddc1bfcdf43e225b4524d21b10c74deb726694c96a3a61c8fe8e3777181560b4bba8c665c788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0fdd3d54721f7fda183e64f3e750ee5d

SHA1
9c54875c120b3e5fbe73bb3000035fc0bb3587f2

SHA256
72edbbaeb0ce0bb98d6537fdb0f11d2a1803020efd64ce65800858e4869d81c9

SHA512
8d5ea18fba9b232b85fa1adecf7fec8e11bed4b072c1bd72814ddbe28adcb3f023bef7675614d97db7736c0802336d21aa9c005d9938757065ade9d6249bbe0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5a69c586d8f7e741076d9a6f4279bda5

SHA1
d088ee474935f5db15166d749b2b3e513829b4e6

SHA256
e410f483130714036926ce9b7a36c3e0f67f2f5df81ef3b85bbd3c5f67f69464

SHA512
c5b6482bc61246634b4cc6a9310e1d57ee88aed63f41f6f3dbb230942c4177958a4b3a16d423804dacf5111d79da3de575b55cc48e20e35ca760744a29d1b1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4fe482d33a24e2b237d8663fbc3c8f69

SHA1
8d2381131864d654ea6759a9849ddf679a855aab

SHA256
7312b1712054c8c441b98c685aa044e741c7c07c99b099ec2a6fec43e45efb85

SHA512
25416d4b0b3e262b8664f40df5db3a404a8e8c409cd2a339e6d27b90f85e2e12d964efb2193f74e37ac6738e239ded7664c34abf74da31248f757a995edc05d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1885781f52a840ace08aaef31a8ff8b8

SHA1
5407af35ecf28da5776960ec3cbce241405a5860

SHA256
c88bae2993baa99797286811b0a18e64bc113f30793c232eab0392475ed1b367

SHA512
a2f6d39ab278e75c45ee3f811caf670d6106607da02c9e1fd09cdf5323ab7c6f7440d5253fa3eade45ef288935ffefde7a16efa09eee26cf72802fb9c331d442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3af0639e05c78452887e6056bcf37e6d

SHA1
1f3b267f00904085c85f9d523b6fb69e64c08828

SHA256
c48e1d978d75337150d2388cbbb446ba4677d18a26c3020f02eb43f23c2e8910

SHA512
1934b33cd44c15eb04089e80dda53dd804f84c7aff5e5e0f6d9117f91bafbcdd6428180cb84b5ceeac1bed61cd1908ae313fe199ea10062f61f30f3bf6364e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bb08bb36d14f25431e85899875e53117

SHA1
4dbd67b06db1b29123cb31e4241f42a006711b71

SHA256
7c7d654ef715f8be5b5aa2fbb6027879e299f36bd2a5f90a33473e8212cf4879

SHA512
742d9d8327cf1175cc5d85440aa0aa539be1a8dece91ae771e678eae2579189366997fff5bdf2ddac18afec397e5e12fafb0b116d3851efdae4575eeb9b6aa21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4c62eb559c70c06d7b6f2479e561f0a9

SHA1
20e983170774f2e42ed72d5319a4da7e36ca2f62

SHA256
3dbd203be663e27a2859a146fc9ea3bc4ef98f7a248191c0725d2dcc6c352726

SHA512
741aaa58e1b551dfc1c2915fb2e376115ea39639d1f6b91a21900655648cb1c26f4333c5907c9a76f78121ed54c641953d843aa7050101ab6fef4991af1d9cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0dde3358a934da10b7625d2b9353cdc7

SHA1
8d35422cb483341e47147afb1984e9eede158288

SHA256
963b09cb1d13ab79139a51b46e6e96d9916271db6bd43ef5001973cf26ab474e

SHA512
5f52171b58dade41d05fdb457f4c8a3f99b205635e6b2b361a79ba188077eb276d6de42b2ecd3e476d0fe3300491f79cf7e1745fbb3e6d3fa9e65ee3d4f4da5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ee8c7cdfbc5d50fa29fd56f4727b0eb0

SHA1
cafdf2020bcaf382de8c6ed4ed73045c05a56aad

SHA256
8a7c6cc9c64294e21ebe827f30887852d0555cc4db7a0823eeffd8b5a101317b

SHA512
365b35e40cf85bcfd046b80a5c525d814fda65714f6ce694cf18b59780ba04569176c4cd8f73fa73a6331cebb425508c0c65fe4950022a26b492c481ec77b73d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
78f9e78f6dcc5042dcc7ac28a3d11e5c

SHA1
d0c59b9c883296d7246d9c0d19334908abdd6ca2

SHA256
886e41d7327634b12222aa0571dc7b0e1bd18f2e6ac0b67b0d6c803279c31594

SHA512
5cfeee49260bf2cf2534422b68ba3deb605b936a0ab19091f9ec0335749bb45dca19cc4d01646abcab92dd92c02ca644a3ca3355abf8677400cf7b89aee5ae67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
97a8cd1b97a5bb5b165e19de57342be6

SHA1
cb0af21d4adce2b409a4f3d676ba2d39d7dabfd6

SHA256
af65f8cdf6b18b7f537f699eb9703f71280d11aed40fca4e32e1f8eeb53b8ca5

SHA512
3fbd6037f80f11b59b11db5b4c8a57338e2d7d2b1abc518cddca8eb12e4ffcda65bbe370c49b368fa130bfe6a82ff6325aa4b3a7b4fb6b3788707b248ce0da45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7f8967b853e249ead82fc496ee508dd2

SHA1
1833266e4d07731f93e0d62045843f4b532afcc9

SHA256
5162df9c0d34275a94baf183e9dcae50720d66315832ecf2100ef846e742d5e5

SHA512
52b35adc1e5256a56a712918cc129d68fc18ebad08472fb62943c32561a4ab412c9968d4dea3920c3a9abaf5bde568772b5c659de588a6f8724324e68846f638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d6349bc55bea97d71f6b348ac6901593

SHA1
b62d7020b7df9ab88a2762d72e3e3d12da1f613e

SHA256
f5f5683c515b2ec3f90e1257bc81f2dc6ee84ff569c4c2986f499c22e0339f13

SHA512
46d96f0b2023fe198e4e2be4236199b76a825760c91f105d0548055f8bbc9b175abcfc941df8c16c637155be15bccfb195c4f5493bb78a07fbf18d157b087061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2f1a06c553149ee63641013fec1fc591

SHA1
281c245be52d168fa40dd376cb4f49cc10668570

SHA256
5b40d3d4948275dcf5c48b3100649b0771916a23e18deff44a0299b2fa58938d

SHA512
b26bf7d2792d0f88e5062f4b82d129fdad80197a1a6065669b06d776b6d6c5d93af2518e731d0aa2a17777fc48fda31e1ee783872728c1d6914131d55b1825bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a0ef6a60cc28f641b09375b79fa2b320

SHA1
db75febf15da2d29a5f4e1419d01f00fd4ed7543

SHA256
4ef638ed3dc0ea7aef58c485a8bda024a6098b8d68202d8f4f927c1da8eadb14

SHA512
bc2d4b19833eb04beb7a2406af914c2fdf6870f3b57b11827859dc994166cf6d8abd7b1a39a952298928055a5cfa57c3b0032408e7ef0a3b7c0b09b389e42dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
802257df535fe6dfffdd560f4f9f5a01

SHA1
58480df1b209f300beff4770a5a56d2849823932

SHA256
0261eb63056b7357d35b0dd1a88a5dac93e7c82598c6aa94ed0f5f05a9ccadcc

SHA512
6511898d0230bf2ca4405b7c249501542812c61c6c75fcf7dd6d07cf75d7b60a53d609315143e351f0587de90f2487327d72db16af97f80dc138d69202873364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
76ff57ada7f3823d2c4ad85f8334f201

SHA1
5731cf7e6bd960e53b3d42b0da3e0daf74a321ca

SHA256
1fc22053755ca378682dabc3efad976603c0df918a5660f37592511d977bcb4a

SHA512
55d34ff889647fae634beeca8416d57cd596c36729ed51113a1c05b30f85938c81851267c43ab2a7373d93e43cd3ddecf34cc2df8d6626d12a0b4637397a5d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
59f78193190bba21c1f41f5c82c729a5

SHA1
10b73507cd1c4e1238c6aa61b3a4e7014eabebcb

SHA256
16b8d093953374197e48570f67118b9ad8e14d160a93b1395bc4ac10d378dc18

SHA512
0a8ebbdde49b7e6cd08772bd613b65e28c4594080bb91790d88f3f7251379a4e1e416e8561b2cb37d874f0c7024b5e8458d07f0d9243c9c999cb1de3d88ffd1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
362f0764fec2572ea81ecab6a04e0d37

SHA1
43858d77bf9ec4ff2fe21fec162c76ba22a59ea9

SHA256
37c7e40d30b7d6fa628b8183dd1f751e54ed878495101541acbf65f12ca67e28

SHA512
3ab32f8536662cbfccc0dac331ca7dfc749e98f14bcf025dd3cd8a1d9d9e19db7de373ca6487178ed05b911247f80b6c18e6dc76a053cd87857602920b3acc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fa6ac6975322828b76baf930c59881fa

SHA1
9621e8c187e3967e65af57b0be988dafb719d8e4

SHA256
902f5726c0e5a12c17550a0419f698d474036950cdf846201e2d69ca719dc016

SHA512
bb4378daf49bb112d7ae635ea10aad2b069bbb52a6b74f341b4fa6f57166b5de680343fe603a0ddd4c94b785ef8df48a366c4fa040ef1c3b96860bb1c273796f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ab40c8b4a08fbad6bb2e799482ddbf31

SHA1
4fa97241782f1604c5021e3734c5d4655d8daaa1

SHA256
93d4888988a8ba5f16035749f73d5014e1a5b0c47b29ae8e7c854ed3dbb3bb58

SHA512
d360f15315c51382a8faca910e32e32be6aa5a2d38f05209cbc0d07512450930c792438a99f6b23ad640d6bafca621a124d4a9e8394e98339f456e72c24100ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
afb583ddc9160526a475a2eecd5b2491

SHA1
bd616a8212860b06d3e0adaa195b39035da9af1b

SHA256
a5cbbdac97d10c2ddbf7a39f48458f96ce8db6f53d7455e60c17a77d1d6e9d26

SHA512
651a971f3889c0bbc08b1b1ad65f1e8488f334f5117bc3d9fd4d31794482536af8368d44f382c86f8338bfe4e6d73f2e9e2d0de6c4a511aae773b755fc63ff23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b5ab610d9db10ac51e08558bc1f4cf7f

SHA1
31eac47e9aa7f56d538c361b47d76243a43e22e4

SHA256
84f57d554f007dcf2ed8b5dfda8d02990c23a7d839af04ba5ac4f99a542b232c

SHA512
875868e707a0ea830b8e11e2697d63059ef235d2843edeb70c75a76bdf17abd7ebdb695a76ab11175c9219dd9c2a10058489973670d911bcddc182c5f7b8a8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bedf6.TMP

Filesize
203B

MD5
9083835b15dea62761fb847409a98fef

SHA1
dda69b6d0c072ed64d585fe877f71b16e561c292

SHA256
da5f0b3a4ea87166a6a9fd29e1804240188825c94ee05fadfadb40873933c73e

SHA512
6e381ad3e2a8ffa17faad375ca4d7dc1dc84c9061b6318d28285d5a61b4c89cea1952bc57a53b444af52261148205bab24d416a804704bc18f2a9b4ca3892c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2bd69878c6faed35df650ff604a2593d

SHA1
66ffb66b90ca35771c48039704793389fde022ce

SHA256
494bb0b4e9d5c9c09753e80fc62925ea2673cfab97429c7e75fea1f8c2f1cd1e

SHA512
a6c54ba2e1c0b0c557d37c215b0ba7c2d1c47ef81cfc92d1fdac0cbce1b33ecae947229c85f10f15c78f24c99b2933e16eb27ea31ef1c55b199ce59e6da5c453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
339ddafd1ec102bae3347ababe6f27e1

SHA1
1d1b1bdb411e0d79f3871b44d0f227e09acebdc4

SHA256
b60eaee982574d2cef725709e574dd29fd2f4d5cb56d8284ac5b69b1d586017a

SHA512
5d1edde1fd3b58d7f52146948f69d1ef19c6de7683dfc2cc6bffdb4ddd66ee5cbb99fff1f500ceb7546fec00e27341021cf9797ba7330ec5010804b046ba653b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f21eb6ae05f297237c4a2eab47d0f8f1

SHA1
9548a4cc65bbf898781ca30486267abb7faa1353

SHA256
2060abfc9abb0f795153e070a651c9eeb9e6a6419adb7dd4b5a2334cbce08b1e

SHA512
25b558dd99abbe79eec7be5605908fa49931eb8574e4966cb861dbc29be49c97fecac6b88b5d12d57762e979045d81f4c34ec86fd1c90224eca35c9dbb124d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
509f7810d5bd926c2ad5d72489a5bc44

SHA1
d208e7e5505a054570251a7088210fc2b87a60fc

SHA256
6c5933286c2ea5a36faa8585c4e6eae992b1a9262cec0a765178290145c777bf

SHA512
25efc2d93e606ecaf5b4ddc9912e112b6dcddfa5918fe80b9aab1bfb2ccd6c5e04a6ab7e7bd963fa62b951c401b7a29827fcb54e18b4dc988307ad985a35383e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bf14c077722fb033b15e77c4ce1e74bc

SHA1
8a00cabafa9010db89f897fcdf3dca08e25bbcd3

SHA256
7d201da65bc05a2e2ad751151dacb326cb9d60bc676c84b4bc07f5d4e706147b

SHA512
043519505753957b6150b70a30cf87fa9344c8261d265c305399c3113473a9d6da2c232ff01766b4d28adfbe3156d7d303421bb1889cdb18e5e527a8d517e400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
339880d6eb2db4e19348476352aa7963

SHA1
c1b379a2c9a53b7a5c4f86f5daa90dd645da0f12

SHA256
28331c0ea8b7de31bab3262a92313f9c8d0da2aaadda89940365008d0e47b5ba

SHA512
f48d7a5a767aa1a7fdbe9de9d287208ff7f58ce5404b7a84df3ce3eac81f8fffa1c698219c8901ff20057e881556d840780711428a3235da24d6925abce18118

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a73ea6e1db27acedbe4055c448f82ef7

SHA1
01769a266d26c4b4b374099606e86b8874ddd55f

SHA256
c3059c62596021e555ec7901361fcde75078ad931bcac6027539930bef8b77d9

SHA512
f9cfe99077e40ac3ff11ab39020d6e159ec06cf50f9b1d156858198d48851d29de8882a18609a17dd30ddea421c6c415683b8d7b14fa30a51ddd1cd76032deb4

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release.zip:Zone.Identifier

Filesize
544B

MD5
13d4c59443ffb63fbdfb484fc6e4cdc7

SHA1
62cd2628b2f305c6d43276f1f609e2e300053b53

SHA256
024f4d41784c11cdf8426d64331cf746fd18fd83e33bf1821c948a8750fef68d

SHA512
bc336756432e00a9a15edb921703e8ecf90625dbf464b8fe5b3b447c1494b4bf67f3ecdc4124afef9900255148f4d32ef71b0c9fa6dcbe05f844d26319e16c62

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
c57a3f5cc041ebcf49815316655c542b

SHA1
ee0c68ca50269392f3098c719496a26efa3d05b0

SHA256
6453b5fac6835da17521edfd2a933ebc8cf4728e8a812e3bcf97cafad235025e

SHA512
d4af792b917e7ed0d3f207405104e849b69cb5088a6e105aa5d3e04951351284a8f7740ac9ee4e503dc8bd396551d87505180cdfee60ac6786b456379cef68a4

Download Submit
memory/3184-1048-0x000001E938BF0000-0x000001E938BF1000-memory.dmp

Filesize
4KB

Download
memory/3184-1047-0x000001E938BF0000-0x000001E938BF1000-memory.dmp

Filesize
4KB

Download
memory/3184-1045-0x000001E938BF0000-0x000001E938BF1000-memory.dmp

Filesize
4KB

Download
memory/3184-1044-0x000001E938BF0000-0x000001E938BF1000-memory.dmp

Filesize
4KB

Download
memory/3184-1043-0x000001E938BF0000-0x000001E938BF1000-memory.dmp

Filesize
4KB

Download
memory/3184-1042-0x000001E938BF0000-0x000001E938BF1000-memory.dmp

Filesize
4KB

Download
memory/3184-1046-0x000001E938BF0000-0x000001E938BF1000-memory.dmp

Filesize
4KB

Download
memory/3184-1038-0x000001E938BF0000-0x000001E938BF1000-memory.dmp

Filesize
4KB

Download
memory/3184-1037-0x000001E938BF0000-0x000001E938BF1000-memory.dmp

Filesize
4KB

Download
memory/3184-1036-0x000001E938BF0000-0x000001E938BF1000-memory.dmp

Filesize
4KB

Download
memory/4500-99-0x0000000004F00000-0x0000000004F0A000-memory.dmp

Filesize
40KB

Download
memory/4500-598-0x00000000061C0000-0x00000000062E2000-memory.dmp

Filesize
1.1MB

Download
memory/4500-98-0x0000000004E50000-0x0000000004EE2000-memory.dmp

Filesize
584KB

Download
memory/4500-97-0x00000000054F0000-0x0000000005A96000-memory.dmp

Filesize
5.6MB

Download
memory/4500-96-0x00000000003B0000-0x00000000003B8000-memory.dmp

Filesize
32KB

Download
memory/4828-696-0x000001E7E7F10000-0x000001E7E7F28000-memory.dmp

Filesize
96KB

Download
memory/5496-656-0x00000287DF150000-0x00000287DF312000-memory.dmp

Filesize
1.8MB

Download
memory/5496-655-0x00000287C4A90000-0x00000287C4AA8000-memory.dmp

Filesize
96KB

Download
memory/5496-657-0x00000287DF950000-0x00000287DFE78000-memory.dmp

Filesize
5.2MB

Download