discordrat | hxxps://hastebin[.]com/share/verohuceke[.]bash

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-10-2024 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hastebin.com/share/verohuceke.bash

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5ODMxNzgwNDkzNTU3NzYxMA.GJVcoS.ODTcGkXwg5tKodMv9hwENVEzs-49PI5Lj8PP-Y
server_id
1297541013258244096

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 1 IoCs

pid	Process
5124	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
129	discord.com
136	discord.com
137	discord.com
148	discord.com
125	discord.com
126	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
2444	msedge.exe
2444	msedge.exe
3952	identity_helper.exe
3952	identity_helper.exe
5460	msedge.exe
5460	msedge.exe
4700	msedge.exe
4700	msedge.exe
6120	msedge.exe
6120	msedge.exe
6120	msedge.exe
6120	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5124	Client-built.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 3820	2444	msedge.exe	85
PID 2444 wrote to memory of 3820	2444	msedge.exe	85
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 1788	2444	msedge.exe	86
PID 2444 wrote to memory of 3372	2444	msedge.exe	87
PID 2444 wrote to memory of 3372	2444	msedge.exe	87
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88
PID 2444 wrote to memory of 2680	2444	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://hastebin.com/share/verohuceke.bash
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba9dc46f8,0x7ffba9dc4708,0x7ffba9dc4718
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7087946265955524519,5782085992774061996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5720

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3156

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:5908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba9dc46f8,0x7ffba9dc4708,0x7ffba9dc4718
    3⤵
    PID:5904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
47KB

MD5
44a0efdb62c8716a215a27af435fd27a

SHA1
d293b55224f753fe1eb368a8b7599d78709c3b87

SHA256
4e7f7517db2a941ef752966fefc24801b7c8a94d71bb5cc9c64dc8fb697dc0b6

SHA512
c039c14abf279adfe16d0c3621dc27a4713c447a5cced596fd8147bcbe5c5e60c444f30102797628954fb7cdff8de13448c190a95f5dd29713f409e7cea3fac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
27KB

MD5
7153c0e56f2bd0b9d61cbe3c697e3bf1

SHA1
59c1a4ba00584dd66c94113e7d38b8fec194da14

SHA256
ecf4f22780a8de18840ba98100130e64734d0406893841ac7361a3d73903a2ae

SHA512
33a20aa2217b42b59bda70bde70681fb75c0e615c651a799849b71afa276114e77e15087f97b2db231e2dc66cd842f367355fb268f74714de51ff15d2112a37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
726b8056da83ce07ad5a194f608af082

SHA1
7a390fd0239785c98c52d2243e27942746b8a05f

SHA256
6207f725409c51f78331f6df50390578d8cfc88ce1aec59610976106a3e7531d

SHA512
3271c35db421819a3f0641bd11997396598472e105bedc7f1b392e83e05faca90a8ac6ff7f2300942826fd82e4b719587f496322d745acfacfc548972b7793f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ac63a44138f80a5f40369bc8c1117bb9

SHA1
d2247dff6ab4e9736cec936fa7a40edb9e62f642

SHA256
1580f825002b8c3ed79a38821414db5f1acd4550741535f7276ededfcfff9fbd

SHA512
7635da3ae9399f933f307ab151f58b2feb6f79f9c1f4288564d93c5971b225b0be0d189d037227888c8df168279055c28f7d3ee4e67b6e933d9340739257d9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
f768a67bc63e614f14a7dadb339804f0

SHA1
a8f28ed9957eda05a5a14f54291f91f631f7dae9

SHA256
090007613d9e4944bc3efbd377440ce816fca3f2d7a4957649fc59177a116ab7

SHA512
1780a912a8552fbb4d79e9995fa75164b8d43d317fe18d8335e0ca2eaad595a8c21fe786caa795ccfc47009ad37c36523be2ca8bc5042fe0491e5f9119a92e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a5b9d3995615d5979dcb97183304003e

SHA1
3b525565295335622da442cf7cc4300445ee576f

SHA256
6e91fc6b3856fcba5d51325ec5d2ded83fdeaae22b8bd6b2d2aa611d5f792cd6

SHA512
76431d58b3a1b8e71b5505d6f95be7ff1a45bc7fc7a967858dded89e00415df2823b1ffb8bb86a412cc2771e78687e437d38b3a65924c666ad0d06f93f081953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eab18b0ed709c43f75d3886fc9fd2ead

SHA1
56c860e3b08581efceb287bb18a1dafb695381f8

SHA256
46b2db0656b0181c7f72c134b8cd31b02dda6d2f3fdef8b7941fa92b8c879f47

SHA512
14612a1083e00e91c54c78aaeb1c51a8f6051bce1a88103b3f19a853ad9912c60f742a720a22e2ec34eb810219aaedb083766a7753bf6345c1dafd81c6cb8c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
714a817f1d957215b5235d62e233e2f0

SHA1
a56bb68013eee5a3094a013fc5b3f74274613fe1

SHA256
50ee60b84af57428e531122d94d9256c21a6fd840f06d382c803d61151528489

SHA512
23bbb8aa50be9f59983dfe6514f8497ef569df7687173c455e2072247f21d33719df6123b479761cb65be29262b1702e887a91c0fa2171454b6d90b4531aff82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f162596a67732837a73e969452c824ab

SHA1
079d00881aea33bfbc4077ca2860cd10abebba31

SHA256
f529f38bbbdd43b1c2e405397e41ec2e0db963b081fd88087ca0816a3bb45fc8

SHA512
a0c25849ff3e4df57ae57d1fee67a7e504818f1cb0335762bbaa73ddd535dea85876febad1b04382d51dd0eb9f4b2a46899358b2fa15e9496d993c9f035d474d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e645e6cb8e4189444e52a2f3bb92daf7

SHA1
b52734ec5e6ee7fc9befe773f35b19c20193b616

SHA256
9c598caa4c906f8007ab03f6e4a55f692d99a5c944d76db4ef05206e27b153a0

SHA512
97e0a72b5331b201dea4fa61c66e74a657047092ca61f91d8079422a714498a6a96db1a777cb06249019fbec22f3d7fcf27343291b0c899bc42eadd9470f4d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
335b87307282d32af175b4ac7b46718e

SHA1
8369712d41b6a165e47c635d568d830d62e9d2c6

SHA256
02acaf0cdff2bcc0854db66d02d76235c40a59fb0c4c803c58eb6dd1e477d99b

SHA512
9adc3a638c2e42a052a585d326d8120ec45c2b8d28c393a47b28863f65001b832d29469dcbd884d2685a754c93330ad34bc1e0f6c1eef094ff16985aa7ab1b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e61aea15b2fb29dc7258c0db22f8639d

SHA1
b05a18a07e7d19bbffec9d7ed954e43177b5b24b

SHA256
0d620af1f94041bb6c953ac7fee565daf08534d94dfe441b0a08550b8ccad829

SHA512
2d66767b1767105eed3d5ed6b7e14a7a9f0b9a8c9810d0fc2f316f62d5555d79478b786967e88d2c5c82151eeb098ba04ad5241103c02b22f513daeac84c3259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
dd68e3a722719c94043b767d9a6a8eca

SHA1
688122d9ea3993b6ea57a9318070dc55a9764151

SHA256
60b99a916a34346fc65ff9926d448641cc098b0cad7f3b7608b0bedaeefd7284

SHA512
ce51c57a186786725a570f2be3ae522b645e52cc6ae43af4220281eace58507c01ea2ef186c004d707a6831f9982a10d648449e4f8990831854a8a471645e67c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ea055724499e8444ec2ddaee19d1aa98

SHA1
d68b5507c38c598c2ca57210fdbde7b13bcd55c9

SHA256
2aaa733cf71625c45f356accdbc8153e0a2b902b998e6005b306cbfd5840db31

SHA512
c904d9368b2c7714e81179d360f9d50e078e16e90edae4bc1ef8ad531ded75dc09e21d3c8d42a5efbaf54f8db79e53152db4bc917b48e818abe881fc6cebf3f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fcde.TMP

Filesize
48B

MD5
bd0933224064b7bc3d9aea843b20d2ed

SHA1
1afd7fed7436d41861869d9513eda9360e99ecc4

SHA256
4fbee9748b3980400c797898e0a16889d5f675a330a4278ca2424cbc27ae9f21

SHA512
db7a61f3f90dacd4d7d76f8d5c80a6fb874c44ae1162d83e5089d8f73197dfa1a8ddc008eecb57a9a41e59861ad603d3c2f1659e02b7abb0ac8cb458d1f1acc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13c2ec0164ff79acb5fd53fb7a0e4e54

SHA1
38ff5fac97bf3176b95b629930ad07131d165be2

SHA256
fdfb9e56bfbd3375072049196ce193f760039570d2b4dde07fb83d5ada848c40

SHA512
74f788fc7416025ec46cc9b2d3a156d3ea51f5a68624aac21be857d36038fddf80ec9fcc5e0b54c2fd46e27ddaa2f8e311b402243354b6a905d9ae4ff7a5d739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92267bce7c660a21074195d2ffe183ff

SHA1
f1b15bbca7674db025613e9ad5fda3654e87f13c

SHA256
d42b184ec2d623087fe068b4db2ea4e4618c78f3ef5e52bcab109d2f71b58c18

SHA512
ca749f783654746c410863b1ea8efffe85fbd8b5dffcdec1244d46e025ed1018a0692361035692b454d3241db6338bfb2decadc42d5dae15b52b98fda7b979cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22a0fe279c184857c068c9e4c173ba77

SHA1
a7ccf0972d601eef577592035b8c5ba00fb04406

SHA256
9796a90627a139d1609135fae6e140518af0d4c652eeb4a254fad8a4b9046de5

SHA512
b32773348d04e788a2a58b39e803c1f00d3830dd98cacba89bac920483d02588c0aa531428eb604df9b8f9b64ef2d361bc7da13c2e3eaa7fa8f4a7c39f61e8a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6b2ee775d1f410b3f2c5389037e02795

SHA1
d99c262d6ab3605739dd68e1d8764fbee0fa7316

SHA256
09cd624e5a0867326b5269f8b9a7e20f1157a17eb9cd90611ba56e2267f291d7

SHA512
55459ff5472c2b223c2f8dad215ccffbb1bd1b6208f2b02b7979c9774486b64acf56eb36dce5c34828d95e5072b432d6c032ed2632f4f9d129eae7ec466d47d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584419.TMP

Filesize
530B

MD5
1499e5d2fe97174919136eea4712742d

SHA1
6ea67fd08e8f48499e096e459f711d33137d47b4

SHA256
64834c3e1f74895f28522e9dbe71eae5e2ccf7cf6328e6f5fdbb5c365d8f219c

SHA512
7c1517f4e295bc60e13ce3ea4b6edf649e728bb90d9ff8d44240b0a5d9373f4aa1d1cb3358f0fdc6fc431ed5089fa15a5cabe8eddce681cd2c0373e0a7dc8d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eba77e7a716a4dbc4bd9355483eaedd2

SHA1
af86bb359ea0b9fd1d3d2b6b3d53a80a73301ab3

SHA256
cad118dc1bfbf7ae7dcf3be86a157201eb6b08ab9b9cfc084260d4766faf7093

SHA512
92e1cbb3f5b2229933637a11c6896abc48a2cea0775e1cb604832645d871dba661fd1674b24514cfbf1fcb5f9b94ae2447e8a10d1ab1d49daf76a4688f4206ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c54ac55c4de6d69fa1f87d3cfe1d5e26

SHA1
a5cca057fcac1837a9d32ddc7667575505a04ff7

SHA256
eb184fcb518c1b3bc60098e2a0180a94e77dfab2c9240df1b8561d0c3d61cdf8

SHA512
8031162efe457bf71acda8ca4a6d0aa02215d0a8d769c358240d08336d0436feeaa18508a2f22f40b2278a8150b394994e27ce83f6ab856c6f6afe72eb388888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a17ca7a24f08c49af90f97ab0485653e

SHA1
7205e419343bde8fd33287e6e46f2a3f64fbd06b

SHA256
f72da64eac5455190454a8c3714612048433065f02948cad9ffd2e2cf33ebd58

SHA512
cbdd7b5eab8dd96c4e9bb147fb274c3227b21b3e28484e1433ad8c2426d7747b8bd3e5e9583adcc3ee28a5b931edd2a27aea151ae870fedc8bd25a835950c9a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cb1e8f5d10c2410c84c3b0b958f74fbd

SHA1
563cb200115f49141bd4549d99cf9e7e8c1c6be1

SHA256
6541ef250b6999f8011d9820ddb7e05bda75acc691b0e26e93ec5a0a0aca89f1

SHA512
43dff02999e123d2dc6e9b2838392bb00e0443a3a052944191c374fd3bd26d4f337bd36e8472352f8c2a99a47f3644d0fb16ccfb5f846b91f7dafa464355d027

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 863934.crdownload

Filesize
12.1MB

MD5
017e28cd77905a0bd918d7e725632a2a

SHA1
d709e343f64d93ab00c6fc0aa4ae6ab22aec9f73

SHA256
c8de0e92e603214114f8800dd99ecf8cb69ac85caf8010a99ba3f66afe70fcbf

SHA512
0ae6f1dea994d879043b0ef63049cdbd68dd7671b1df53f3688e91a7027dde8de6d193bafeb12f4c6b7f97909d116f06811a29d13c56ada2c774e78dcc5f1a16

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
9e8b122b0dba9103c6968cd2f0286949

SHA1
2b1fb6ce012064b67a008e00d37b067ad6c0bbd7

SHA256
8a576f7cd107f746d5268da35ed8d4baf4d8f32292940e957ad0174956b358fa

SHA512
60a60310a02d2756f3dbfce60df3c4c5055808e1558bfa6895423f749f3bb2fde9febb4eb568ffd5f6a2c1b8eeed3a645c4ffdaa07e8da4cbde77fbf86d4cb9a

Download Submit
memory/3156-642-0x0000000006BC0000-0x0000000006CE2000-memory.dmp

Filesize
1.1MB

Download
memory/3156-590-0x00000000057B0000-0x00000000057BA000-memory.dmp

Filesize
40KB

Download
memory/3156-589-0x0000000005830000-0x00000000058C2000-memory.dmp

Filesize
584KB

Download
memory/3156-588-0x0000000005DE0000-0x0000000006384000-memory.dmp

Filesize
5.6MB

Download
memory/3156-587-0x0000000000DC0000-0x0000000000DC8000-memory.dmp

Filesize
32KB

Download
memory/5124-656-0x0000029E37A70000-0x0000029E37C32000-memory.dmp

Filesize
1.8MB

Download
memory/5124-657-0x0000029E382B0000-0x0000029E387D8000-memory.dmp

Filesize
5.2MB

Download
memory/5124-655-0x0000029E1D510000-0x0000029E1D528000-memory.dmp

Filesize
96KB

Download