discordrat | 48b7444debaa2637d14e5f4d399b0be8889e9db677f5b07345b734164ef4b848

Analysis

max time kernel
122s
max time network
123s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-12-2024 07:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DCPrevent 1.1.6.exe
Size

147KB
MD5

938bf40ee373fa092d955f8b2f748d25
SHA1

bbc21cba903d489841a831b79787e2b828429c6c
SHA256

48b7444debaa2637d14e5f4d399b0be8889e9db677f5b07345b734164ef4b848
SHA512

45afdbca9618cf2fc4aa6dfdcc0574f6784f634f5bd4799dccacc68f70b7132db6e5401744abf6ffba966ded52bcafa0bc63a525d6aa76054543b7ddaf4f3bb3
SSDEEP

1536:5vzvJDVcYyIwzfU6rD7zKhH4X/ASkC41rrguotbjMFBSwsFVNlFkE0Fd9oHZiJHZ:xRDGLNPr/ANC41rrlsoFBeFad9UmZ

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
2	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5600	msedge.exe
5600	msedge.exe
4316	msedge.exe
4316	msedge.exe
1944	msedge.exe
1944	msedge.exe
5656	identity_helper.exe
5656	identity_helper.exe
2600	msedge.exe
2600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3112	Discord rat.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2120	DCPrevent 1.1.6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 2780	4316	msedge.exe	80
PID 4316 wrote to memory of 2780	4316	msedge.exe	80
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 776	4316	msedge.exe	81
PID 4316 wrote to memory of 5600	4316	msedge.exe	82
PID 4316 wrote to memory of 5600	4316	msedge.exe	82
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83
PID 4316 wrote to memory of 2116	4316	msedge.exe	83

C:\Users\Admin\AppData\Local\Temp\DCPrevent 1.1.6.exe
"C:\Users\Admin\AppData\Local\Temp\DCPrevent 1.1.6.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff994b03cb8,0x7ff994b03cc8,0x7ff994b03cd8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1800,13176680216122800745,15553048115705874129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Temp1_release.zip\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_release.zip\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3112

C:\Users\Admin\AppData\Local\Temp\Temp2_release.zip\builder.exe
"C:\Users\Admin\AppData\Local\Temp\Temp2_release.zip\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
22a75e721551af2deb6d3f4bd6c83a6c

SHA1
ee60b12fd1f031e546901b4d58bd78aa2538d1e5

SHA256
c63ffea358b4db7c3ea67b902f485d8fc6c79538d475d4c5a5847f7e545bf6b5

SHA512
f2218667856802a587cadf6e41520ef0a93e82ce8992b383d7ba9d350a1b5543359803a3b4bbba1a7f7ab39c309c32d53a7e184832fc7b7f42759b5d2dd22027

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
39750f8b2c70fbd8a5e3789b37e725d2

SHA1
0504456e14e200f260d43b3ed7d4723b4b651b75

SHA256
4c01d599a4961402aebcd0b260c2ae7a8fe2748a323853b9d5a0f6011a3bb94f

SHA512
279796d77a14dde33359f8051ecab274a8af7eb2417f7be9b06d22babe35574bb2339dea751d092ad0fb53e52269acb7dfbb8e91bf87d92bb0e9e82f9bbeee8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1cdcbe3c47cfc7f5e947c931c97d0672

SHA1
c7edfd24070f93cb2a13a7e256faef1dee9de67e

SHA256
cbc8a5fa9c93ea9a5d4cad270595bb9851f17cddb41c45863c085f741aa9bbfc

SHA512
8e2c9c8c791c3a29cd65bea2cc0b5aa9b6cf4524bc95b4a044e8339be52da02f4108e9261576cafdd2bf9509ca14f38996e908a007a26acc1e35bebbe07e1bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
193fc0e19a87e5868779ba409eb73b91

SHA1
54e97c849907dd9b390f366e85af5cda7edea888

SHA256
356c8c129a5cd4fcaf0f656e279ffdd0da620c3fa683bd8f80a4cb0338b60ee0

SHA512
e906e3c562681f60b6131d0397f7ff82c51e37d7f7c94ace84c70888cbe432ef08bc8f6163ac52b6ae0be144422af8a79d1d75c970836076e14d49e5eae272b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
788B

MD5
3ca3c28f3ec92873e18b9d03266b272c

SHA1
4cac4652dc75579b6dc26958e882f7dfaab40360

SHA256
59e4c010589613c8f1194792b2da6ae5bed99b6f301cb4f090994a6054604312

SHA512
316e17e6f8382dc9568c284dca3b9eaa864732d2f8637250614770859ae64dffa5424a822fae4d2fb5ed1ced297886b87ae4442a0835740a70e199dc5d321c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b839f6b60e39b1a0a6e59f26b461c0a8

SHA1
d0b2778bbfd87ff89ad6b32b57b1a41fc29215f9

SHA256
fc6d80c7c99df3952854858f6e83db63664c545b6e02c414524f9bafbac8b8d0

SHA512
141d47e12f33e30e88d61e35b62d2a919021f92d0299619032fc9005e454422b08e0c76bda94cb778c859dc438198a8105a9766683e7e6b3e48fef2d2d7629e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17eae1d96771e959325a777bf4f8da8d

SHA1
7e76e9bd01ff5cd730a8889ead92c371c271b2f2

SHA256
6148b4f8383c86970579e2f3d5cdbe700dd02b0bf545ab6b66d11f233c7dd98a

SHA512
709039c5ac572c58ab05fac1ae5f189eacd33c9cec4e6c9204dc355bbe727173b27f13a705250905c0a8624986da54103d6b65768103fd343e06e56c2e8675ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e92b30ab0358d8bd2e9b52af22341ecf

SHA1
8be778963ba0b4391ae4377121ef5c62a8d22999

SHA256
26aeb8b59b04f36b3625c3f40a3ba12e513c424baf9187aba1ba0325a32c2e98

SHA512
69bb192c0cca1a6facc381acb8b80a8e557e11952725ea33283b8b6ab415cd654677254f146abfe12871334196a29fdb71f6927b2b82a7df0298eff62e4ce55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee5de6bf7e260d7a6c688fc42a57288c

SHA1
203d4f1cde5d2a4195dfa76d2a30836a33ece939

SHA256
9471e1fcaa40abb1e66bf0d0b5def5667f6431b691a65518009a10aee3fd2d4c

SHA512
ca125b300c70e133f44d7d7aa0cf40045568c4fa659400fbb72a9195fbab540b6717ab844164603257d68af096f7a9210cf7b0f5a0a503c54db45507b0c08fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586c80.TMP

Filesize
1KB

MD5
c4571b035c81f62423b06b1cb62ad818

SHA1
d29fd03dc60c8e4851125fd0d50fc7c84a3f1329

SHA256
78263147a26d61eb7be48840e10ce5987e11f4588154b7a5bd996ab473f09caf

SHA512
53d4373eed17faee18508bc42d935bba710d2e3d768ebccf81429e4135ebc6c8bba4cedfe0887fb70d92d4464deb06a46a873a059b1a71a7511f9dc56b51b837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b75710867a6038bda7b91967d7f29014

SHA1
c3d48d0231c63994d4d57e50fd8f7d1963255f2c

SHA256
a8def7c30355d99226da957b4d3a670388c37fe9fc4a7fbf0dcad32945c039df

SHA512
f6e1549dde0b0b52c1b70bd3ed1d4ef113b039eadde11fa4b2c2aa3fcef62bedbf17b9520797a205e608abe6f962c23873a2d16badb1aa0d0d046ccbcc1ff3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
33e34fd8b3c2bff17dd0a905b7ad32fc

SHA1
16d6756c77d984ebcd567c6a423860e37d81b47e

SHA256
9035c35b995681de901619fc8ecea007de1dbe578435a00cf44a8eddf8b44a80

SHA512
4fa7cc381bba31d9e047da60f122d8f9b175bb2b75bd10557b486e1e6d9b7e7ee74986acf816d03e80a7b323196cefac0c1540a66acf9b49b1682ecae41e932f

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
memory/3112-373-0x0000024BC4440000-0x0000024BC4458000-memory.dmp

Filesize
96KB

Download
memory/3112-374-0x0000024BDEAB0000-0x0000024BDEC72000-memory.dmp

Filesize
1.8MB

Download
memory/3112-375-0x0000024BDF400000-0x0000024BDF928000-memory.dmp

Filesize
5.2MB

Download
memory/4592-400-0x0000000000860000-0x0000000000868000-memory.dmp

Filesize
32KB

Download
memory/4592-401-0x00000000056F0000-0x0000000005C96000-memory.dmp

Filesize
5.6MB

Download
memory/4592-402-0x00000000051E0000-0x0000000005272000-memory.dmp

Filesize
584KB

Download
memory/4592-403-0x0000000005370000-0x000000000537A000-memory.dmp

Filesize
40KB

Download