discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0

Analysis

max time kernel
428s
max time network
426s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/12/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0

Score

10^/10

discordrat discovery persistence phishing rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNzE0MzU4ODEyNzI0NDMwOA.G80dRA.WUpHnFSH_E6zLR1BhYABX1tYHkY-s6r2tuF2X8
server_id
1315723476291555339

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: 6633dd5dcff475e6fb744426_&@2x.png
phishing

Executes dropped EXE 3 IoCs

pid	Process
1972	Client-built.exe
872	Client-built.exe
5372	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 16 IoCs

Web Service

T1102

flow	ioc
276	raw.githubusercontent.com
277	discord.com
278	discord.com
117	discord.com
120	discord.com
270	discord.com
272	discord.com
273	discord.com
262	discord.com
281	discord.com
269	discord.com
275	raw.githubusercontent.com
280	discord.com
121	discord.com
263	discord.com
266	discord.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133785754290890848"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2878641211-696417878-3864914810-1000\{8C5FCE9E-C6DB-461E-9EE0-B8DB6B77F878}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
1508	msedge.exe
1508	msedge.exe
1356	identity_helper.exe
1356	identity_helper.exe
1500	msedge.exe
1500	msedge.exe
5268	chrome.exe
5268	chrome.exe
3108	msedge.exe
3108	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: 33	5708	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5708	AUDIODG.EXE
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe
Token: SeShutdownPrivilege	5268	chrome.exe
Token: SeCreatePagefilePrivilege	5268	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 1384	1508	msedge.exe	83
PID 1508 wrote to memory of 1384	1508	msedge.exe	83
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3988	1508	msedge.exe	84
PID 1508 wrote to memory of 3580	1508	msedge.exe	85
PID 1508 wrote to memory of 3580	1508	msedge.exe	85
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86
PID 1508 wrote to memory of 668	1508	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/moom825/Discord-RAT-2.0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc44f46f8,0x7ffbc44f4708,0x7ffbc44f4718
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1156 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16359644569456007172,7338896038871776046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4248

C:\Users\Admin\Desktop\New folder\builder.exe
"C:\Users\Admin\Desktop\New folder\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbb0f2cc40,0x7ffbb0f2cc4c,0x7ffbb0f2cc58
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,8922094451501737201,9078146449882601295,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2012,i,8922094451501737201,9078146449882601295,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1884 /prefetch:3
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,8922094451501737201,9078146449882601295,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,8922094451501737201,9078146449882601295,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,8922094451501737201,9078146449882601295,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,8922094451501737201,9078146449882601295,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,8922094451501737201,9078146449882601295,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5092,i,8922094451501737201,9078146449882601295,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:3360
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff69ec24698,0x7ff69ec246a4,0x7ff69ec246b0
    3⤵
    - Drops file in Program Files directory
    PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4436,i,8922094451501737201,9078146449882601295,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4044,i,8922094451501737201,9078146449882601295,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5708

C:\Users\Admin\Desktop\New folder\Client-built.exe
"C:\Users\Admin\Desktop\New folder\Client-built.exe"
1⤵
- Executes dropped EXE
PID:1972

C:\Users\Admin\Desktop\New folder\Client-built.exe
"C:\Users\Admin\Desktop\New folder\Client-built.exe"
1⤵
- Executes dropped EXE
PID:872

C:\Users\Admin\Desktop\New folder\Release\Discord rat.exe
"C:\Users\Admin\Desktop\New folder\Release\Discord rat.exe"
1⤵
PID:3596

C:\Users\Admin\Desktop\New folder\Client-built.exe
"C:\Users\Admin\Desktop\New folder\Client-built.exe"
1⤵
- Executes dropped EXE
PID:5372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\67921092-a14f-4b23-a774-931da2556026.tmp

Filesize
9KB

MD5
68d381d95ff821f614c893ebb102e0f5

SHA1
1febe240d4e41aa1e9f375a79ebfd3c6c85b84a6

SHA256
ffe1b629def45e86293abcbeb251c87cf67c0daa48a20df2f5b07350ccabbcb1

SHA512
ccea497ccb614068ed9f41643875153b65ff8fa13ef95c4a347505fe7d7f3d6be302c6a5873d6163bd5df2efe47f7bfd3f03ef06bf74b5aac22aef2b3ee6a492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
683513517bf43a7df4f8def0d401bfa8

SHA1
ac2fae7e296bc3dcc4167484a1b47d1a9fb0babb

SHA256
6f7c6e502ea80d0d1c763cd0f612c3e4fb3d425412717ed8b627ca62e6ec2840

SHA512
b9283eff0e8bf080723221bf2c99016963a1dc6f08da888fdf8a2b18c65d400a819747d69df09610105609bc0084f05df6b17b712c743b568dcc1687154c5b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
19ce20539fe54607243fe6c9a224369b

SHA1
f69676d958064d424d160e57cc0ed9dff337a019

SHA256
2bfe54eee590f8a5e0a090ec40ce9dc5d3cb1c1d18694deef08156950ec7322f

SHA512
03813dd39e4aef8706f74f315bbdf1bc43d1047b6b9721fb0f871ea2b2dff962573840c24ab45a297c14d072df79de309e858bf526af26c22a4ca5c99bd64645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3aeac7e6b2f2242202a695cf2400ee42

SHA1
008c93312e7aaed7d5993dbe5049b3a92f556355

SHA256
33fdcb76e1dc2ef66681ceb60c0c1177c6b54a2d52b64d800406f10fe716a60e

SHA512
685ae09c49e4161ce755e054ffd6caf09c04081dc8f17d54338f50cb9deb2a330e32accde95a0bf4410c658b5f249bd0a7fcb3c16ea2eeab8a819d299cd74b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a61edcec1d5c10d68fbc2075152eae40

SHA1
d6122b7cab67ba9dab4e4aedb7511c6da6a7c322

SHA256
62fa00e0a36474465956af898c1e87a6e9fead6f9839a3fef292dedca6439c4d

SHA512
8c4e588a83bd19725f842c123924131a71eaf3b0b864692e7fb9aa31f9f7a573578c83706180f0eccf275faaa6ca3fab5f2ac959c6248eec6f1c43c6ff3fafb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ab3ad7f8c56ec587dfafa42123105573

SHA1
a4f33582ade156634bd5ed1b39b4b9221c68f4a1

SHA256
e8d022a8180b929bfe8275e60b54715ee60f5348674720e6e443085f582ab302

SHA512
b56880ba1a5e93bccdf96b168a1fcfabe49b97e540aec8e9643827293730a243de2f8eb012428aae6c6a37d03a32d84611c50af98bba42cc768b6cf401cb4224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53f51078ba0638ea8b07b8399c429c7e

SHA1
72c80274f367124996bf3a095d6d399662d89571

SHA256
ad4c48f5004a359b1a3b0965628f6970d468630d555185731c8d3ae15e4d8d3e

SHA512
911594bc7144606aa78c7731baa330cb1e92b97ae73d1b23f9f5219ab45457100d1c271018a2d935fa2c564ba45d81b3bbc353e0499db4405c3e6630e1198dc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21aae57ed26de2f871b05ff56e63ee23

SHA1
f69cc59a40f1b6e5268fdec033ac3ac52bdda58c

SHA256
d68ed27f2df6f5bde8161a6a8259fb7ae113f2166a447fb0ecf3884e8d01aa0c

SHA512
1afb23659ecf64c6fea68acc895846e672d96cf593fa6adcec06424e473193434065116371924ff337c1f3bb7394e211576a19a0a9f88dd007961f0c1399d563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90b67a63a82b8efbdab8427992862487

SHA1
27d2854dab7acd40c4a4747098dc298ab3a6fa46

SHA256
7126e7d6198412001bd4466bf169cddf3c6d11fef0ab5293f3a2198034fa5e11

SHA512
fef224fd6396dfdedb2be3ef3702e479c68dac00b6e930265acdba648935b2afa75e72f67d17c6b7a83f62ddb1e15d75490c41e762dbb32c5d453468255a30b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb918b2adccc52f4124f9580233b9e17

SHA1
288f00f12618699a4d20c6d52572b480b53146ca

SHA256
625d7baa7ef758c1a1edf1650e0dd10e0157bb770350c604879edd7bde8f5364

SHA512
c116f3a3239ee5b4aab0024ce0407ae185e8ae60b60670e16ea040e639b300bd74abe7870b608311a2595ea2ad1c5777892bbcc2dd267235de5e00fe8e307a40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f7c5e7987ca83b13d4a1bb174633e50

SHA1
f8796e6b4f98b7bddbd28f337d28069d6bbc8476

SHA256
1908712784d4e9eb4ea8cd20163197de561713b5881464463819b5a3a921c62e

SHA512
254300da3bb2a80a354f2b2feb02259156f555e46e31dbd3c43ed1c14483c75dad322cae09d81c4867aabdf95334ff9590afaf11bbbd7554afd442d67594d35d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9540e21e08f86048a06f0a8169277e2

SHA1
5e5cd5742a55ab6388bde5fc69d714254e386333

SHA256
6021558edbd192c8abfdaf0b25352a02e5e9211d03651d7d46488e3621481561

SHA512
439f792fb674b8082ab3720fd6214496cd014b78abc5ebb5bffde297152c578caf9906cb76ed01694b7d7e475cd69c5959ee560baec1fe60312b5fa2f6ff6a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d184afe50ba699bc191416b5a51924e

SHA1
d3a01cbcc3ea6366fb2a68e36df20db9268051dc

SHA256
187cf6890fd92adb6beb7fb5f355a64e47bef14ca26e614061beeaa67254a7b4

SHA512
fa796bc6b643463ab5f34c1a64e7721fcb2ea7f21046b28d45cb4f56276c99cc4a98e973374b1f53690e95ea343de0f2f1619a57a6e8d87ffd76e04f1f14c912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9911ac05029c73e0ae3de43a48be1d9

SHA1
0cab7cc8710ab87ab0c6f8264a3f0258e76e19b7

SHA256
e812578c2932c7ad845df417111486f9d770260bb7133766969e0576eace3b54

SHA512
64abcfe50061f3a7e8114c5c2664cd1a082c1be20517086bd7e244c2c5723b3fc80e94b4933748c69da8a2a5c55ea5761ca283dbcc4be7bbe225bc3a0aff8462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c59fb9a913d2f0fbf3762f54cd11754

SHA1
55ba313235cbf750dd323008d71ab5150b83b70c

SHA256
b5f61a5d8c1a6db285b46671b4c3ac49e3518e767fc37ad2ca87f85f87b03466

SHA512
6a419b38168bdc4db85ada0409fc4721aafcb781f91460d6c0681c437795e8f455d894a482f19c0c4b01ff1d7445f85fd5a0f52f20be59af3d3975e67c852c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a6da4ebfcfd43bdb204ca69e7099c10

SHA1
44076f9ee0bd0a587460328a9d1de23a6e6afd63

SHA256
93159e825e644d6b14d40f8979412e1dcbcacba7c6a4832e61ac0f8f6954f6d2

SHA512
5b8b200aa35e522da3d27678d3ded1239ff18ec302e6824e2e413afe31ed63cfbd54a8dc83633b0c3486835533f434501499ff209e9ac14de08104c5670c805b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3949dca1a84dde22f2fdd1d449ea3b55

SHA1
fc73e46e818348a3c2f19bc2d63d987ff9474d7a

SHA256
b6db06561688a20055845de38389e2fabf3c56d8ec1581b43f3ae1580590c92b

SHA512
e0d5e05ce90d8dafa7b546cd47a14974ebacaf2e61f2bba0dc5a1d99c0d6d505b4e48860a0d0f3e2152b12f9d876194c684d937c383c258a594db2997af69140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae178373face2b2b84166f3c5e82cb4e

SHA1
2ce8bf7e1178b68cd823684629cd8eb52e1cc1fe

SHA256
89194fe6ca5c4d5e29a102972017e5fcf5264bf89530435dd21237cb88a13b7f

SHA512
0ada9bc727f7143f80eecb877ccd960b55aa1bb31f48d589345b6fcdc96ecd29b3c460f0bf110ea225aac443041af171ce4deb84e3d237006c87ce2d0b157d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19106f702fef262e5863b1147619f8cc

SHA1
9e1ca9b53a1c012aa328a80d0e14f4895ba6ba03

SHA256
c4fb22dcb88472b57524070a4e32ac39e1327518afd9ea62c60d0745c87a14b8

SHA512
a772577657bb6c89494847210fb5966ee9e50a2e9c052463ab22284b83b6c7e2fa26cfd4cac506a159ec24447eeed9c0fd245d0a161be3ecd0f4b223f3558605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
718f6643d5794308a06055d0e7b0a738

SHA1
3be5a51ab7553b5fbe6cb813c676e390fb0dfc73

SHA256
d3fde5527585315fe7fcfcaf764dfb735ad3a8d1b8c79ccbccc289694cc26c12

SHA512
78c20e280c6b085f9d7da223dae47e28c1ea341e67e2266a66ed7d74fab412bfc3986bc356fc927331c357fb1056a49e5f01832541f4bc6be622f6823dc32715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
015d45efcc0f574953a703d546ef3d8b

SHA1
c41282990d4384a2d3750cdfb0572f2b23ebe67c

SHA256
1baac819c571dd80b01e36e55aa7e7bc8979112afd320cdfff4b8f00067a7108

SHA512
c2cb0d5df793d476d6cc307c70e7c970067a11bc02e779e587228fac93d2d4dec2d5b7b1b578cf3186c4cf2fff4774fbd2253762610bfe6948d3ae2882cabad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6a8b5a1914ce5e2d0ca6841bf99e06b

SHA1
134690e6e68aa0c3ada5be6d8537b5ebaedb336e

SHA256
e805b5494b76276955377e995d3e4edef3db322a8dddae4cb8b076efba04e888

SHA512
22469f85708425cafc737b8e9379fdb834e66aa4af23ad4786ebeb201dc8eb5ace5d4e19f75e6c9a744963f57f1dd01733472ef3ca2e2571ff54fab8fb9a748d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5a5612a14a8781a95a2f5a901e44a60

SHA1
92be2e46cf9c261f24d13bf1bc593fa4be5b2292

SHA256
3ef52c788dccd716462453b83e697157654cbadfe5ea6aa7402252aa2f4929dc

SHA512
b2ab32dd657ae74dad8dd7e17fcf6a27877b43f26de82ee4bd28e8f424dac25b2a2ef238b820b9407ca96909d641945a28ec49691e6b294dbbfb427d36b044e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6da822eee41faa28d9de45511315538

SHA1
b2af458cb5c7e56f768cd60118d96fe9019bab1c

SHA256
5ecdbdc6a0b4d41a1b0650415781fb788ddfe0d9ddefba59d3a9b902e22caffa

SHA512
a43a002f6a3be4753bf36d3118b7ac908ac756fd4ed83a8e333dc82532debc52cc2fa910a2192abee0b5abf34476cd5e3c7bab21c61a536982f2220ddd0ba802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
50664d61eec468b79c3a3e88c18fd695

SHA1
ac832aa4cf52323df78a11d65adafc8a10b72ad6

SHA256
f2382ec961c7b6e10a067040ecccffb27e072b608cf99ad2d00b7685d806eff7

SHA512
4857f2d09134ca8b4484a159a7517cce9ca43d19f7166e2a744f644835c9dab57fbc9f752c8ae201bda9d17eb91f3ec7b5f8f6dadec38f5f3824585df32c1736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
039bab36aab3687774983af13d04660a

SHA1
cd22d5e5cae8fd9ad223568a7839d69d8a034786

SHA256
0a113b3f686706ebe9c13ca11b4abe59670ed314167ed1957591b7351aac0efa

SHA512
663f5e15fe76752b988a76baa366a0c4b5300dde4a5eea8804fcc34b236f7e0ad8f09d2b122324d4da50ca5460940423ee5e2c371775e7d7ce028785f1aeabe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
655ed915e844bc35844baa97509b858f

SHA1
7a1399e378d5573e41c0ae9a30e63e4bed28be08

SHA256
a8dc33728a61ee035515a8df879416be1e00aadfe66e70e7e5c09a55650004db

SHA512
b5981de81dc442b97fc0346dd4d54e8aaa0f17a5875e22f6c40c78088a61bf38c7d9b7ef6c21de898c2acdc70160497d94238a396f3ad6413ab3c0a8016e76fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e37d9e256f27cad4e66c558ff28771c

SHA1
5cad0c1c6e0f0116a892028d790cb46f924361fd

SHA256
6ad6c2840ac82cc2e6992eaedf1669fea432013b21d48b83f6be4b4868d47a66

SHA512
74e1d40a8fe9620e1db1a80ce48900991c97735488514a5f79b85d0acb01131faef67da88c20b70a333f4f0cd553c82de044a0061dd128460cd406ceaabde7ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5258b208cdfb5cf7858a2af831370e72

SHA1
50dfd9b26d9339ff0a587ab4d46bb52e82bbf45b

SHA256
6c6eaa33ccfe46656c34339029d548b1a2aa25a966bf71bc118503ba9b5c8a58

SHA512
9c01ca0c316b9014598848229695649898a3f50401f9e13152b78271e785ef90e8df20f36266785d61418c8c6bec9c186ca262b5b179f2d36a10a4c66acb9456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91c5a97f66d1241abba90af31ac539ce

SHA1
f0431095e0eda867e675d191a195e83fa625d153

SHA256
2fb5a1b6a9b4526fbc0ee91a82d5b06f5889a583a101636108ea852e4d0e5ae5

SHA512
4226fbc6c7ef97c69cace54392d43c8a22c32b6c6174d7b2cb79514e461f76c9e56626fd01b7320dbc5e4ec76ac823675a30150adee9760d632eee449cfdff74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
890dad24661bc56ff30b93ed273d6938

SHA1
ba6fa6e22ca3351cbe86e95f3a890a76cb8eacc1

SHA256
442d1866b50ad342f0a914afe0ddeb4a871be97f642e2f563f963a3f969effcf

SHA512
b1f09f3d907abb224ee6c7ab6fc3399221635b41e22de359257604282878c3c79f4f110f8d0dd48cf5fc185e60f0991768cec5107abc34e23588b97dd8d9f859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bd7d965c-9e4c-47c2-b1af-2f52424af6b0.tmp

Filesize
9KB

MD5
84b64e8dfa907e46d660df03874330db

SHA1
f67c9112d9dacbbf58b695cd7e06bdd64073fc74

SHA256
81cb206c138a72628557d3cbc208a57d772e90cfb16464a2fe58e023f81a4488

SHA512
bd1249c452e09da2860a4ab23338f5d06de82c45fda691df67f291f1eb8c400d8126a3b4067ef642a8ae52f700003905f6285a252ffd2e9b02b039abde33f896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
10613aabcaa821643218db85688eac6e

SHA1
a6f411fba65262a7da03d998182b3074a999f82b

SHA256
bc57370763e02dc65b60ba945daeb6ffbbd73edd875745544529e8276fef697c

SHA512
69afd5611a6ff66577befb01b04d0960420f064bbf42e0903b523f06f578787627d7376a656c29f0273666a742fac7965a0943a5da88bc7ffb5751a6736bb3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
f1c5e49ff90e2fa899724fae807378f9

SHA1
ff280b650cc19c3620ef5226bb61c43a72cdcc95

SHA256
2a5d7c60341ef8f84e3f31f78f00798f685ac50c823ac029dfe7b6414bf4d646

SHA512
fd4bef2e97e815baafcc85f95610440f3fd2f11be378735fb40a9858d1470e0384ade818fe1a28582806dfcac48ba68350b6a1f60f7a33fb76a0662cc2999424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6953dd8b-0b5c-45e4-898b-448c3d132e1a.tmp

Filesize
3KB

MD5
106d678558f4a507a0f5b39536d68329

SHA1
dab41efa1966cd198ceb086872f5ab7caab11b97

SHA256
8fd16c41fdc19f63ca952416054426b0bd5531a90d97287307e5b6ba0ad7ce53

SHA512
335fbc3d9f3874f400ebc9f7c105cd13816c37023f16ad4f1291a36c8ed5c0e0c5582419fcccdc1fd59150c1adceb5d0a8b36323923400298ddfb72428fd918d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
200KB

MD5
612b3bc6f31cff17e3f182e74dcee5f9

SHA1
b82e31dfa94f9f15d5d38b273028518595b35aa2

SHA256
c921b4a66695c1fc98c92f36094728a5c34dac168cc56e84f3159999b560499e

SHA512
5f491e34b423302294cc256d55511210ded559affd860f4fc45301d2330a9198a4117a8d8c77e49211f99a2e8dbc84429539c93d94efe415556fcee79b3cfc3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
288KB

MD5
a7a9e891d3139f6abcbdec07218433a9

SHA1
afddbbc9a868a3a3cdb7b32ba0d8790b08797dee

SHA256
db712acb5d25619cb2b0d2f66014f152fd21500d793bbf9aca6ee2208342db7c

SHA512
45870b1561cc4429c03acfb650d21bc986fb2e4494433d3b324e8b23659aad7203af5bc98996819aa11211bbecda08e12f9a89add105bdfe33f33dda0782f244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
3.5MB

MD5
088e7274ebfd56e71a0377a660f57017

SHA1
f86df007113e3aa016c533745794ab041dd9d394

SHA256
e467d4e5c341ea4fc9d60b31251cc72f7bd94b82a92f2f4cc5cdca872e956869

SHA512
f56a53520a76712af8db9fd24fb28d72bea41564c65538db237d489326f2cc2cd47597d47df8899a81fd9f01a2ea964d01329dbc36d4ac21d12712ce0f56bc73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
413KB

MD5
a8de069b94c32acc4c1d4a5bf18e3ced

SHA1
fb79d8a31f050443b00852760fc436285f0f9b02

SHA256
5ed719662f804ddcea83a76ac9d9348ff10b7e9356269c0a46b91733884c1b64

SHA512
2926a7a771811b45eb604e5cb0b13841224022b5d4ac51038c0c534ee5bb4c198ffd3e1d7fa14bfc5487788b2d7e375e63e212baf9c457e6831fed47880e2dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
37KB

MD5
3d6549bf2f38372c054eafb93fa358a9

SHA1
e7a50f91c7ec5d5d896b55fa964f57ee47e11a1b

SHA256
8e401b056dc1eb48d44a01407ceb54372bbc44797d3259069ce96a96dfd8c104

SHA512
4bde638a4111b0d056464ce4fd45861208d1669c117e2632768acd620fcd924ab6384b3133e4baf7d537872166eb50ca48899b3909d9dbf2a111a7713322fad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
136KB

MD5
db985aaa3c64f10506d96d876e350d47

SHA1
aad4a93575e59643fed7617e2feb893dd763d801

SHA256
234feb9a8a2c759d00a4959506a3b9cb94c772186a2d117aed973347c7ef1891

SHA512
300d0d35ebb9e27d66489ffb3e5502a4dcd3af032fb0f672d4f004e3846fb795772b6938c99dafed6fad0c25da8412d6f6a7b0221eb2540e84527703db5b7073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
175KB

MD5
7cf1be7696bf689b97230262eade8ad8

SHA1
8eb128f9e3cf364c2fd380eefaa6397f245a1c82

SHA256
a981989aee5d4479ffadf550d9ecff24a4ac829483e3e55c07da3491f84b12ba

SHA512
7d7c7dc08001079d93ef447122dee49abd2b7a84d1619a055ff3e7ec0009261ab6add018560bfd82ed22b29c1915bfd059f02cd83fed2e15e9af05a5d0654e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
42KB

MD5
281bba49537cf936d1a0df10fb719f63

SHA1
4085ad185c5902afd273e3e92296a4de3dc19edd

SHA256
b78fb569265b01789e7edd88cfe02ecb2c3fee5e1999678255f9b78a3b2cc4e8

SHA512
af988371db77831f76edf95a50b9ddf1e957f0230404c8307914f11211e01cc95c61e0768d55aa4347f24e856d226f7e07ac21c09880e49dbd6346d1760b8bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
44KB

MD5
d295c40af6fca08f8e0eb5425351f431

SHA1
1d246a1e54b3a1f2428883d8c911af73eddffca6

SHA256
5d225b25d66b30563a00f395476ed701130d3f749620a63531cea09fc537164e

SHA512
9c9f23cb775244eb10f83f964b36224ad2cd5152cfa5ab82928f68ed1cb49be4156f887cc40a857b72efd0833014e4366bf136689a717dd58828a1b195ed486e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
38KB

MD5
ff5eccde83f118cea0224ebbb9dc3179

SHA1
0ad305614c46bdb6b7bb3445c2430e12aecee879

SHA256
13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc

SHA512
03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
133KB

MD5
f9bf0f65660d23c6f359d22720fc55ae

SHA1
9fa19ab7ea56165e2138c443816c278d5752dd08

SHA256
426ae06cd942849ab48b84c287c760f3701b603ebcc5c9aaa4a89923ef5f058e

SHA512
436019a96e47848533684a34e3c360f516c29b2aa2473d0a05d50c0fd3ad19eac39df2de12b6ec1c6760493efb5abf58e6a54d32080226fa1765983435634d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
38KB

MD5
71d3e9dc2bcb8e91225ba9fab588c8f2

SHA1
d7e38ee4c245f64b78eb18e6ecd7b9f53b3254a8

SHA256
ae99aaede2f373187a4fe442a2cb0ab9c2945efbab01cf33e01be517c0c4f813

SHA512
deda05ebd575d413aa2277876991ecc2ea238907390753485ba1b487ede2f432363c46daad5f3f240eaaf8d3258150829a3ae3d2d9c420ea59567cfd440361a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
38KB

MD5
7f63813838e283aea62f1a68ef1732c2

SHA1
c855806cb7c3cc1d29546e3e6446732197e25e93

SHA256
440ad8b1449985479bc37265e9912bbf2bf56fe9ffd14709358a8e9c2d5f8e5b

SHA512
aaea9683eb6c4a24107fc0576eb68e9002adb0c58d3b2c88b3f78d833eb24cecdd9ff5c20dabe7438506a44913870a1254416e2c86ec9acbbcc545bf40ea6d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
29KB

MD5
cce7a32763b751192e0a48aa506f9cb2

SHA1
f9bac8166722b739d817569702ebc00b15667312

SHA256
f040a02a06a3602862e5119883a61f6709aa111548a8b09d89f5298e61c4f527

SHA512
56a5826348486dd18f0f8347630dba52421ed4d8994f2ffa3fd876af99b9f1d280efc3d5d18c0197680edb6a6a1a6604f30294b39225f0c6b7871f7ffe4b93f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
7KB

MD5
25ec4c9caaf72226294bf1ede8f47c87

SHA1
d68be1caac4036608f7c039d668e1107c2c3f3f1

SHA256
5cf3034f137dd3432204ddc3b408827054525748f61196e43e5c6976b0e6ad85

SHA512
624762f7fff44a6539c96ca52c5a35cf8fb9a7389164aaa05fd6bf73780fdcc80a9a8232262f1c6bb13d1fcdfc34a3a08746d7dac2de0601f6bc9ea2d247585a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
04ded225dbf4936a5f1048a03903c831

SHA1
19bb73fc6bcae2f7586e8ea4355092a8339bd1e0

SHA256
f887ba64e87ced91a398fc8f976de98880938642d5e0bb8616b146b1e0bd041e

SHA512
72e8c3d70bec74f3071c9259ffe94c5a1047fbc19aeee2a13c6ba6423ffbb887f19b12127853757f2c1b6213b5f3ae87c19628403768728ea3ff67165d6c1485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6a50696dec427599dd0840543222b7f9

SHA1
3278d4c660a5ec4dd833aaa561cb7716cd67064f

SHA256
1d38357c4d18b3908192de561d75c87624699240e9c6c7577165392d24268df6

SHA512
1489da3f9690422c629d9289e0a8ee8d21f342bf9061363f0d8fcfd2e5480771d0d93696437758cba4086e6e0ed07c7e2a935428f59b43aa809650c00cf75625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
417ccb153405067cee70430ed3246c76

SHA1
0c6f0650680e59387e3864570edb6d50b38dac5c

SHA256
1c2f1313e98a5e84aa4190c625cf5ca9819531651cb128c4896f6141e67c59ea

SHA512
701b30f2509d883713eef755730954903e2a718636a6167dc7afef9f131f1c97c86bee7e081daf94d948959e2b6adf8832ad4e9b551cecd3041f5ac5fa531d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4d8c6fa0eae424d8427f2596da49274a

SHA1
cbc1d2dc19754ed42247f29ff8a0092f682fb13e

SHA256
13ef90832dc1007611330f81d0869fc89997c4d0d3b9604f73c8ba194657a341

SHA512
319ec261488b53e917ba2658e32e321e249a1eb39a2a5f4be55f2c2650f6fa01347a8c0846eee7eb56855bd3334f1cef4ce8c286e31b0fa8dc644380a0584b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
959d8a76df5bbb44c08197b0a76e0af5

SHA1
a2fa9f4dfc9272ed390ee36ffcac6b48705a3da8

SHA256
4746ef85a531638265698c6e3c692fe477fd567f0e29a3fa5e461702bbb5717d

SHA512
13ebe9557549b3f90b8db18dd30f7e9574a68ba2daf43998f3458baafc302cf07abb18b6beb2c7462d038f0d59b835ce4383b4227a490e5e00823c7f772a0eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8a895952ffb9085887c7d914cd8b162d

SHA1
b23596786a9aff58cebdc7dd843e5c8298667935

SHA256
806ffa173184d4fd77d3a20259c5cc11e545cd3849397eebb3580bfae06b6620

SHA512
86b3fc233bebc5e0109b1f558f07cd4e840bb581c6a9472f74262b8d9765ef3b2be50d7b9b576d1bbe3f9a11158dd6c62b97936fdb063dc64b8434cfab89e98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
484a7a3e5e84252e5296f1c1143999c0

SHA1
7de9eacbc4228d8d317f7f30ca712f458b96481b

SHA256
eb9fe44dc939d3910d7e8babd0d305957959504450595254eda1909d9e5e8448

SHA512
080e34ee07436ebd82d2716601cb26f92aed59fa2887a7327c279f29d92e5c55d0bfe0faea331df7f7984a858ecde71517167549dfe3afeb231237c8ca961cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9c3057ddbc2722ad4215cfe7d3ec4be1

SHA1
b20ad4eca1bc007b39b09fa0563b10ca46ee3c2f

SHA256
7b1053d774bbdeb4be76ffe9f43b446399a0af7844b7aea646354fc1291600d9

SHA512
32faee9e7e3c9eef69285b9910fd6e9fc5774c11b8cbd51c9f97bc7ab87fd731db0582515a8a3be247b3122576e8c7b8d3b3bf612d7e824f9e431937dc53cfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
442a3e582ee3b57eedff19bd7612aaf8

SHA1
9e559a2e66bc0d7f399e10e84171e23cdeb4977b

SHA256
e46447ed9fe44494245c90755bdcbb823481059da6df664294fc3f74f2f976c9

SHA512
d028ff0c9ebec4d7d0e735d00c5c3ee41d6d848584ca9bcb5ae93088c8383306ad553354599a10f2a9b91a0958e4c796d6eb4eb929a0d5e5cb4aa1a0a18ac667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b79fb7375322dea3cabc2602d2f8478a

SHA1
cd52400b30b2a4d4c3a8d630bdada9720163121b

SHA256
9bd5921e5241fdaad88481d0e35e246cc3c61ece663cbd2b87f696e4bae65aeb

SHA512
ac6b6bc542be00c9d11b28ee4e73a0d1240dbc1675d35e6762f00ca50d2a7b25dc2000a0725fa6fc063e98e648179d5c9465bcfafa32473b2f5c9fd2f16256dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69b229571138037763e40a4492d91a23

SHA1
ba53e17024c88d45bc2d41dafa941b33248cb04f

SHA256
87b75eecc83c1bc9f476764feea278040a36595b9defbea7a2ed21c8e8e4a78b

SHA512
755d418a571c75f123ba7a0ad5a7d3d1d6a38833de62d9745455414a57065fbd728878a9d46cee90d2c706b7ee5fbf721124424777185d96905b6240a11c2800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
facf2312dc752d06a7970124024b19c7

SHA1
d01e079dad71b4804de511c0a855e858be9be2f7

SHA256
bbd0191e3c2ff48275d91cd44012ff40ff2b27f949757dfd87b08d766b636a64

SHA512
41a70c77bbfaef7da987338ca2fe0d8f5a076535f9877a648f2312024b9560ef2a66047d38b4f64b0d6b1c32c4dbc3f36976c1c9934d9a6d4bf83b56717b9c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7f42980a30fae9070f287863a7a9e6cc

SHA1
0e8a03ce95ddc3425d75d7b6151afcd461222a3c

SHA256
71a4f83a0a69b25abd870c2d9c8412d7175996a7136e5eff4aa79160ac78fd5a

SHA512
0567fecf265db0467740214cfa2ed7990073d7c2e3c52e6cfd4fec25cc461c97a95591c532a5f777e0d751095da50bd36a268d86ce66dbb0640b34a7180f730b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b99e4d2199919ee31ac2682607a7a5a7

SHA1
f2813cd10786bb914624a808fa15d16afe79a165

SHA256
bfda52abb1e75dfc9d0098145d8324b19db9d88a3fd5a274552bb75ee134d740

SHA512
436d4a6e5cc8579848cbcec873b3fe71e13a3fe1d179345e72668feca3b3bcc436a0aed7cd7ca2a904ac1095a1160368d57b27a61a56e5c40f8104dc46d1ffe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed2777139c07eb24bce2af9699d630d0

SHA1
47ca000909add6c3098b6205269635f0584d9db4

SHA256
df6349c3fa604f092e7390da09e64434851d82a8e70637eb23c01b96d81b798a

SHA512
a22f1ba26202615ca6fea128a069f146c0f538a115443bfb78f89777e3993cac846c21a9c7cbaa371fcac3215ee4385a4ec8f42339c59d0c1c8b05ef3ba3d811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
eb2d57a159785bc92619ecf0004d69b8

SHA1
9a6e0db550ebcb597e247d12922291457a3d7a94

SHA256
db91c8b530227fa4a5ed18f5e238d7e41a7813631f4ca68c1375b3ee1020396f

SHA512
5b8fd70ca195f7fbbb34129add4f6277225e04c04a679eb1105543b3ffc8e9db1e84a994267aa0490e6fc4cc5a8de9b0e59742f10d1e5afea70536d40fab1e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
96eb0655daf612abf7d3b6034db82d0b

SHA1
1a617bd827c2ad99cfeb1a48b3f3eb14868aa6f9

SHA256
79215772dce22950c4a5b3de809841d417af980dda8105fc0c033b67bb6c1ba5

SHA512
4c1ceccad19312a486d1a67624bec5382a4d4aab6d979c267e58450cafb8cf94a8a4872246c446ac5c3dae749beabfee948fdde71a92c78de88051fcc075e677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d2eeda90458fc113c186457382d26603

SHA1
c7b03cb1fccbaf4f1513e5b8c9300c5e6687e9cc

SHA256
d557e7af9dc94b65569ad0532625d958355538d8757938e49578fb5eb53e9d49

SHA512
338e8bbadf1b4cff7100727ae0250b8b0c5e82ae794fc1f80937330ebfb444058ecd180905095e653a1c66a8423feaec46647504c2bb7f6294936fc96a20c722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d7e785f3fb23791f612724e3909f2d16

SHA1
410effc19ae6119c469a81ea4aa533db46fef279

SHA256
1df444de27f357b3761f015d91fd308f3a95fdf4580feedae519d43d0b2be590

SHA512
d255e7f8f7bd7a688c8a8e857860192466da59d990339acc15ae9397850f86664e950723459789deb472ca09cbf21264234f1906c9998299b4227a85737bb1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c640cf2a22b2988fbc867778a8264ba9

SHA1
94bab0ee8c2833f1ea0b5f4d4de9e1e30cd926b0

SHA256
fa53cb6613a006d14a3bca153263e1cefc2a46c49504abafa00d3a68cef99db5

SHA512
f05c11f7a5beee9f5cd9a6c8fc3396407ccf31dd80f69b7228c07c48aa13803720bac2eec3d4fd52fb7aeaff16bba3deb7568c64a653fe874ab29c4c498de907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
72ea82a7f1c9b9bfb33fc40d75f25732

SHA1
f1dacdc9bf856ae17f4b0db078e8dd0f5c8895f8

SHA256
4bfb022317f712bc64ce019cf879303efbb0cc1289549c295985a4f33702863a

SHA512
e35ea7baf9dad4a441722cfd69626dd8ffe2c5541256f4d82e93c328980566bae56852c643e349fd31db76811e824c71efb55a35b05a210998cbeedff9c980ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
73ee2f80fba290562cf5b5fcc043965e

SHA1
2404e8fae575744964088214761c650b15cb3700

SHA256
86cb830303a516115c6c1e81578dd3586257cade33eb04aff7455a2ec486219f

SHA512
829ba54432a26e5bc7b3c4f2bcadb62870637c5f6741e5fd9479fea5300f09eb257dd4243def5b43a161ad9b405f7d4761ee80a3708ef1cb6f5d2e9888877ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f41c51c5a480e33c8e9838dcb826854c

SHA1
df37b5156c85ccbe40a4b5bf73db1f2934a7581e

SHA256
6767812d9e457252ee0575c8ac4acba089d15d69c1680f0d3ed61c7c0cae2a09

SHA512
12ddac889fd1f97d47c53fdcbdbc81762279b3a3e9a58d2d3dc29cf2f9affbcf7f142ac1f43c97320201e534254aea69c0dfdb2e10953ac532719708b1950cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
aa97595743d69caefa3664d331944c7d

SHA1
b855dd3a25714493b1ec5f2e9e83abccaae0e5f7

SHA256
adce402f526b9e7599fa9173b91f69600c4238579f757e50b8631f2c3eda7f9f

SHA512
8690c18ee2632c92080ef255c3acb424889bd6ba6d4b0d8de60b6f0f4f8dce09c218e510b23ef3c8a34d6eb114d432fd15a6da842dd106d20477ab6fe8d5559a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bc7255c81f3b12afb135668b0630ac93

SHA1
1341ff3abdb90e734fbeeeb7f0fe8e11d46cc46f

SHA256
cabe244bb902cd52a9129c05fc616490e65881393a50a17930b66762ee7e1d89

SHA512
88a0f54f01cd13a9d146ae2620c01394cc83600b3fe75e36d9698c52449fe73e4b81e18f36c5415adbc4bbc85f459eac207396b4d08523ae5ef540bd28732d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7c9d85afdf89c0c1aa57bcdbb75fef15

SHA1
e80140d7a9555c031de52ff43e098b85ce136803

SHA256
e8b16d194b880ed6f7a9ec1bff4ed8b60dbfaefe1fff84c423f1cae396f5dcb5

SHA512
351285f612e4c4498cce3f620d1f2b8a68cc758c5085aaef72970f1695be7a1e0e99de2819ea82f94e57ebc3cc0c371c5a9a0dd7f9d52403e761f90fae718310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
9cc175426d1952fa0765d6122115cf36

SHA1
9943683fc6284e8166f55187d99dcf3b59b16c1c

SHA256
83bd374d1dbe420f11cdef3d50beca11d6e0db968c5e66d04aa123be47b5cd9b

SHA512
7ca496d094f3542e62b6c26beecb10939048dd64d63be90526a4d2d8eabb01ce628146d26e1b2a6f96c0674b4a0c72816dd5c47a5367865125dcea0f6a03a1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
12b0d5115908e4cab82f9343aaa6e83d

SHA1
5dccbb3b2cfa53c7ee8801697a85cf3ac9a00f10

SHA256
a1a0862628b484b0ae9a4151c9d92d1054170c9f67c1d74475f636c63d7fceea

SHA512
ac22b4d282f450ac99dfb2f305f11f8ad583465fe5865304cb7c4b1f9e9f23bebabe7afbab7aaab6aefa047b1690f139f9180dca2bf3318a631b10a89678d57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9dd5986e43becddeb1510258d6ef5d71

SHA1
e8a5dd22fdc91c62d3eb6e6df69b69c9c7d649f5

SHA256
61f759b6deb0576382e833bfe319503f432041e3319b10a7c424a3b54ab8ee58

SHA512
12f314fd094f6dbaca787c3b03716869452f30f34a61f23f7d846e11df25d8f59be1dfe748ada62a494011f546a19db97c853575fbcce90718a49abd9d77dd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f721.TMP

Filesize
874B

MD5
e848f8d619a3eb1efd5d24c80194aeb6

SHA1
aac3418e08a000be6df69866a9ae137d10a0db9c

SHA256
a7ab3e07ee28e33d1c57cf21a748d4e66d11299ba1a29a3fbc1391e793814685

SHA512
c4a79846365a44b7848d9fc504e0700f1722ac886b73bb0671ccbe462afbed999d47555e199f891f9db844a803023ea9d949e5d4cbd9ac8db9b4652d479dd8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b9e7da068a7ad231ae275b248f4175d6

SHA1
96cd6449dcbf277ff30930e4f193d16673896bf2

SHA256
871d6c780b50c491cbb5e3ec85388e3dca2b404ca5d35e1dc21f52250ec85611

SHA512
dfece058079ea962ad7d176d8b3d154e9e11c77944dae19eafd6b4131ceeabec5a10e461c1259a369ba0fdf8e248a1e0a5eadc970da337475703c3c0f61f7c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e9994e288a76710a1c6a02d4befb76ae

SHA1
4df5439613653c8199647a3e84695d263c54a2a7

SHA256
4291b45967a70e8c6aba6d08faf4e8198f2b455e5fabd2040952923e0f7bba2a

SHA512
3863b23cdb5a1c4f95212cfa4350ca3e0dc05772e762dc8eb2fe6a89c368f9e742c3ace8b9ee7741dc343f725c4eaae808398edd84448c8380acfda72bf1c195

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
feafb24c7958d8353125cea379f66e0d

SHA1
06a8479a5011567ddaba691b3774c41839aa048e

SHA256
d4da759c55b9f127a03c226cfff2b6e045d0caaae1a21db28f0508ff82468169

SHA512
30877800a1fe45389ebaff69fd09d0f725a16f48d82b587a36303db40b8995f2dcef03ce141dfe06cb7b705df3057395cd94c5c1931c2c7078d508e488727cb8

Download Submit
C:\Users\Admin\Desktop\New folder\Client-built.exe

Filesize
78KB

MD5
e70b5b072459317d7cfe023c4330c765

SHA1
ac3b768454fbf78c46f22bdb607f0b3a02916e02

SHA256
0c88703839e96d8d80f0ddc4776643d80dd72896ae10032cb815d41ac5d9486b

SHA512
aef451c2c95c915cabbb54a405945c459c3c4654e7ebb10e0c21714bfac00850631aad614f4ff344baf610858b1fd201478e5f8a1ec2e08b4a32fe8e55796476

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
memory/1972-2141-0x000001EC11540000-0x000001EC11558000-memory.dmp

Filesize
96KB

Download
memory/1972-2143-0x000001EC2C520000-0x000001EC2CA48000-memory.dmp

Filesize
5.2MB

Download
memory/1972-2142-0x000001EC2BBE0000-0x000001EC2BDA2000-memory.dmp

Filesize
1.8MB

Download
memory/3404-215-0x0000000000500000-0x0000000000508000-memory.dmp

Filesize
32KB

Download
memory/3404-2126-0x0000000006110000-0x0000000006232000-memory.dmp

Filesize
1.1MB

Download
memory/3404-217-0x0000000004DB0000-0x0000000004E42000-memory.dmp

Filesize
584KB

Download
memory/3404-216-0x0000000005420000-0x00000000059C4000-memory.dmp

Filesize
5.6MB

Download
memory/3404-218-0x0000000004E70000-0x0000000004E7A000-memory.dmp

Filesize
40KB

Download
memory/3596-2210-0x0000027915350000-0x0000027915368000-memory.dmp

Filesize
96KB

Download
memory/5372-2266-0x0000028C00DB0000-0x0000028C00DBE000-memory.dmp

Filesize
56KB

Download