discordrat | hxxps://www[.]mediafire[.]com/file/xfcr8s986iv9d4r/pdesd[.]rar/file

Analysis

max time kernel
301s
max time network
298s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
16-12-2024 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/xfcr8s986iv9d4r/pdesd.rar/file

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxODE1NDQ2NDI2NzM0MTgzNA.G0DnMn.E4_5VqFZFrJgJ8e5y8ZT68g7P7sambdvcg8KRs
server_id
1318042721855868938

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 1 IoCs

pid	Process
5568	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
179	discord.com
188	discord.com
189	discord.com
174	discord.com
175	discord.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\61932087-4037-46ba-bb5a-ffcfa29eaa7d.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241216104141.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
864	msedge.exe
864	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe
1448	msedge.exe
1448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	5528	7zG.exe
Token: 35	5528	7zG.exe
Token: SeSecurityPrivilege	5528	7zG.exe
Token: SeSecurityPrivilege	5528	7zG.exe
Token: SeDebugPrivilege	5568	Client-built.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
5528	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 3476	864	msedge.exe	81
PID 864 wrote to memory of 3476	864	msedge.exe	81
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2360	864	msedge.exe	82
PID 864 wrote to memory of 2912	864	msedge.exe	83
PID 864 wrote to memory of 2912	864	msedge.exe	83
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84
PID 864 wrote to memory of 2400	864	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/xfcr8s986iv9d4r/pdesd.rar/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff102f46f8,0x7fff102f4708,0x7fff102f4718
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3932
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x158,0x254,0x7ff739f45460,0x7ff739f45470,0x7ff739f45480
    3⤵
    PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6636 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2770896889020989962,5214370743539697415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:5156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2848

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1804

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\pdesd\" -spe -an -ai#7zMap30449:72:7zEvent7960
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5528

C:\Users\Admin\Downloads\pdesd\Client-built.exe
"C:\Users\Admin\Downloads\pdesd\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b85cb68afaa0d8799c2ca52837081a

SHA1
625beb796af60d315feada1271934d08e1a55442

SHA256
4483f93f107e9eca43c552d8d3d070572c249578fba12224b6df60d98dda7b5a

SHA512
5e8bbb8fbe83fe31c9fa0df1855c8cef9fd6ecf164f5d8bae9497f54858a95fe1f6228361953ef2b99063d204142046872991450c94540c913bf530521ce76ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d57a449c855203411a38d5ae80bc24c

SHA1
b361032efa556fc4557bbad595ce89c4b0c13dba

SHA256
bb59bab10e406cd91bdfe4fc0e8ce2817a6ca32fc731ccb3f90b6b79c1a46c21

SHA512
8d4244dc9c0e9518cd71aacaa54d43c1e2d74519e3e692160b2b040d00aac25c4ba7a5705391e50957d46c8c711dc07604effea3bc06c8956ecf717f61008da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
77fe0ce7e1f9c9ec2f198ad2536bf753

SHA1
2a366472f227a24f3c0fba0af544676ea58438d7

SHA256
c69ca7653724e1e9e52518de8f4f030813e1431223d5b6ad3270531d8df89f00

SHA512
e8d4e17b93fb19364eeeffc5b1016fdbe566a8b8d702005291ff263367840b8ccc76290d8a3ad457d40fb5d1c2204bdaa5acba9374236c77935ebb0fe597a095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
5981bfca5a931eaefdb70e128bf61e5f

SHA1
93064a352c29b8d74137c4e0e726c9fdbe1ba3f8

SHA256
b65bd1248ba532774066394ccf1ba1465b3f9067ff391b1f15bfa8fd5c839380

SHA512
040b3eaca889da99a405ec153bed1eded8ed056b7135cecad3ea201a8c57fc6f29299b606f84d215d8f51131b39adea4f05910cc1cb92d4c4fe09f45f64adb44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
360919031be7c83a1e2689df768ce2f3

SHA1
99b1d0cf5d4bd625f69c89cc1533d4b3891afb41

SHA256
9928211d3cee16a2988a655e7cffd20c01ef4eec79c5fff626c2631c672dc6be

SHA512
51d9f0c54783d09aad2a8616c266e45c4661752b5342353eea980de84c4590ee76865b6ab902b814dc62a6253de14dfd82ec36b9c5ae9a2616506c733eb21dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
35198608cd34c85035dff77fb6875fa7

SHA1
fc915a065e2b191e77b5945180ddfef2d57eb86a

SHA256
5bfb2d4fdd9f6b01c662d5f6aadb8e8fc00f4d4720abd44600e87da65b41d0c3

SHA512
10fea3a3078697a5325526e61241f7f1a44f9749880694c2472fda1344953ccf070b9cab7df7edf348b1984934fb5e9ba29debfca0e8a9198bd560abf80efa3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe581548.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2cad94293e2c161d5aea3d98e22c651

SHA1
aef770ff7a322de50cf05dbfb05d31c2795eef1a

SHA256
a647aa808e9376926098d581359e6ad8d0f01d6f8afb7419a7151982c1378ac2

SHA512
203272a42066828b97ba6b50d6202d0ec62540f5d44aa549a40fba0a79f6a5d50147bc27ca46cc621274721aad1369da33dc7079b279a82411fe099bfba372bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dea469435a2f962af5674618da843749

SHA1
95288262d47171be98763091e974f6ae00284a29

SHA256
557bbdb5f61879457a5f31d78e0b599b7161ed55212978b60adc8cb70908a260

SHA512
6ae011bfdbfb84049c8921fbe3b15d81ebbeffed403aa43b65e779d46f01b87694f08502655048a000c26bf051a7545cf488b48a5a9da523b98d92bf78cf92fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
796323ca95d50830342f7043dffa859c

SHA1
f93cb8f3dfb9d844e8ae4000e3a9fa7c583a75bb

SHA256
58c8ae60dcc625293dca57cdcaa415836878652c6893f43f254f759bbe9753c4

SHA512
b0aae523d1b9bce213cb3a06c804398ffed7dbb5374e6bdd3bc4315b12320294638af180d54f7a23e8ba7defd81267da4c7eef089024b1a6e2bdddd63a9b1e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9b2345e425acf05ffaa1dee20d4fdbe7

SHA1
aecf86c5a5d24b77aea68f6bc99e7f42c9048bc3

SHA256
1eb6cc0eab0b222c1111dba69db74281366b9f5dc9f8707ff215b09155c58d14

SHA512
647fc97d693b709ef3b0877b6de1d4f9f4e1085d35b809d27360ede1be52b37f9a967fb80ce43be35d60b52409c7e4036376d7d931c96f0660a2eeffa58a8208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
77006dacd174a80aa9b867f95d5df337

SHA1
7078db638c72ee5cf4ede7911e4421cc4ae103c7

SHA256
5e22af33da2ed3f3197d9c899a8fec5e2716b54be019c484cd59960da8f143d9

SHA512
e8268ed24af38eaebda4cd864e5580ed1bb63e3e4b72a27fe3404baeb7c8c944a7e79282712ac9d0b33f0123654dedb1984633d6ae2a5b412d6536e2b0389bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5533741a790d59256a1bbb92e19ed93f

SHA1
0921deb0f276a6448648f82b18389901968696e0

SHA256
379cf314b16ee4322afccd63eabd6c90c570817e0cd4ccd266ad6ce73bcfe332

SHA512
2160cde094ec744e1c941061d26f37c4a46c61c3ae0c3377883a9a66bcefbe2d8b32650d4d6783ddddb7127f90d833467b08b0f0ffe50d6018b3a09dff04ee0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
95c8d9ce80391a06369d55488eb475aa

SHA1
a991990aaac464bf8097bc7d70255ed1c1c96022

SHA256
3caf0b0ab65f1631810b828ff4e069e6cd3ba371f51e1a9715da1a0ccae5666f

SHA512
e4dcb8bac0854da5ff017afc8d1d0cd77fb29c875c99360c81a8bfce80f3e6dae77384e37ff6cd575c3919aa60e34edc08e36149569a4653217d1cccef65dfca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
022775467c6b5d67ac31eea1740ea087

SHA1
d6d5e3b3e0cebddf873157f4273cc9caf2532845

SHA256
5f2ad35ef07acd2027a5bf656c7b4e5dd644bc62871323f4bb18f581ecd0a8f3

SHA512
8a5f50d233cba40ff626086ebaaa2fedd61869bc929298b13508e454c0c2ca9b9aa2307c5605090264a375f88ffaf3cd1eae9cddc3a2836bd1be801539fa7e32

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c90e618be7ac81d72f0ccff2289ec6fe

SHA1
b9f9e823dc0b0199cb3016d26e9e427bb13d0bcc

SHA256
f81ac6c267c920eb944f68f9f9ac92a7600824c9f229854b2116a59e8a48d81f

SHA512
a410ae4f0109bdfdd11e079d61f0950b215fa8a8b741c142ab39aec0c4b4366267ac4fb913925c3a2ed568fb58426905765b363640a63b46689adc6e257c3c33

Download Submit
C:\Users\Admin\Downloads\pdesd.rar

Filesize
26KB

MD5
496e3e1ae0aea6eab8b0892161aac84c

SHA1
e87afbadc1949784b3acd712e1a8b8b6b3e51656

SHA256
10f7b677c8a8d7cb416d789e6a4a87fa436b44f8f88c5e387e059272f94c2244

SHA512
ec7f5cab17d0cfcd228d1d98bde83baff5648810c6e81891305ed6212ab52bb7a110a13b3f7a5420d11720a405060e95098db954f0e0584333e51858ae54c908

Download Submit
C:\Users\Admin\Downloads\pdesd\Client-built.exe

Filesize
78KB

MD5
3df228330073a0e62a8f6a1bfb0a96de

SHA1
b856b7df00469ef739cf29d46965305c974595d2

SHA256
915419374009c8a40b516bb5a7d037ca5a1c9c8752c3eff0d12c70352bb583b4

SHA512
3843ab4121fa4b620dfd1ada155a63957eab1836228c61869dda662e8ed984e3b2d1ef54cbada0905c5354e4822fc36c47cd961495a2399523875c5643ef5d25

Download Submit
memory/5568-464-0x00000118A5B10000-0x00000118A5B28000-memory.dmp

Filesize
96KB

Download
memory/5568-465-0x00000118C0190000-0x00000118C0352000-memory.dmp

Filesize
1.8MB

Download
memory/5568-466-0x00000118C1750000-0x00000118C1C78000-memory.dmp

Filesize
5.2MB

Download