Overview

overview

10

Static

static

10

backdoor.exe

windows10-ltsc 2021-x64

10

backdoor.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    449s
  • max time network
    451s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    14-12-2024 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    backdoor.exe

  • Size

    78KB

  • MD5

    fd20fe5621aa91f1ebac577a4b873694

  • SHA1

    e21b19d3b71dafd57c64042553436d543852ed12

  • SHA256

    bd106b91048fc739e255f76dbd42f6c39a4ce22a1db5567adef95278b84b975f

  • SHA512

    c769fb3f55d937c9f536c3c201fd3158a4493ab70d03d659385f2537b779b3a1f18bff9be861157c1c1468fbec435d30608330327387eb7f674e26e8059cb8c3

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+FPIC:5Zv5PDwbjNrmAE+VIC

Score
10/10
discordratdiscoverypersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxNzUyOTIxNDUyNTkwMjg4OA.GXalZP.lRGd6IoMrnd96ty8BDoTs4fndB5ZtDl8eCK_vU

  • server_id

    1317529702952337458

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Downloads MZ/PE file
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 26 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\backdoor.exe
    "C:\Users\Admin\AppData\Local\Temp\backdoor.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4240
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbe6e946f8,0x7ffbe6e94708,0x7ffbe6e94718
        3⤵
          PID:3836
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
          3⤵
            PID:572
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1076
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
            3⤵
              PID:976
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
              3⤵
                PID:4560
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                3⤵
                  PID:2064
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                  3⤵
                    PID:4500
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
                    3⤵
                      PID:476
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                      3⤵
                      • Drops file in Program Files directory
                      PID:3132
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6f6fa5460,0x7ff6f6fa5470,0x7ff6f6fa5480
                        4⤵
                          PID:928
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2632
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                        3⤵
                          PID:5112
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                          3⤵
                            PID:3428
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
                            3⤵
                              PID:2012
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
                              3⤵
                                PID:560
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                                3⤵
                                  PID:2080
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
                                  3⤵
                                    PID:4880
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14296844200143771122,1179586409640633462,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3180 /prefetch:2
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2988
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
                                  2⤵
                                    PID:4044
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbe6e946f8,0x7ffbe6e94708,0x7ffbe6e94718
                                      3⤵
                                        PID:476
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
                                      2⤵
                                        PID:2172
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbe6e946f8,0x7ffbe6e94708,0x7ffbe6e94718
                                          3⤵
                                            PID:3760
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:4780
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:3912

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            0526f2b37744871ef85ad98e2a03cd78

                                            SHA1

                                            7e8475de7f5614e30b67793a41d35ff492aff7cc

                                            SHA256

                                            68ce145d21b89f38464ed7486c74dd55a7e28e5ba25bb640cf4059b1bafdafd9

                                            SHA512

                                            12ae36f493802621601887cdc25e3d7191bfa94f0e784f11f18bff4bdf407efee195aceca19fe151718e9e7498a4faf0ff885e38cbc8e1e7a5d5d81f400b1ef0

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            574a42cc131c117ce7235c7d87a342c3

                                            SHA1

                                            315dfacb159562306053f79c799aa4bb00e098ee

                                            SHA256

                                            1d2b322fe7ca56044f90c82394a3844f193c4c4c2368be27692c41f958bc011d

                                            SHA512

                                            c4f2e716e510e215e4ea08f3077dab9742718be98120db6a4e3aa55fbb76ed11020508598f3f2ca91bfcfabdf28c797d1cf0b7483ccb21657831c65750ce553a

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            6547c6e6bdac94ad11ab8e5311c7e265

                                            SHA1

                                            cc3401985b79ed678f8b94b0500766691044ee7f

                                            SHA256

                                            685aee2efe60adca559de33807715ef5306c5ccb8857070155eae3d7ab397e3a

                                            SHA512

                                            d685ddcb513af37ea57e0255d9f5387266f882015b9cfca8f100931dc1629e54d1150679e4562717180447887ef7094539df668707dfbdbd3ef9b4920de7dcb6

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                            Filesize

                                            215KB

                                            MD5

                                            2be38925751dc3580e84c3af3a87f98d

                                            SHA1

                                            8a390d24e6588bef5da1d3db713784c11ca58921

                                            SHA256

                                            1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

                                            SHA512

                                            1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            168B

                                            MD5

                                            5f3f6763289471f4b9f78d2b93b88f36

                                            SHA1

                                            e6df2b0bb0f1a5ff4973bae3a35564309c974a88

                                            SHA256

                                            d30a02b1bcd0e3ed372e2d855e67304992d3a439dd4bc6de6a871527e460a780

                                            SHA512

                                            c4275592e7cc83281223a402a26ee2e6f0bbd0ffa2ced381fb0c89c37884e25f7075fe65b70bc0202612692596f1b9b6ca5dfa8794fcf3a50875144a4a05a292

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            48B

                                            MD5

                                            c635ca42f830975c211bd15c97d71343

                                            SHA1

                                            d524737b7a19af920b9dd59759cb5d55d30dc3b2

                                            SHA256

                                            6dc3a51ee73075ab8553814805f42be1409035ff7f74541f7704914f3c1a7411

                                            SHA512

                                            1f5d50bc69ee58d4d1f71298178798d99aab7b38decf30c5739de1ee11b5504ad4e69093e73ad3ae49a7ec4b9681089129094be12f62a88c7e50e26a86ed1d9f

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            144B

                                            MD5

                                            645331e5bc72d0ff22a57bc7ef1a0813

                                            SHA1

                                            f88171a47a225c2b1ecc26839956ec94e264ae76

                                            SHA256

                                            7c4ba337506189260f7edcdf1ef98b83bad74e65f00afdcad891672872646fce

                                            SHA512

                                            0e34c3df63dc4090b709ee07fc16b9b94710f5dcb005ddcdfe2f9401a7c4813ac585c57b0afa6975d74a06cee11134da2a8ef6036c318d1bd89126815c939368

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                            Filesize

                                            70KB

                                            MD5

                                            e5e3377341056643b0494b6842c0b544

                                            SHA1

                                            d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                            SHA256

                                            e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                            SHA512

                                            83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            815B

                                            MD5

                                            d309a2fe30318fa287e65efae3a0b6f3

                                            SHA1

                                            99f93bce9bb29e29bd9253ffbf043fdc62217f4b

                                            SHA256

                                            e0a1274484b0146fec6719eec20d76a9e0817342e7b7082e2c19a5127128b4d2

                                            SHA512

                                            86e3dbc266fde4b262b86be61c44539b2ecd95027268c13f69cb3e043590f1c5842cb81365a0c58d1f522f4c7b03104b892ccbe00c34ee0e095bf09d2e8389f3

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5dc660.TMP
                                            Filesize

                                            59B

                                            MD5

                                            2800881c775077e1c4b6e06bf4676de4

                                            SHA1

                                            2873631068c8b3b9495638c865915be822442c8b

                                            SHA256

                                            226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                            SHA512

                                            e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            5KB

                                            MD5

                                            ef2612e72bf4e84077d508a6831bdd71

                                            SHA1

                                            edd25a91ac3ad5039419683927dd78f74176097d

                                            SHA256

                                            16fbdadfec2605cf1fff3c8cfbbf7e75ab1c988b69f715dea7e140600a47020f

                                            SHA512

                                            8044989ac6f7cb0d581d241129880b1b1bd9810054eeb156c090974b864d74af78876df1a58123f09096f7985fb748c09b92ebd13c517282657776a0eacb68ee

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            5KB

                                            MD5

                                            47294a78da21161687fb5c0bef917286

                                            SHA1

                                            65a6dad8982ff809db74f7fd4f0889c81b4e8cb2

                                            SHA256

                                            6f77a16d855d27acc5b03fb96e379d408fa2ff569f8940063c349a733e794b6d

                                            SHA512

                                            c6c3282fe894cd9850d3a048753667d04008b06d93452eeb2e01f270eed08da576968f30b6d098a128f41ec26c168b88375f7b2e41d0028cc06a1a4c8bacabe3

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            bb5d00a0fc561665667b640f3a03aac5

                                            SHA1

                                            1396f29b6e92f7390d5d220ea38cfc43f6f4c29a

                                            SHA256

                                            aeba150dea0bc615f7dccf3ad37e7e0b7842aad4a82a97af17b388d53b561922

                                            SHA512

                                            d15df3ee6ab27300cadd8dab31da950dcce578bbfae36f93fabb598bc92ee4bdb610496e648f2384783df5001c0e7794eb1ca3be11de2286a6d11f6df6d25901

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            b4ee10d0a182e04f24a6e984f2125f41

                                            SHA1

                                            09c97804b04c5673bf039ea71f7441af8711ca57

                                            SHA256

                                            b5682526dc269bf19c5eab25b666e47aa77528bbfad54873f5ea7e167cff8690

                                            SHA512

                                            df114c0fa3afe95d4a55f21cd8e6ee6373918386679de60097d76797b76c4c0c16ec3970a650f6fd2e242efe019fb8a0f872b69d2aae25e499b1a801e2dcf73a

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                            Filesize

                                            24KB

                                            MD5

                                            54d8d5d412f3513b3c0f5d4f86a4874c

                                            SHA1

                                            bd77a00fb917760fc161fe3a4d87d67182225c77

                                            SHA256

                                            ed80fc26e71dc195ccf0e92873cd3f2d559c83a0acf763829e39d0b2921028a0

                                            SHA512

                                            8bff2beee1faaa562c6b332a0cbbd633ac52c6d60fda2e6ea81a888d3c6a85cb7e6f8ca5a111e61a6abbe20e5673ced2eb0295166bbc222b7cc29458515dbeff

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                            Filesize

                                            24KB

                                            MD5

                                            53aa92384f8dd229643647a024db8d61

                                            SHA1

                                            4c1434d5ad4cb0ae4b8bad2ee31f82ba67581992

                                            SHA256

                                            88831be300e64e2d65654f5667385f50a7c05925655a06ccb8252a161455e28f

                                            SHA512

                                            cf23d5eeade7ea6d240cb1b8e30adc2b4f0e1cf0359c802715caecc9855251b2a8affcc7cd0c7d57339164fd8af5dde4447f244a4be3c14d5d4f95990bf879fc

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            206702161f94c5cd39fadd03f4014d98

                                            SHA1

                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                            SHA256

                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                            SHA512

                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            46295cac801e5d4857d09837238a6394

                                            SHA1

                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                            SHA256

                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                            SHA512

                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
                                            Filesize

                                            41B

                                            MD5

                                            5af87dfd673ba2115e2fcf5cfdb727ab

                                            SHA1

                                            d5b5bbf396dc291274584ef71f444f420b6056f1

                                            SHA256

                                            f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                            SHA512

                                            de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            8KB

                                            MD5

                                            2174417c8733eb9af71ade8c082f69d3

                                            SHA1

                                            24ed7e4b982ab18040be1573090823826cb27672

                                            SHA256

                                            89a212d0ad979c4b9d4b79e92642a2d717d80489695c826ef312affe2780bc66

                                            SHA512

                                            a7e5c9076a1297b2758b97458967e0231752c73e0f2d6ea30800370d054b92b17853d0330c66970de037413f95e52c919bfcd38d63f878ae083ed39a223da0ef

                                            Download Submit

                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                            Filesize

                                            3KB

                                            MD5

                                            8f3d259b81d26140f4e265895b7f8d17

                                            SHA1

                                            aebafd804e3a19f57704d365a2db44bc6eabd11d

                                            SHA256

                                            0cd587fc874ac755a1f51126112abaa015b7603df8219140bf854e02b0d7dcd5

                                            SHA512

                                            464f88e602a285815956e1173571839b7af38c9c06a39e361a1da2706e55fce9e240c9b1a16429054531cab07e9d65490ae6c06e5c6fcfd74e466fa3a4e027cd

                                            Download Submit

                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                            Filesize

                                            3KB

                                            MD5

                                            7213ba4809952ee2f4f1bc14cbee4819

                                            SHA1

                                            63c23c8375a5a43dc8ba82eb6b1c23d8295103a3

                                            SHA256

                                            0c45f2c83e8fc5b3f2ee6a6387e125429bd0fad8a82e2c1f4252a5d21f7c8334

                                            SHA512

                                            111d84db67f77d70fea9af8184a7247355c75680ebd5e55bdc363766f2227b6804a87eaa528de33bd8b9789f345e99377562b5de7e13e54c6f36239e364cc27f

                                            Download Submit

                                          • memory/4240-9-0x0000028273090000-0x0000028273106000-memory.dmp

                                            Filesize

                                            472KB

                                            Download

                                          • memory/4240-0-0x00007FFBCFA23000-0x00007FFBCFA25000-memory.dmp

                                            Filesize

                                            8KB

                                            Download

                                          • memory/4240-10-0x000002826DF40000-0x000002826DF52000-memory.dmp

                                            Filesize

                                            72KB

                                            Download

                                          • memory/4240-11-0x000002826DF90000-0x000002826DFAE000-memory.dmp

                                            Filesize

                                            120KB

                                            Download

                                          • memory/4240-8-0x000002826DF20000-0x000002826DF2E000-memory.dmp

                                            Filesize

                                            56KB

                                            Download

                                          • memory/4240-7-0x0000028272BC0000-0x0000028272E8A000-memory.dmp

                                            Filesize

                                            2.8MB

                                            Download

                                          • memory/4240-6-0x00007FFBCFA20000-0x00007FFBD04E2000-memory.dmp

                                            Filesize

                                            10.8MB

                                            Download

                                          • memory/4240-5-0x00007FFBCFA23000-0x00007FFBCFA25000-memory.dmp

                                            Filesize

                                            8KB

                                            Download

                                          • memory/4240-4-0x000002826F080000-0x000002826F5A8000-memory.dmp

                                            Filesize

                                            5.2MB

                                            Download

                                          • memory/4240-3-0x00007FFBCFA20000-0x00007FFBD04E2000-memory.dmp

                                            Filesize

                                            10.8MB

                                            Download

                                          • memory/4240-2-0x000002826E880000-0x000002826EA42000-memory.dmp

                                            Filesize

                                            1.8MB

                                            Download

                                          • memory/4240-1-0x000002826C150000-0x000002826C168000-memory.dmp

                                            Filesize

                                            96KB

                                            Download