discordrat | hxxp://google[.]com

Analysis

max time kernel
120s
max time network
124s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-10-2024 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 1 IoCs

pid	Process
3884	Client-built.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
4632	msedge.exe
4632	msedge.exe
424	identity_helper.exe
424	identity_helper.exe
5112	msedge.exe
5112	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2988	Discord rat.exe
Token: SeDebugPrivilege	3884	Client-built.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 1552	4632	msedge.exe	77
PID 4632 wrote to memory of 1552	4632	msedge.exe	77
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 2416	4632	msedge.exe	78
PID 4632 wrote to memory of 428	4632	msedge.exe	79
PID 4632 wrote to memory of 428	4632	msedge.exe	79
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80
PID 4632 wrote to memory of 2720	4632	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8d7083cb8,0x7ff8d7083cc8,0x7ff8d7083cd8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1708,16640051885067353387,14024507949927238837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:772

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2988

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1480

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
037f3d3f5283b7bf899db0d5b9bcead9

SHA1
8e1e109481790471964d81f5d11b1158ade814b2

SHA256
3ea29079c904d6f78323a28c00f24ec53cbcc5773032ed8299230d4508d6da17

SHA512
6cf7180f9733dd4feeb664e58410383d16255465d6710bfdc15fbe84e13464e9cc4c79b2de8f2c1f91fbed8773a8dd5c2d636dd7d73f6adbb89b77a3839085e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f7261fa019ca99e9aa684064ae9d5543

SHA1
14e63239d2731321ce29187a82fb8fd9f63cdf72

SHA256
4bc4552b1c4a2ab0097489ae35a26fb80b1155ac41b1de2404e959b2382d9ec5

SHA512
b1b25c5a4042e2f3cf3e76dc10832221f3668ce9e0728dbb8314b56bd7bce8b5eb5b02c80c2efbb662d76613746701846e2f9c5fc71bde73d628938b9c2d1c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8ef33ec500aafee640d102e464bc4f6d

SHA1
a2eb4158ef0d2601dbca70d3da7ac168a8859587

SHA256
97cbf71008d712fb955834ebd41bddf192737158f206190ac22f3c22bad575a8

SHA512
958341fcdde30b9464f0246e5f3143fa96aabce432a176700ecb84f5b416f2f642fad22b689eb0cbca03a27381b5bf0337605ea8c991209eef65364958201010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aa700f40c6b4bf5c922abc1dfab59735

SHA1
dd9affbad02ddc5fb4b562c927ce21c0046006d3

SHA256
b7342b81ac17df8c4c63840b7c95bfcf97d33432a882f550289ce70803aea4aa

SHA512
1d8f29ab09816ae0bdf50d011e8be68b90874e48a99eaadf9e05cb9ce56a4c197eaec92f10412c25ff3bb7d49624ff53aa85428eadfa9cf51b3044ab7f7b35b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f55c935dbe2d31e11d2beddcb1732b8

SHA1
6c3b44c2ece5a5ec4986674c329221fedefd61c9

SHA256
067b8a1b8eef6eab6c98dadc2dfa4f830cb893fae2d9a6726f90ad02d14e0f6c

SHA512
361a44dd070a536df27d7400eee9a01a9602396154eceabffe60733a81eef1f5b56acf016f044051de24a5f62f453ff3ab01504195f77b785fb8d6a8c4feaa1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab4441938fd63f7aac69b22a73b2a404

SHA1
0a5a1baa514212999bbcd371188420e92009aa6c

SHA256
a305f49589936bdcb81d694d5632a00eb57de6041c1139b2a84876fd1d099c9e

SHA512
f1adc2cf2b8010c50d5477c122166589b0ea9ec631644e4e36a648b46874be4c0f0bcd05b363697246666dfa24fbcdc5466d6ab14684296657e48348c0a0a745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
550cc7c5ae94298ea03011ec62fceeaf

SHA1
18747fb2451aa9f379beac60c96c2c7b4453e36c

SHA256
d4bb06a4a163a138f7efc9591729a9a3ce43a343f9d9cfb78b5cea79aab767b2

SHA512
99dab871df7af792a6237cb15fabbabaf3605ca23bbb778af811617fba0c41e9b8b9f1c2f7bb5c0358d2c27bfe0f4806b0c9dcbbf338e88c3c7f4aae73b59500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68635b75cc149481f44b328f6b8d7352

SHA1
537187aa12a18ba6d36851ded8220db7776413a4

SHA256
bc474d10554619137fc6d689231359e5a09c32bed91e4eb70c4b4389cb858a21

SHA512
9905b5cf8cb41d45b71d914be1f660ced6d7e1dd6adf01abdaad82e0ad9700a30b11661ea8bdef78ff9b3097ca8e8aae9ea910ff847f5738f2c73dd79fee81e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
96637fafadcb35d8d7614c1c994867b2

SHA1
017f3292c94852c3365d1e06da6d5dbd1e46f142

SHA256
f6ed8d71f85d4bcfe585bb5f7c5b29c28854c6dce9fc3498add5225cba22470d

SHA512
81de3ac538eab3fe3ecc00092112071e6b41e1feec82c0d50477ee0888ea641ce676619ee54269344224d0813b197a02f67b989b4e86b0bfcfd59364cb73ceea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
83B

MD5
4b7eb9e61dde77c58c1f5e3dce54390f

SHA1
181110263cef90a4734372dd0d80cc8347647089

SHA256
e559b3222dacad734b650ac83f456ab6cf5e6f81f4c80a84e38c317ce1724705

SHA512
76304c324a14be7b2625cf0348310ed82f39a635d2a818d89aa3b64faf08ae03f8f1769d4005c825fcbabcb472f27d4700d7cd4e2fb29f41110e326630525cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
e25b5e0fb62798bd697811cfcec05bf6

SHA1
080254ff77ac65500a3654487263bb0b3fb1011d

SHA256
aa5bd7e46953df01e12379d9b9ba4ee40e81c76f8c296ca8e34aff5e34a8fa30

SHA512
1cc48ad294c73b4659e5ad084d1aea1687f3558ba94342a32a2af0f652e66b6885aa201ade3493809a329e645e180e3f5d9ebfa5c5a36c5c9be10f524cca8819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3847918a302eaf208ad62740c0522eb

SHA1
6978cf12d8f219c87f0c67f92fd192585741b6df

SHA256
8f4fd89dacb31486a5b9013446d4895bdcc88f6db3c07d27cd3f137c39eb60f4

SHA512
1965da1a42139615fc5869080934e45631dae928df75dfcb9350172c92eff05eabe0650d740d806adf31d8ef9fa40371b187e13d0b8245e8a5809f7f2d9b6f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ddd328ae55fee40aa9230db4db0fde4c

SHA1
62852dadcf9ef9363e480df0db0132d3a0dda1ff

SHA256
6631d9ac51c2f8e8c372760d28f55602c5757a6244eba194195fbab1a2bd3095

SHA512
864a22622ac0eaa8455c7f4b4b253d00607ec8e55e61b1302a7c3e51934f4587cf3416151092cffb8fced48772afa2277319e2c91e45ee96c8d69408e1d882fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c44a.TMP

Filesize
204B

MD5
514fe1f469ba32d213be5c305ccac4a9

SHA1
a9b3abc87a8bb5ddc6240e313969e4dd269273df

SHA256
3962c933b063e420b35525a7758601920130ac4b081942d7ce99cced3b98fd6a

SHA512
29cc51d7e58e61cd6b939b5cb772fc067ab698757f13ae7ef5e7a7f9b34c9afec8b785b5e9fb5774f3d8743363ac2bd01e08236854c907e2bd2af31814785873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
69bbfa6a490135b558f21ed0a7e288a4

SHA1
fffec60418326b3697c36f39c25c5f626148f33e

SHA256
824f5d123d5e1cf894a050dcafb24f731311fbbb000dd07d36f670121364c4e4

SHA512
885690ccfb3693338e6b79cb2d81ab51e8d26090bb6e0dba33b4204176a4c109c3475ea08759658a612d60c516168926656569919f8fcd887fb9deddf69897a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ddeb7388f068f4473ed5cb9e97896aaf

SHA1
2bbf679411ef3116814a12175eac7b826cbffcff

SHA256
dcd9c28b8a4b7e8a108af864a06d32fa6197622021b4a88c35e3d525e19c02fc

SHA512
9b768c51098fe0fdcebb8c5b501608b2eec5d408c32d84dd17587839110b7424818e882008326862266a7da2e2d3561f1a25ea27389d080ecbfe5d01fe3253d9

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release.zip:Zone.Identifier

Filesize
617B

MD5
dc24b7c3b86d9d89508d43a8f2cbe044

SHA1
e887374778679d3fc354a044a73f36daa2cc5e0c

SHA256
9965fcc75f066b53f29f98e721c169f2aacbee27dcbd929fe2cc62a1c67c62a8

SHA512
1390d824c97b73bfe2d2b99955f0f031ea130e0acaae1929cd1c89fee7c96b0067ece0380ceb1131741bc21c0dc95571e278cfe514978b39ab85c4d1f04dbe99

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
07dbf3b8d98e6806c29e55dc453597a3

SHA1
a3a7f011368903d0431788d4c188f85a66ff910e

SHA256
cbecd4b0bd981c550a70212c2a33c25bc5daa90f011ec683c4bc328019fb51af

SHA512
12afc8066c506a25ec76b5553ee2a4f1cb3e0654f2f1cf420cffa490f10f755891db76810b95175ffa5f0053cff5683d66372181c8d9fa86fb1a27b5210627f8

Download Submit
memory/1480-541-0x0000000000CF0000-0x0000000000CF8000-memory.dmp

Filesize
32KB

Download
memory/1480-542-0x0000000005DF0000-0x0000000006396000-memory.dmp

Filesize
5.6MB

Download
memory/1480-543-0x0000000005790000-0x0000000005822000-memory.dmp

Filesize
584KB

Download
memory/1480-544-0x0000000005950000-0x000000000595A000-memory.dmp

Filesize
40KB

Download
memory/1480-545-0x00000000082F0000-0x0000000008412000-memory.dmp

Filesize
1.1MB

Download
memory/2988-539-0x00000226B3580000-0x00000226B3742000-memory.dmp

Filesize
1.8MB

Download
memory/2988-540-0x00000226B4900000-0x00000226B4E28000-memory.dmp

Filesize
5.2MB

Download
memory/2988-538-0x0000022698D90000-0x0000022698DA8000-memory.dmp

Filesize
96KB

Download
memory/3884-550-0x000001D5F39E0000-0x000001D5F39F8000-memory.dmp

Filesize
96KB

Download