discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0/releases/download/2[.]0/release[.]zip

Analysis

max time kernel
858s
max time network
862s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

Score

10^/10

discordrat discovery persistence phishing rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMzYyOTcxODI1OTY5OTg2Mg.GvSuWQ.nyFJ9vVAZzI77fZN0xsHAESXsWlc-_VhOTFzxQ
server_id
1313629227496640575

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
A potential corporate email address has been identified in the URL: currency-file@1
phishing

Executes dropped EXE 3 IoCs

Processes:

Client-built.exeClient-built.exeClient-built.exe

pid	Process
1968	Client-built.exe
4256	Client-built.exe
2216	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

Processes:

flow	ioc
71	discord.com
72	discord.com
151	pastebin.com
154	pastebin.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

builder.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{BF7CE02C-E24C-4BC2-B8F5-1A8FD9AFA87A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	Process
4824	msedge.exe
4824	msedge.exe
4496	msedge.exe
4496	msedge.exe
1876	identity_helper.exe
1876	identity_helper.exe
2700	msedge.exe
2700	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

Processes:

msedge.exe

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

AUDIODG.EXEClient-built.exeClient-built.exeDiscord rat.exeClient-built.exe

description	pid	Process
Token: 33	4116	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4116	AUDIODG.EXE
Token: SeDebugPrivilege	1968	Client-built.exe
Token: SeDebugPrivilege	4256	Client-built.exe
Token: SeDebugPrivilege	3752	Discord rat.exe
Token: SeDebugPrivilege	2216	Client-built.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

msedge.exe

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

msedge.exe

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 4496 wrote to memory of 1464	4496	msedge.exe	83
PID 4496 wrote to memory of 1464	4496	msedge.exe	83
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 2912	4496	msedge.exe	84
PID 4496 wrote to memory of 4824	4496	msedge.exe	85
PID 4496 wrote to memory of 4824	4496	msedge.exe	85
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86
PID 4496 wrote to memory of 2264	4496	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce47c46f8,0x7ffce47c4708,0x7ffce47c4718
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3908 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15138272169352401808,12891156982582280700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:4216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2040

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x39c 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4116

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1968

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4256

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3752

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8098db75-8f4b-4386-8ff9-34cdcb9ddb45.tmp

Filesize
6KB

MD5
869fa3b2a26718c36bb7fe13e5625d3c

SHA1
74ca12e47a9cfc820b8b6a319a9aa5e7e88f9b36

SHA256
5db06f54aba469e4d6f2fc1422fae424584e6d2fe34d357775cd881e095edf8d

SHA512
5a945ade49beabdead46bd5b996deb5982a90ebb021dbbb64db4f2d01efb85ac784dec339a94dcd2cf6a70cc9db6fe2e6c0b709596008487be1d1aa437819d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
411KB

MD5
cbefe659fbcc19e54f74abd01f689c33

SHA1
7274f471bb245df732229c104e3c68a70e2112a5

SHA256
4ea8fe4c2c41c155b6bdda25d89cbdb3ee1ab9bbabcade324bfcad351d6db476

SHA512
ca4ef01b67cf559cb7155c17cf57c59b0ac80c74c46dc5d835efe62c4f9f6206187b96abc57d15bc68b67c8659078dd14a526d09b561faf91c1b40fe7c52b29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
31KB

MD5
1e71a8430a7c17d68c0ed324bdd08cff

SHA1
4225805ad18f854fc2f81cca8944a749720f81e0

SHA256
3ec795451212352394064e380eac15e204a602ac6783f9e43c01f6820d07b7d7

SHA512
7d6cdd26b28688e656f3fde090dba17be5ca0da9c004af45f023c334d26a2f567fb8e1105fe07d2a82b31716bca1a8aa8b3dec4f0a75fcaccf292245d1132d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
43KB

MD5
523d0cad9adff9bfc8ed486bc5cc4d3f

SHA1
55612c9637feb198d0ac41361257b899ab2c92fe

SHA256
7b56e4d1156c130def1c15e49ed47ed2bc2f6a2853964b8f8b9ac200d8bc1689

SHA512
8441894f5e39f6b515e98adb4670044e764a00a7d8a1acdc73e2fb79cdd6022821c3c3c6e5a640d3366d749b7fb78db9de8e0cf3b94c8a4d7da395124b3c309c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
a073983e44a8e227f7affd4f53fecd60

SHA1
0faa664fa6d01739dfb5926d29a0c1105637aec9

SHA256
123c9b01530e0ef6afa769c38be5168c762884293935e402ffa8d4d98232e9f7

SHA512
ec7627a63f6a92a0279ac733900890a2442e269f5ea97f6d649a52e02049a88efac6a7868346b3535f2915169db39a80d186fce3e1e4f0728f8a5c7a5b2f3338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
47KB

MD5
2b5a35fbd77d40bce698500285e9b2a5

SHA1
d3e59cad582008c83d2850dcc57aa36b5345d16c

SHA256
8fdc4368a527330d4276cd2487da547361ba880790935f2f9602428b7cc3fdb1

SHA512
9972cde48f136140b77690a01a5c112116eb60f8b8f4c46a69529f79aef9af3dc158f9c6d6bfb5a0cb754d9958d1741784e100f29cb3c7cfd336da6829edaa89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
99KB

MD5
0510e82d1f9965f64427bb0689a29d61

SHA1
060c9223884782b53bf148062e43c27c9479afac

SHA256
d57f2ea7dd4e4229b743cfdc56ca1188ea120ffb6d294b27316d2e3b72f0fbb6

SHA512
3fcb44754f14679d83388c7768de813b8331f1be3b8fc4e5dfa7e1c268f1b2a8d3e231f9a892f3983485a85b9ae65ba4a381c18b7a3a486e7b50afb9392d87d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
438KB

MD5
b3130eb519bde40798966419577520e1

SHA1
6fed9fbdad6e0be0f0058625935ee38893159dcd

SHA256
9627b944b9336d4b2c1d04de710d4867d7e3da6761bb49af6d84dce9e085c918

SHA512
6d66b857c8d50fc5316c1d3be263e8330d1a5f254eba3ae77c01a6671aba87152d9dbc76a43f016c3aaf9aeeab032454b42b47d8ffe33da2adde5bfeace8c7e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
60KB

MD5
a28c8480d12504c38c859d336e7cf014

SHA1
807f64c954ea757a9347023a4e9762497dd1d4af

SHA256
7a6eba1c4285264b151cbc733d36c7633bdc45da1e00e5ae28c8d1a31b16dc7a

SHA512
7dbeecf6e4a6d7fc988430bbc7f660b8a9f8e1c92eabc0ee8b4eff70ef7916ffeb0666add69cfcc9b1353b7429ef482727ef375ebb753e85848b8da22b478141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
27KB

MD5
f9f5c08532746eb8dbb651c04f4377bf

SHA1
0ed6b5e1348becd4ca048e482ed6dc6583ecfcb6

SHA256
6c0fd820c15009c6fcc97301ccd217d783e43a8e5425b6d91f43fce3b95f3bcf

SHA512
43b78872700d9287bc6efc4d339fbfe022659cd8af69d4c40ab529ce5114fa3882e44d28d60e24bb8080c4d99cf110b9819ecfa758e2986aeff0fa4562f3a62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
34KB

MD5
cd28431242d66b4fc00615b887ac5805

SHA1
4c03d0ce1ddbd9e7e43be1a56149d0dbd0437ffc

SHA256
8eefb6c2900b6184c43c6844c1abcb416131953406d7e3077676b7c8a86009d6

SHA512
f59f4771144e39902a5af5aaad84865e2c946d1fe7d617190775ef136e8b9045ea1bc8754c78597e1809b75f74b6e7dd0f886299825aa80644bc6b7c7ffa3e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
90dd5f7149302ded4298be84d3b0bb4d

SHA1
9cc81e32fd4425ce8edc59b1a5dbfcc25341c7d0

SHA256
3d1ca8d6c8fe878b670a666cc19eaf48b683082ccbbef753859bca858d90bde1

SHA512
4da19490fb1a85f354229b2877d4fa375d50622ac4f722af9df577e2ad88e46e108b05c60749caf7c67c3196483e31474408621828cac096de36dc3b3d48c068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9fe73a50ffdd39e9e19b513d4c9bee07

SHA1
3effef22673e11e6d7bcf54d961d1a4d353d0e22

SHA256
21842ad2890e1b31c5ba2dabf2c63754ea473a8bde2542cd3e26b8e064276741

SHA512
239656e158f6a8cb625ccc3510deda26f4be35e995d222516785ef4f80e920ab04581fe1d7ea878db4f2f3533da94db590eeba30fb8feaf5c98012890c00724d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4da6994acd94c1a346652f6757821b90

SHA1
07188acaea14971aaba72ff57457fc2039f96214

SHA256
7ae5ac6543f5f50d24bd0ee45b206ffdff8b22aa7ff054ead26c757bab4a60d5

SHA512
c3f5f5040c8eb8de8483603a1f63545ad5e687981b61ac40cb33aa874f736d30a4ec9c50a76548b95b79be46bcad28aa68a552a1b51ab95016d381a4d0dd8965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
03693423c7b50d4dd9e6537ff8c19fb8

SHA1
8f62d12be0b4352d7111935782c6598557c2e779

SHA256
41dc622437ec53cd55769537e6188d65c58c763a3d453b182c716aef413d4826

SHA512
6b376e9ad8435507cacc1dff7459a2f5f3c629cecedb9756e21d3d1af0ca2e5f874bfee9de7752e4977997257d1b744418d82841efea4f130ff9e8eddee7f2ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
99aad2078041673b8314ded366d566a8

SHA1
99350c513ffed95dabb4aa020a854ce83ebc6fc1

SHA256
9d1ee5e39fa0afb290d67ad5bf775235ac8369fe802f7eb25ec80811b9d39b84

SHA512
5d281096f21d4c75254d03c554a63844e21e35df8665c38f945307a48c162080cb3133ec5f09df0a7dcb2d42fb6f1f4b6b389469759bb97bd5adbb87345b2afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f0a99b9db278aa75fb59417892cade3a

SHA1
2042d09e66a7911b474d6ec985b6c8706d5d4b60

SHA256
3814a6795624dcdf8bcf0cf9ea7d9905a1c69d3b396e7cdd1fb69483f353124c

SHA512
061824c4ffa7e480550e8908a5522aa07fc1c2aab032e5db7621f6272253c77bceaed2804a5ac1f3475f3ffebf154b62b2bb8d6c17d084c5091c14c848a21ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f60f067ea41c6b76805097cf4cc24bee

SHA1
64cb050a63f60f6ae7299fc5a0cff70fa2351788

SHA256
60ec118af2f426ab97d7a3e753ffb69c2ec0795aa5b3fe0dc15e297dacf76abf

SHA512
212207a2638f177e9fc7b8936ec54cbd7fb588d6b8362e869858366650aa0010a0418627deb3de8db44b30fffd4694d0962dc42749e8bbeea567112209f204f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
028cb58219625fd028b83284532f2a14

SHA1
250d0808c8f49b4be14ee7a4b94ca7dfd7f6d3e8

SHA256
d4eed47edc7bc8f25d89fa647dfe416f276b217a417bf0e7b3dff4eed7998cbe

SHA512
23a1dda24f85e431bc5cb07b3150967a7b4901e5cbc50f564695289a933ac3145a14dc03838ccd08f12346c008b46ec6ec9e8a2fb94e4c218f62a871bc1e47c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
853b0b5aab3fb25a8190e15a4d105832

SHA1
60bbf609bc658cefc8cdeb3259ff4b484e6764fd

SHA256
eb1c5950d7964a018d24b9b23b4455cdc848e1a4ebec9518301f0d760aeb4b02

SHA512
b4608c127a303b53f5511dba06207526fd51632f093149091f5e1e604c48c6f6caacee59ec418a46c37884bd2ca234d9c39d5f7ee5327be1d72766abc750ce3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
38293158264e5886b865a705b94cdeb9

SHA1
491476ca160bb2a5719078261816d794b96c6031

SHA256
46178adfd4f3169f3d8cd9444594e0307554231c9774efdb6773dfbd1e12d119

SHA512
3d1a2293458485aa2ad43aba42d5bceba12e4de8000ea821e8ec54c67b50acad92beb47716898100b67d8f0c3a9fe7b12acc9b86413ddf47a2a557fe1997cbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
452712d020f54fb5338ef55bb20f7f8d

SHA1
ad79177499d15d013ef8649ab1189cd5ecd62943

SHA256
ae2911823118c62e01020a952849908f858e0f829c60c6ad7232e746d4b9e2cc

SHA512
7f83798c50e60d0e142f27ecd1cc5c46bc60965fcb2ad0d5ec5c2e5190c7853518fa7c87a4468773900c3150eabaef2c5c03c4fc3b19948a8afd3208893c7879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
88a517e8bf355f9145fcb802c83a0bec

SHA1
226a88c49d8093387ce616e0b186f658dd3abd34

SHA256
813d4e1491b31a93812c4d44cf57c067c4b369c9f92df12097e8320975260d3e

SHA512
c9286d926cb393b745c336756bcc69bb5788e85816987de53cc6fcad594cfb36ebdd74ed132268168338ce1f6852fa74123c463b0b20403553c020af5854149d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eba11d829d6f66dd070eeb87b7089c3e

SHA1
31c0fa207a5e8109d3ba550e5407732f419b82b6

SHA256
d614ae68845f79016e3cdbc5e95153eff9cfcf411071bc50bf9352b552865048

SHA512
e001c6367a207e46fed866fdd1bbdbbe8ff2f5bc1313c75bcfc082d7881468803812a24359309e60f2d932b5cc29939cda8a468bb29be035a2f410c43efb9625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
c63dfaa05036d79729ad0b2bd1436cb4

SHA1
122c411d9e24b2986cb244c9b05156856c2fc839

SHA256
5b4b6570b936e571f304326ebe53e3b1e3ac6bbcd1886203ed42fd2aff018687

SHA512
aaa0d298fb2eef6fc78bdcad4238dc90b5e8dd385f17407319a53cc37a00cedba6b085d9c2a6ae2ea881651d3d92a551e1daef135db5309b7cae5901ca702fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c83a574cc8091583dfa50b6d5a3e12fe

SHA1
d7eae8d179e51c3a907cf9c46831bbbbf949c4cd

SHA256
735eed8e88bf5f2367d917afa75ca4befe4636972341f55cb311650d6e7f4eb9

SHA512
e55a7a97293eef1da2108b1859ed5203806d3be902ddb4f86186af696d2ad106224403ea5ac879ae4986e808fccc2dc005f3e34ab9bb9dadbcf6e72c8e311ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
79be16b2dd2f8d56fc7b3ecb706c905e

SHA1
e7561431a93c93fb607e8ead1ce17d3cd9a50c9d

SHA256
f2f50271172ec5dc756f5cc10ee0b835dd73b692176df812fc63e4ecf00e1444

SHA512
b0be8a9650cdd14934c821d69a835329e5015daa19a8be18a0836c46143d39d330095b8c9affa346839eea61de436d98298602a2269fb45a631fea4331ddab70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94b4dc1a02397456a72781e182178ef6

SHA1
0ef964189fd92a2946e2208df77d7642ea69690a

SHA256
af78f8d84d8b357e287688044c30ca1b1cb5a6f6d65665447f2c98153581eb03

SHA512
41fa224d22950a35d075485acd4283cc6663df8fceeb8adc1f5681d95d54f3f0f2e1471012e879b17edb4aaa6495623d5b6ef6020c79e7049f325671c3d2cf90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a52d94239fb97bf8f0c93619d8f1cb19

SHA1
d0d88455e6d285d28a99553295ad0a275ac7e871

SHA256
edac6045cc1101a98decc3a472f89e501f8cb9e237a9f4d1ae672a90d3817c04

SHA512
851c565ca69e02426f26f57291433b2088425a261ca6a661b433778558609ec2875ce1045019028ba77618831539cb41b578c128b7c06b95720bdde9f56fe3d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c5d2dc8df6000d07b49a03eb4a5b3e88

SHA1
92aa594fb988b5eaef030600b1831dc72616fca8

SHA256
d2f60f78c3599464430f0eee31df2e36eb8673edc7532e6543b1745c3e0b31d4

SHA512
7d5e5b6728db1ab9aa72b044ec2f5407ce793af03761ce23ac78ec46fa099bf7ecc6d983808f3c13dd17d52b5aef5854a57a9569ae4271fb7545376ba24800df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
cdabf723a70138cf80f4dc0b5923eee6

SHA1
ea0757fba4398346c78e426358d0d2819123cedf

SHA256
04162aa7296632b58427f1d1dff794d89bfdcb6aeecde5210dcdabac02130e37

SHA512
758339663ad90b19beadfc908f6f6624f00c17737cf9fa7633cb80211d126c5fa6994746b2b01eafd0bbc195b5c4c01f33983d6037724daf03909f5e45790807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1226f4da2b255a249e4a236ad4e9bfa1

SHA1
02436d0fbc45ebc5a06bc1c2e9b9a6acdb2251b4

SHA256
039ae16f804e222aaf0bc51708a73e09012f23921e99017ff55a9ce79cd053aa

SHA512
f6481794e48f2e7a93b2192b61aae5835b6696657e231d3e8bd8e59cc35a7cd29537fb95793aa638fdb5805e8b16c1ad311a97a227fce4c9c268b63417a689a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f0efe120294bfd690378f6650c86108

SHA1
e417ce0d9e0e54afe255cd116824c2d19682ccc8

SHA256
ca946a4695472271f770c7516216cdb47b36dfc89aea7181dccbe03649ce03e1

SHA512
4eb3a76c651194cfafbec7183d4f1a7c870a5b6b6b5c6e0d31a2b3a74fb992d721bfa288e48ada97e6f2a189c40b31943f3e53f58bb4623b34c744147fafa2fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f4754148981329ff60e9e76c01ce4fa

SHA1
1db0c44edf6e7ccd2c4ae3f44f13871b1e95b02f

SHA256
292a68812736ba5db2bfcbfe4255ec02352f1b9b1eccac046945242d988278ab

SHA512
103efc72899499d09445e44d43fc1f25736c0add1172f8e9ffa44ce8fa1a728a65c304b9982e6d8a8dafaab06b6930bdbdba03cef7123601a5bad16cc5fd8f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af35b0869d4a10648c510e0c906d4670

SHA1
201ca09a3a42b89380af8795bb64da8ba3e3b7bb

SHA256
7886bb5c31d65c1f6980125e59aa67ad515a264aec8fa578a46f46a3947139a7

SHA512
00a8119f83870ac03fa6455650933395eebcaaa45ba3b8ab8f3a4b08d41ed063017e91f36b598c521f83e4ca11e4b796ed83c4b05fa75529bff9aa710f68a4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
16c27800da10f03a165a73bcdbb4d577

SHA1
74039a377d6a9b75cb2c03eaccfd18d153b8d4da

SHA256
f935706ce7e1ff8f5de403be710dac7a6593580d2ca66df80fc4a34969b68361

SHA512
00092c7c90c3e7b2ff3c283a9b624fec2b792346cd2660d094df5c5d6ec5f4144f66e93efd4e6c911aea17fea4fd8e52cc4d69caa3c58f2630e84aa383c1532d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
98fadc8239779c4b12ae8912851e9205

SHA1
09313e546dd9753801798fb0760898d8b46f2004

SHA256
1477b87dbabe7499828d511ca1f1c2804fbaf2e59f9e263251eb12c6dc919eb0

SHA512
0b75bda341e27939845c94dc5776816f0707d6529ca988fffe922688665aaeb4e7c68476fe6455c2905b42fa9e0376a889288af4d8fd533180534f4700d14167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bebb11245c3e44e644a010c600593784

SHA1
60f1051437e1dc0073b9ec325617864c9cf89726

SHA256
54f82ab5fc9c0db8da7718acd5c39b74ff2163068f74b857b52cdf48dec8cd36

SHA512
37b3a87453a680ecfca34e86b7c777edc977213ba50c18957b535b48fb6736cc501703ec0da17d2a1c81b2cae5259b5c8d29341bc8f4072b38fe61a7de3ff284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c72396b4108417c7762e5e2beb6a9570

SHA1
107d7259f80b127d8a1ff0acbd1fc1159329f95c

SHA256
7945efb363489f0364cf77a2db192a7734f5d3ed6554cecbec7dbab513b8d811

SHA512
985b2c7d30270c53b15089cff5e3888ee6977b8bcd52a09840f6f25a7219835df6ff751302d77497e373bdd1c01d64010e807e14720a1e11e8818eb87c668fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
88d3a6f4dd4c5f9887715f2ab6da6eac

SHA1
2c339a16da79f02b857661b0e957b7ab15701364

SHA256
4f4a734a8e652214dc791d2f28a91e6c5b4795dbd19cffc92f5700ed4f161938

SHA512
f976da4a6f0f77d9b6dcb481bbcdb42460340b1361fcefc0faae4bf288d313fd49ea7ff54204980c21609bf4d5fef2557371987e8b72447e8de8df2ea4c4f3a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
522879f54cdc770d28d48556536ec973

SHA1
7654bbed381acec0e95dbc0e621c829111494a51

SHA256
aa90ae816a639da9d164326765638001fb2ec491c41fd8ee3c7c61be33c7d1b3

SHA512
da7b2b26b7f18955b0df0ed6d873195c5c1e767db4a5a42bffb70275e0c5dbbb600694fcae61aca6c4334bee66a6c0780ff1d61528084dba17bb000bf7f2844d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b872f41a0568354e5ef4b5efc3c13ad4

SHA1
3e6e5ab39c77c37217449b829b880940986a5d19

SHA256
c5755cd49adb9c1de837b2e6435807046e17b9a3b26da62d009bc91294c2d486

SHA512
567529c354ea695b4c336188b6e18046cc033b05cf94653ff49839ea2a3848e00aa9b8ab9d30f5d90d661229caa745e99a96e1cad2f73c2596d972ae0e6d14cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9f973bf471d7b044e3286d6a828fb1af

SHA1
def9fcd530c76913b41047a2c3fbc764c0d87789

SHA256
9af08a3e44d70e12586ee71278fb55f00512a9a677aed04c0c3929a14a519504

SHA512
1f1db1c523827943b191cf8fa038f756d9a5dece9e2dafaf89e2060f154da2037d29d53ded23cee3de89c04401c44d41d5d9ea01c9e626af7ffe76d31d5334a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
190dd259b07a7f882658ed150ed711ce

SHA1
70675c0ed13216df8fa829aa4c4833587e98b35c

SHA256
6aa9ad7a112e46f0406be5328edc56ef1c48ed2041be0640948aa69a44f9d13a

SHA512
93916b4cf4851c1cb2f0635398f67a47c7fe2f5740996d66a50031128629affaa3b7b109270af99750a525e21c5d6b048d900b32bccae9c9eafe7f409ecb3cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a93f1ca5add8c770bd4c17c3e41822c9

SHA1
6ddff5f60bdb2baf7bc5aedc510345fcbb5c892d

SHA256
0f6a5f8c20261b7058e2a676391209c730586710e2f7151b12f8d9c985b104bb

SHA512
81b1c2adfcf2c65f45dd67a6d3cd52417e4eb260a32dfa34b5b19a02bad47b0c8a3045fbdca363024b257e9d6b281e1ce834ac41b055d6b09554c6b739f329ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
38baf89bdc36c59390382b1636517320

SHA1
5cc74f199905f6e697b57045eaf3f2b936c40549

SHA256
0ec8ed2874fec5bea3b63652dc113b2b1d33aa1e65c8766e2bb1d0dc2cae5acd

SHA512
cf5f2069cd0110cbd76776a5893de8e5276cc6768419aec5696d6b419104c9cebcf24558597aa40152b2af5b1b45fef885a968667faa80a206ff2508835b2b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
02a4a593351a21b41c9b512539470250

SHA1
5aae3c233eefb1dde1d7e846789e3d32db795349

SHA256
3ab77223b385cd2efa55ebe7a3412f0c3feba05444682957bec2efd5c58b24d0

SHA512
e708ee293f23c6fc99309387063566ed51b583a31f01394da56f09a35bb5d033e6782a754fb645b10c90d05ca554e1ed719b17b9375101bc51c5a00b06baf387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fb5837655c86e2d9af291b4e862742cb

SHA1
4ff5b07191abf506c43f83dc077b8c237a2efc53

SHA256
1af5a43c44d253f55e2958263ef7cf719243831093f930b0f05f470a46df0c71

SHA512
0ab4d9d78641fcc356317116a74b0c288aac6cd57f2123db7f518fb3dba56d98cd8c362d73b12963560d86c923a27ac1376f88fae2512fd2a2c16834fd9e3093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
001e400f05c04ec53af172700bc22942

SHA1
7ed600eb32d2121e413a0bb921258c0ee8ae620b

SHA256
6fc90436bd2fc09285aaba31026d2393552ac726e2f1eaddf626f343337681a7

SHA512
280965fd5809e23d92d0e244114ca58084df9959fb7087da71b1a581d2a7722bb6efe881f7f3042ee1b7ef9b99500fc3ddb4d15b870c642aa0efa57b557f8248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
05c029e393f89f58c643f10392944d43

SHA1
6517bbf8405cc3062bca0a0df0d3407f2c4cf25d

SHA256
15e1d648d91ced6e5737d0a33ce070f15db96878fd702175b7c20f05c41fbb91

SHA512
f9e5083a7578ebcd39190c9da5278ffada02350b8dded1e602250328dcec9faec048c809758a0f33a1c441751cfeaccbc045b3ac2042ea8e491a7858a5a09af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8edfa9027d504199950bb6a145e3a4b4

SHA1
eab7a8f39fba0437af409620f5830e13cb04a6fc

SHA256
7f8fb9e9fd356465f33a766507cc13c254f25f81bcdd966f78b2ff3632ff62c8

SHA512
66a6d1e7e44b38071b63f6a2da38ef7a52034b62bdd406ed1610edadb85f5e927b14dc387449c6b3217e442ca7caf803f113d82f3c8afb4fc5e1c204b2cf09e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d47e1448b353e4737d65f0fb0d75169

SHA1
918db24a89d9b1de5f6346ae3d147bbdcd552e58

SHA256
8547f214f3c5fe06e9a1017fcf2366afc3d3e5ad871cf07e5534cbd778c66a20

SHA512
fe2324e4a78e3c6df884436b1da948f67c4749f02f66e6e64a5c0f297ebd1262879c029ee42daf450fb1b0c58633d7ec74ff544e12bbc5052b51edfc9eeb2cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a457460f77c0b4a5b887fda94da1934d

SHA1
5e25f3cc47433aaa2fe15be55650b0c9d176770a

SHA256
12ceec08e493d0db3659480f2f731f0d2f76b74bc96fe5600163e4332266b7f8

SHA512
48c2503066bb50b9b38db6f8a65af59e0d19f3688f1f6ef4fba51e4b686615e28a5615b3b9f803004d5371b89baeacb82137f36de5df60589f8697bcc7873dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c4f7f7e4208d6e5fda098d77ac0bed55

SHA1
4f54bbc00802e0286b802e01a5040ab782c2ffef

SHA256
946853d84d4ad20ef31d0092a2f4ce91d4ceae7e00dd9d91ba990011e7f6c2e0

SHA512
5bfbc9cafa877ba97e3a60794abf5aa9d8f2230c891522fc032107a068f2b54c40e4367d4272a0d5cf57bbdb7141e5006f018b6a01fb6f3292828cda660536e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8ffd141497b38448694bbfb597db6607

SHA1
3bf2f6d4b129c9e247abbbee2506613e850f7c33

SHA256
db2ea3956dace9276b6f8868d354124ab73da74213dc60f93fad2fd8f8a192c6

SHA512
7640adc7af2d59094eb4ae45b9ad270851ba65ea4eee706d2f4b780e5da4d5de12d58a6ec5253b769b0eca18ab6b4bc81af40f62955bb5702ff9f8145758407e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91334cec46d538188b47b9939c90bc12

SHA1
0a7469aea5a27b342d722a90dedb5dbbf03503c8

SHA256
c441cf600c71b9d12326ba5fa79dac1f6c60dea347c0d2149fe107b1b5ff8d51

SHA512
aa0c2b8a7d7335e9bef83c6b1a971734d195b793775d3104363f984a30b5a3ebe9ae319fa3a928ca6f0345d657aba9f3c6cb3c7e5a7d3909b7021d30cd4f2aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
aa93eb764cada53289985faa6d8d6388

SHA1
774c3d019fe19ec19b452084e4e5a4174016763c

SHA256
20659690b50b5edff13b858988bf9fbc5e16f2d340550a62e5736c184509248e

SHA512
1b367662e1f30b6d8aaf0cae08eee1bebf161e53bf1837d9830f043fe2b8a3c81dcebb0c0a4e231d053bb7983dfdd08e36133727a1f0d4c659b694f5a64d6095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3c8763dfd3a2663da8b0a66414592767

SHA1
e2a2319f367e7409b7e0c7291c018f43eee77859

SHA256
e153216fbaaa20e961e1a297208a5fe0fa0d6895a3052f393c8966454b91beb8

SHA512
ea16b0c5eef3cba05e3529f997c674b8b0b480e2714a60bc47535556acc2395db4c626f079c045e28e6e94d4190342432a4088725437c5c7ebf549bec91970ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
983758b8c51026a7e58e3309d24e37e9

SHA1
cfcb50d7459e9d15aa5d77c5b6556d1f7cb842f1

SHA256
94a38efe86bb160aeba37b038affbe6259935346bd8b4e94c75b159a2d2ac70b

SHA512
01fbfe58f1b021e28ea94d95713daad236e547f68bedb8cf10a4db28227734462ba16b40bca4d28adb792e32c5fd306935fdfe90f1043295018e45893cf62dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
59246f97de0fb38121561c5149345f5b

SHA1
d557dff11c24ef4cab6214a0bca3e7a4b2180312

SHA256
574e9be8b2870dd96f3146081b2390e18378798acca8be7c1a7481667328aa8e

SHA512
693ed3ad43cf6773588455d35c065d3c526aa77af9bae6b363fe17d4c0aadac3334ea89cbda2256778dd29f072460b01997574608983665a6572885453a5634e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0870bb0ae39e5b271bc26a3a538d0a79

SHA1
a3ec591e6cd0ef2dd83f4046d320f7943404ba5a

SHA256
ee4ed75bc1f0a3dc2e6a60a5c51083255d2b569250f09ac10fabf02811cd105b

SHA512
bef48a3e02b4df9cfb73a0e1c81237228ecda9c7b967611f1cfb5344f1a8adce3706d2f86346d93a22cda8da370b46b4e0f7a1b9939a27d9bd48eabaafce3399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
07366ba5b3aff9a4575c65ea99855570

SHA1
af1ff0a4de3398293d27c1d3333cddf774e6f672

SHA256
5f0891f02217e27e6dd3cceb86eec88d0bc6b05600e15206e7f0d65499296adc

SHA512
81b8772c6d190733a672d956c976279a18750a707403570c9dfb1de1ea9de4a280fe9550772c75d3bb1ddd112d8b82c0b9d27deb0ef49d3f01e82fe629e9468e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9809b11051c74be5378d8e6919d483b7

SHA1
d8d733c693f36060267ed628be2e523aa960ca99

SHA256
34175707b402403bdc216dfff24a5bdafe8af38a63bc9309375f7253cd1aa8be

SHA512
05da12df8113d1848de27373c9569a6a5e4f316bac0316db3583ebf9c885e4043a5bb39e05faa35053a1f552d01e4ed69e85a9c7d5e3d3242242955d8b998b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
1fa7d3e2bb9eb417e5fbe5444ada6b97

SHA1
855d05eb8937c764f3269cf6164e63baa33a3345

SHA256
0b1c4527cacf2980d23738db2f0ad888f3a161b2c6ed4a302e3838a1d53605be

SHA512
32408ac4f7b00fdddfda6ccc04324a24a5ce327bd160b12be59e3b699d42da09730baa559c0de97afd242ae363bbda742657fa9f874e4e36aeec5e8cdf3ea5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
460d070249f2852f6544e2e0c45721de

SHA1
20559ca1fb3519bdbf069595c13b6a1f2825a566

SHA256
f744eba44a10098ea5cc02946704484fc09917c05b45c6a85da8ca9a573a3ab7

SHA512
feced6893b2f9dab80203623da527769f60d0e6989c4373bd1e4bdfd58d9b0b15707516ad79725272460af5d5f7aa2a59ec44857a4e2eb30300ca4c85947beda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8d004d7549aad37bed83abf4877c4a0a

SHA1
1fc29ce6e47a470e1d08f2387253553cdae9f58d

SHA256
805d623ee9f5a65f14a4575c8267b2362b83c141c90305b2e94b8c429f2ca1b8

SHA512
840a66c5c0a2730d79e502e0dfff7abf6bd335f28b96a2f83d7e7ffc70d4bbbb30a9057a0cbedb0f2fb3cae39998ffe32107cc44e5c13f569bdc3670e8cd1bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59b7ec.TMP

Filesize
203B

MD5
bcd2ee52e7368c86b2743a8571f1dec6

SHA1
6990286792fe5aa0db66beb6e996a10dc097037e

SHA256
423acfeab1bb5e21849f29252c119170e121c568fce6f576b67ed4d3ad40a50f

SHA512
b06ad45463ad4aef62ca7bc928fe860bded0c50f328e924e8cb5f6151abb72a9eff03f750a5e6a4c26dfdefe2e0e1ba4cc6c01d654bc65243202f9684046108d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
64b89c73cc438f1bebc079138db27049

SHA1
e09675ff87ec96eb3486fc2fb8abae25e85569c9

SHA256
57ecc6bfca4b7ac7dcfee4899039ac19d51d8f188fa58a4eabd14a89ad9c3554

SHA512
d65a801e6688cf8d021c0bc9d1a61acdb969d099d7693e660c7f4d0cc397c3cee38856f690ad6d1863ca6d9a2ee3158adc696febd6419ea947aadc287718156f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
455cb2fd3a40b412a3a7ef2f2a0b5f93

SHA1
b02e1548b73c809d21085d0aa3be924e49ed49ea

SHA256
ca69a91839987e58bac7bd767183b2f5266307d83270d8511ff997ea45b876c7

SHA512
05f4a020ae6cb69a844d3cc5e99cc51b80c83ddc86c5c067d2c8c7f3f19e2e706260474c9f378c0a655ea8b25ceb2379f9a8d8d5f5889217b1b03ca7a2941f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6abe3714576bacecde8e0504e62bac1f

SHA1
333ac8ec238b4e421b177beb36cae7363fb88c79

SHA256
4286539f3b7f2d9da87b7661afa99d24f16956b6070ebb6a9441cea73da2a60c

SHA512
7d7374539829fb05c7ae08caa346a56d27badbd1220aba98268d00ddc2b8e6fea3740f272b834041aa337c436bef78faa44d4af298b5a41e1b79f3974ff855b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
8275d8423f03b7bb65a2e6ba7550945e

SHA1
228a8f0af5f90a2b017214d29cecfedb3f48e494

SHA256
83a7ea2b265d833831ea41b63e4c3c785a1075ddf1f1d4cd081a09046604be83

SHA512
652cc6198987e63535bd3aa4f2bc0a10543d82c360dec4d3e93254528b7b61b3a62aa0bbc69597c69da708f745005861091a91b95a99f6167f6d88fcab99638d

Download Submit
\??\pipe\LOCAL\crashpad_4496_AIXPZBKHNMPESGOX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1968-1454-0x0000028E9AA60000-0x0000028E9AF88000-memory.dmp

Filesize
5.2MB

Download
memory/1968-1452-0x0000028EFFE10000-0x0000028EFFE28000-memory.dmp

Filesize
96KB

Download
memory/1968-1453-0x0000028F001D0000-0x0000028F00392000-memory.dmp

Filesize
1.8MB

Download
memory/3752-1578-0x0000022009C30000-0x0000022009C48000-memory.dmp

Filesize
96KB

Download
memory/4972-97-0x0000000000160000-0x0000000000168000-memory.dmp

Filesize
32KB

Download
memory/4972-1418-0x0000000005CC0000-0x0000000005DE2000-memory.dmp

Filesize
1.1MB

Download
memory/4972-99-0x0000000004B50000-0x0000000004BE2000-memory.dmp

Filesize
584KB

Download
memory/4972-98-0x0000000005010000-0x00000000055B4000-memory.dmp

Filesize
5.6MB

Download
memory/4972-100-0x0000000004D10000-0x0000000004D1A000-memory.dmp

Filesize
40KB

Download