discordrat | hxxps://gofile[.]io/d/pAnDwk

Resubmissions

01-01-2025 19:40

250101-ydk3yszras 3

01-01-2025 19:37

250101-ybzhkasqbr 10

Analysis

max time kernel
116s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2025 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/pAnDwk

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxOTgzMjAzMTE5ODE4MzQ5Nw.GWkycb.msamoYOx0fmOMiOjjEZEOdYX1UTPkrJYs49HEo
server_id
1319831476589559868

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2572	Solar-XS executor.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs

Web Service

T1102

flow	ioc
88	discord.com
93	discord.com
96	discord.com
99	raw.githubusercontent.com
89	discord.com
100	discord.com
103	discord.com
110	discord.com
111	discord.com
97	discord.com
98	raw.githubusercontent.com
101	discord.com
106	discord.com
108	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
2260	msedge.exe
2260	msedge.exe
3980	identity_helper.exe
3980	identity_helper.exe
2668	msedge.exe
2668	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1616	OpenWith.exe
5072	7zG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	5072	7zG.exe
Token: 35	5072	7zG.exe
Token: SeSecurityPrivilege	5072	7zG.exe
Token: SeSecurityPrivilege	5072	7zG.exe
Token: SeDebugPrivilege	2572	Solar-XS executor.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2676	helppane.exe
2260	msedge.exe
5072	7zG.exe
5072	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
2676	helppane.exe
2676	helppane.exe
1616	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 3332	2260	msedge.exe	83
PID 2260 wrote to memory of 3332	2260	msedge.exe	83
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 1336	2260	msedge.exe	85
PID 2260 wrote to memory of 768	2260	msedge.exe	86
PID 2260 wrote to memory of 768	2260	msedge.exe	86
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87
PID 2260 wrote to memory of 3708	2260	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/pAnDwk
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff94ef946f8,0x7ff94ef94708,0x7ff94ef94718
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4996989535570617728,15849346104557037662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:908

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
  2⤵
  PID:2056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94ef946f8,0x7ff94ef94708,0x7ff94ef94718
    3⤵
    PID:2672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Hackm Solar-XS ( Private )\" -ad -an -ai#7zMap32277:112:7zEvent7777
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5072

C:\Users\Admin\Downloads\Hackm Solar-XS ( Private )\Hack solar-xs\Private solar-xs hack\Solar-XS executor.exe
"C:\Users\Admin\Downloads\Hackm Solar-XS ( Private )\Hack solar-xs\Private solar-xs hack\Solar-XS executor.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
85900221d6c8af1b7645c23c62f9a26e

SHA1
6c6fc9ab3b94d82eb57f6a2b4187e83b2f02a786

SHA256
0ee80164364d095575e6399c6b27b33b07b168fe6621495c9e693b9c8986b40e

SHA512
5ed1bdecce1db263864f23264b74c87acc662d20c67db710a23acd979c43bf15bb359589686cca7d1126d78f3ee47c7a19ee071f259fc055ccfd8f67f56968c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
018ce745c886cb045fdbcd5d582f227a

SHA1
7796fb32795152606ac81a3bcb5fb0b7922520f8

SHA256
439321a4a107afda7ab7e8955cf84f3e357e47524902bfc28f74b38958ac2f45

SHA512
9feaf846cf780c5e152a485e713d6b9ada9e2182580a28cd4d1f0691a68d0fe49c56c91f9dc31a7fc4bbd3cf00bcbee3e300191804a817e0ab35577db84ca811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
611B

MD5
e2da75685aacbcb98b8ec7e165c71878

SHA1
0cfc6375ce84f9e14a66c15d5d956a6234ccb3fc

SHA256
3451e7608ac6f75457c415da6996f2cab664ec51b385e07c9994451d0ce8a0b1

SHA512
3f79a759852b513309a1141527c13d37cb8162eb3425d211430491ee675811a3493f1f1d2b6363ceffe55f1733d1504f5a2adf0afd3d3a64b5323ddcf2573589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
085ede7be452c136dccea29f4d74a1d3

SHA1
53f3608987d4428ab18d3a2924cc434aedbb21e8

SHA256
611790893712c26a881fb446a2cd9e4938105c49b4820799355e044d53acdbe2

SHA512
be1e501845edf70f09b430ba64b3273813a4933023ad6c4ac309b4623c92556bc15f558d5df73faf9aeff3951a18a4106e904471e3f43adfe1a34bb86e62a4e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81483cbdcf1f2eb2ab74a4f4d41a2357

SHA1
393f3741623849f0a9cfd6f9b69954bfc903c6af

SHA256
c1481dcd948914d64d8b8020a45fada258b0dea6b66dea3a1356be619617a64f

SHA512
d679c7d56d102cf0a2e689b7022bfdebec0404d26e2b3e9062fa0f555eebd0ae8e26c3b78d328c3f02b2e14509ec8552c69afabcc475c5688a6a74433f20ab7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6add8b12c70747844cc84014dcc153f2

SHA1
562385bfa8a0dbc428958a4f26ee689a758de8eb

SHA256
a8d0508fe0d8929df686e03a110fb9e1f119eb2083ca56400565fd76ac666782

SHA512
3de6e490dd789625ccda620d5f49812d6025fc29b9aeefdf5af97de4080fc6a262649c5ff36c0832e12aa48a440f93124a4e4d6818ebc9711f34c3a037efdd42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
6ef5d513aebac4a99736847ce0925663

SHA1
3778c16de18fd22e9b579001381a0a322faed2e1

SHA256
50e75ec9d57b31c66e6ec8b88aca6df5e7dcdf1af5dee0559294db8dd02a18e6

SHA512
31aec3cc4e0e26ec3b6e0aa9305ccfaee6de1b59b419a529dd3c54340c896051ea9a611538ae9f7f3a8c0bca896286305c1936cded89ba9c6259e926859fe2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584c66.TMP

Filesize
370B

MD5
6fd2912da8022f4e23833ff01a1dd01d

SHA1
f636ed9552105203eed8dc2049312d74df8b8c77

SHA256
47972ec978587f7cf9d79e0ff10a6ee74af65aad9e1e785f5b47de3ac32c6060

SHA512
6b213ef40b480828d6dc4a31a99e626db297a1bcdfc544102a9f36a08e042260b0b50a23e0e4e7bb4c0794195a4ce67b7d924a2b52ca782d4b9f655c3276d007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4262e4203eafe3af8aa727e21a9616ad

SHA1
c6d8110ae3a788b7525fcb650404df1dc2293070

SHA256
dc0f668dfc1afaad005507b53ae588d68531eb50d63a568937978da063976cfe

SHA512
dd0e9887346111f10d5574d6408e857e068f1a9320c7b7b3fac903ff9ec21a5e0ca685cba99dbe570e759aa22d761fb52f01a6be27aa4317f271efc87e9c8e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02a16a555d79abfca8dc997e73a93c37

SHA1
d3d7c85991b542619cbc9896b31dd7789591147c

SHA256
4b642a84c4108e8be992287dc496d320ed1577f3b333d9cdb68308e99c5f6806

SHA512
1789849e47466fe4441778401da4adaa614020ed6ac2e8be0617b9d6b830d0ac5d51f7fee9b08dd2bb2ce3763d4cbfbc76b50d829b98fd204a20fd2372310f9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c40587da8b7157c92a7146832061a28d

SHA1
7367c2f01fa47638148f3caec14c418c0cc4f3d4

SHA256
25bc0f04250ec3783b494ae7eff77735565cf5bf57db33c12dbeed99aefc6397

SHA512
1f912f1820f5d8eed7450c2f0d5f7998a7c59a759ef9993ac6c6a374ada407c747613059f0d7dfa86bf3aa0561edcaa9901ad990cda498ffe39540fbe3ec53af

Download Submit
C:\Users\Admin\Downloads\Hackm Solar-XS ( Private ).rar

Filesize
34.7MB

MD5
e1d9bdbcbb14959492846dcbd80e9bd9

SHA1
f1ae7dcef8147544dd69b3e1e1c533c24d4f03cd

SHA256
dc14221bd18b729d2c094f3579473a4e7d1940751e5b3a5a36eb55a5f992db56

SHA512
8b55239c53ac68c39e7cdc6896b3dde12bb291b4a084b4b52accdfe28769638ca69094b0ad49af1a863d506f507da58a0a3d8ddce483fa24a1c80623bb9e447a

Download Submit
C:\Users\Admin\Downloads\Hackm Solar-XS ( Private )\Hack solar-xs\Private solar-xs hack\Solar-XS executor.exe

Filesize
78KB

MD5
6f5224d8a524c1973d7597dd1d5ad73e

SHA1
c1141a548ad2b16fd645d5098ae11d53b6f8f666

SHA256
858d0da3b699fd91f1125e6c03b5d26b5d7f5d125a028e6ae54a1c7e029b9884

SHA512
9789c74ca2e5d75bca88a82f07ea6297c62daba55ad2350caf5c83fa13891480a08dddbd60a70c430f8033bde6861e32f931d23ecf979e1b9cb7173668bfd5f5

Download Submit
C:\Users\Admin\Downloads\Hackm Solar-XS ( Private )\Hack solar-xs\Private solar-xs hack\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
memory/2572-555-0x00000268FA070000-0x00000268FA088000-memory.dmp

Filesize
96KB

Download
memory/2572-556-0x00000268FC5E0000-0x00000268FC7A2000-memory.dmp

Filesize
1.8MB

Download
memory/2572-557-0x00000268FCEE0000-0x00000268FD408000-memory.dmp

Filesize
5.2MB

Download
memory/2572-558-0x00000268FC910000-0x00000268FC91E000-memory.dmp

Filesize
56KB

Download