Overview

overview

10

Static

static

1

yes.png

windows10-2004-x64

10

Resubmissions

02-01-2025 11:16

250102-ndlpdayrhs 10

02-01-2025 11:04

250102-m6qy5aypdz 10

Analysis

  • max time kernel
    567s
  • max time network
    569s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-01-2025 11:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    yes.png

  • Size

    158KB

  • MD5

    2364ecb2d3966d365806878891a7cc00

  • SHA1

    35c38f9e237a3b942c16f36c90292ade83ab496f

  • SHA256

    aae7699b056e19bc9fd9ba3c5aa7571c2505cdd50108ae71b9d31fc690109c82

  • SHA512

    2b8d46a63b1843cb44516a4632c1f689b25a1e55610762534e875753f98b367c814dc5981d88edb562c21f18d9f5dfa9432f8997ac380af02b79f0ea51357859

  • SSDEEP

    3072:YOSE3N6QqCZNm3HXTu18hI/+g8MWqkPctocnlN7OEMm066SfTwFd6VFc2UTQ:lSENqwNOw8hVF9c2clN6EbUAg3rTQ

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxNDIxMDIwMzQzMjEyODU2Mw.GhBlwt.hbO8GJn91vND_gEg4AT5Lp73JGjBNWLXYoOV6Q

  • server_id

    1314209193804435509

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 21 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\yes.png
    1⤵
      PID:2808
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4084
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0x7c,0x114,0x7ffe6e0646f8,0x7ffe6e064708,0x7ffe6e064718
        2⤵
          PID:3596
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
          2⤵
            PID:3328
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1324
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
            2⤵
              PID:1032
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:4164
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                2⤵
                  PID:3648
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
                  2⤵
                    PID:4188
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
                    2⤵
                      PID:3408
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
                      2⤵
                        PID:2188
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3088
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                        2⤵
                          PID:3440
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                          2⤵
                            PID:4460
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
                            2⤵
                              PID:4560
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                              2⤵
                                PID:2432
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                                2⤵
                                  PID:3168
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
                                  2⤵
                                    PID:2808
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
                                    2⤵
                                      PID:2228
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
                                      2⤵
                                        PID:1328
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
                                        2⤵
                                          PID:1432
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5328 /prefetch:8
                                          2⤵
                                            PID:1800
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                                            2⤵
                                              PID:1852
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,11573744081442857003,8211198309673275415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:2928
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:1220
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:4928
                                              • C:\Windows\System32\rundll32.exe
                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                1⤵
                                                  PID:3700
                                                • C:\Users\Admin\Downloads\release\builder.exe
                                                  "C:\Users\Admin\Downloads\release\builder.exe"
                                                  1⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:4356
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:336
                                                • C:\Users\Admin\Downloads\release\Client-built.exe
                                                  "C:\Users\Admin\Downloads\release\Client-built.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:3448
                                                • C:\Users\Admin\Downloads\release\Release\Discord rat.exe
                                                  "C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:2724
                                                • C:\Users\Admin\Downloads\release\builder.exe
                                                  "C:\Users\Admin\Downloads\release\builder.exe"
                                                  1⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:704
                                                • C:\Windows\system32\taskmgr.exe
                                                  "C:\Windows\system32\taskmgr.exe" /0
                                                  1⤵
                                                  • Loads dropped DLL
                                                  • Checks SCSI registry key(s)
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SendNotifyMessage
                                                  PID:2328
                                                • C:\Users\Admin\Downloads\release\Client-built.exe
                                                  "C:\Users\Admin\Downloads\release\Client-built.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:2552
                                                • C:\Users\Admin\Downloads\release\Client-built.exe
                                                  "C:\Users\Admin\Downloads\release\Client-built.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:4832
                                                • C:\Windows\system32\OpenWith.exe
                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                  1⤵
                                                  • Modifies registry class
                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:4800
                                                • C:\Program Files\7-Zip\7zG.exe
                                                  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\release\dnlib\" -spe -an -ai#7zMap17614:88:7zEvent7009
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:1672
                                                • C:\Windows\system32\OpenWith.exe
                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                  1⤵
                                                  • Modifies registry class
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:952
                                                • C:\Windows\system32\taskmgr.exe
                                                  "C:\Windows\system32\taskmgr.exe" /0
                                                  1⤵
                                                    PID:792
                                                  • C:\Users\Admin\Downloads\release\builder.exe
                                                    "C:\Users\Admin\Downloads\release\builder.exe"
                                                    1⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:1312
                                                  • C:\Users\Admin\Downloads\release\Client-built.exe
                                                    "C:\Users\Admin\Downloads\release\Client-built.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:4840
                                                  • C:\Windows\system32\taskmgr.exe
                                                    "C:\Windows\system32\taskmgr.exe" /0
                                                    1⤵
                                                    • Checks SCSI registry key(s)
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:1508
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:2284
                                                  • C:\Users\Admin\Downloads\release\Release\Discord rat.exe
                                                    "C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
                                                    1⤵
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:4204

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                    Filesize

                                                    64KB

                                                    MD5

                                                    d2fb266b97caff2086bf0fa74eddb6b2

                                                    SHA1

                                                    2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                    SHA256

                                                    b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                    SHA512

                                                    c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                    Filesize

                                                    4B

                                                    MD5

                                                    f49655f856acb8884cc0ace29216f511

                                                    SHA1

                                                    cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                    SHA256

                                                    7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                    SHA512

                                                    599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                    Filesize

                                                    944B

                                                    MD5

                                                    6bd369f7c74a28194c991ed1404da30f

                                                    SHA1

                                                    0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                    SHA256

                                                    878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                    SHA512

                                                    8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\builder.exe.log
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    7ebe314bf617dc3e48b995a6c352740c

                                                    SHA1

                                                    538f643b7b30f9231a3035c448607f767527a870

                                                    SHA256

                                                    48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8

                                                    SHA512

                                                    0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    99afa4934d1e3c56bbce114b356e8a99

                                                    SHA1

                                                    3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

                                                    SHA256

                                                    08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

                                                    SHA512

                                                    76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    443a627d539ca4eab732bad0cbe7332b

                                                    SHA1

                                                    86b18b906a1acd2a22f4b2c78ac3564c394a9569

                                                    SHA256

                                                    1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

                                                    SHA512

                                                    923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
                                                    Filesize

                                                    18KB

                                                    MD5

                                                    7d54dd3fa3c51a1609e97e814ed449a0

                                                    SHA1

                                                    860bdd97dcd771d4ce96662a85c9328f95b17639

                                                    SHA256

                                                    7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247

                                                    SHA512

                                                    17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    3KB

                                                    MD5

                                                    71b24787e2c69ff952bdcdbb49f6c765

                                                    SHA1

                                                    f34fd6ee3834536b4dd5d961d268def76c6862ae

                                                    SHA256

                                                    e8c0d7f0152e4e1177e4a1f95078e02ee354d23d0ab0e11434bdf48204b16b1e

                                                    SHA512

                                                    3762a21a58cb331e9b8cf9332ac624ed368cd5c7798b94fced15b54bfe8955ec6d61860ea7d04cac4c2b6fbd4660332939eb7d5123e113146b11ed3977e51430

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    857B

                                                    MD5

                                                    88f13ed05cb973642b7c40a1a1907ce9

                                                    SHA1

                                                    bef378e9224f25e3114c18abff3efb023f33a719

                                                    SHA256

                                                    1d35c7e23ca05fe2418c5abd8bdf8a1e2784ac5703315ca941fd2b64ec1219f0

                                                    SHA512

                                                    0208195c81a6324073daea5ad70644d3ff286d7f7d7852dc3dcb5f1c6afa1fedc7f8c1915fdef5f4554c5770663c1d702dd29dd9d2dc04cc66896d618175e843

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    7KB

                                                    MD5

                                                    80c2a38481130e377cf5d3e2144befb7

                                                    SHA1

                                                    34199f075e62d31176b922645f24084bfabed818

                                                    SHA256

                                                    a146896f92a0d8e28416c3703cd7d5c6816099c3063e6df34b519fa3d0364b14

                                                    SHA512

                                                    e1cb57c5b2890983404a6723171f167a62865f34045dd98d3a04167f65b6fe6cd4aafd74b146a4664237ec1c7916e9afb7ef4a802525d2d7b69ecd590f13f630

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    8c01d05852c968a473b80ff6406fe268

                                                    SHA1

                                                    e6b22d7d17e858bf7ab318ab4eb6c018fb399158

                                                    SHA256

                                                    26c9271be68b0a6c3f26159529174f079a2417983d662cdb3c8a3bea3bfbc2ac

                                                    SHA512

                                                    1c37b9f5f0733aaa8102931bcb4b4ce8c1575e73fbca7bbffc76006aeec6c8944de2ab6b286c3c801edab7057c09ef03fa62a8c5e2f9a77c37f41a8ab43e6533

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    7KB

                                                    MD5

                                                    a0830f818c7f1f2c0795415f0525c6e2

                                                    SHA1

                                                    82a68fe2d7ec0f8ff8833bdfb638f06e35b3b784

                                                    SHA256

                                                    30f7422f081a0da29d305ded009e9255ad8eea1f479b963b5a90d780686607d3

                                                    SHA512

                                                    c404f98550ce55a5fd56243e76a16d750025d8cd19b487fa957d63c3c4447cfa62d690bb34e72474f3c2d22f9d582dc034f23bf5f75e32c061eb76135b09138b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    7KB

                                                    MD5

                                                    02bd7d5c10059683c05cab65fb16d7f1

                                                    SHA1

                                                    ece7854fe70b37e66256cd56ec8eab181d14cef1

                                                    SHA256

                                                    aa8237b3e8a4e000af34c9da0e0fb331fc693910520ebe0e907138e71ada19fb

                                                    SHA512

                                                    ec3b14c1387b849b15b542e602d2e03e03e153873d9d23d2ff71f45d4142e75a40673fe42d61dfeb0b777bc6751ef771d28c437464b415bb726bd8bc266a59d9

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    9c93a886860a59b3eea9744c33303da6

                                                    SHA1

                                                    4ffc72865bcd7894dbfa53cc1c1ca5883a1703d5

                                                    SHA256

                                                    67a36742d79764156106f57d917e1df2a4dd81b81b31832947109919b75d7649

                                                    SHA512

                                                    3f2758e28942317eae8f804457e23d6f0ce79c176bf37738532e768e27e9a2ecaba12411becee6121defd729d725b72a9cab4b2474d2e5efd3d6061a8d22b500

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    3f1d9410cf7c21132abfeae9582bd55c

                                                    SHA1

                                                    c616da4aea1a7b38870516b8d925d034481a2f1f

                                                    SHA256

                                                    63160b6f98b2953eab7a71a76f7c8eab0466eed1c62b7cb6a2042acc4288813e

                                                    SHA512

                                                    ff4f74de557d526cc3179940bc3b81e9f68eefc308cb8c33c23ea6c12ef35f0d467f40622a0d9e74ba6ee3248efa8b5ebd7204ce6f8ac54c7a57a1854089d6e6

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    c2fef7df49b1442ced2eee6e3f8e6a16

                                                    SHA1

                                                    76e6b6af97e1aff6fbdbd5c2017c7124fd67de23

                                                    SHA256

                                                    cb0a7851fd7992c030702ebce90555f4fb793ad8573734160cd313c55b7f7f0c

                                                    SHA512

                                                    80ec002165ba5d3f7dd70d61d1e764a7a2ce6931ee06b05f143188ec3559d81215978eebf145d188fd40ced5f5a770deff77a10a98d24ca2d6aa298b77c7a9e2

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5800d6.TMP
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    9098976cf215b3b62fa6ff0fa93e1400

                                                    SHA1

                                                    1bc8cce00d587e6b19192276af6301759b412c36

                                                    SHA256

                                                    5d52c262f1543c5ba6d9b029b740a89572553558ac1a7818a724c5fb1543cf8c

                                                    SHA512

                                                    c4dff3e94273b759a94edac1a18088aeaab327c2645517f254f7db60e83e2052f4c208134afc3936312576633a2ca06c5ac347c4fa9b6261ee72ab0ce9daed41

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                    Filesize

                                                    16B

                                                    MD5

                                                    206702161f94c5cd39fadd03f4014d98

                                                    SHA1

                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                    SHA256

                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                    SHA512

                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                    Filesize

                                                    16B

                                                    MD5

                                                    46295cac801e5d4857d09837238a6394

                                                    SHA1

                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                    SHA256

                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                    SHA512

                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    a7b8cd1d4852ccfaa7dd2e5a4e74be0b

                                                    SHA1

                                                    9dd2b00420a501385bafca70d288ee8fa0f8b8bc

                                                    SHA256

                                                    7fdcac3f5a5cce91a6944d1a21e055ed9aa6fb8b2b62a2d810f3a211aebf4657

                                                    SHA512

                                                    9a07efd0831e60e1fc5df0f70657d450fd4c5046941eef205b326203160741ccf55f95c519fceddfef56fc11b70b226247ae55695bd46b72c072c76b72334ab7

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a97876c0-7604-42d2-ba9a-2323dc8cfe50.tmp
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    82ab3028d7c45005b41fb61b86cb6340

                                                    SHA1

                                                    30571213e6823b32b84af26229ceea2b959bdf71

                                                    SHA256

                                                    fd4e600abba66af4a7a9d9eca4a2da6de98c4d58f041f392b7a4045eca58d385

                                                    SHA512

                                                    7042afb82376c220e07baa0fb0f5818c2cd7f01b960061ed8802abc754cf81b391c452806cbd3363d290504dfa6004d286c64703f680adb39c874d113c697650

                                                    Download Submit

                                                  • C:\Users\Admin\Downloads\release.zip
                                                    Filesize

                                                    445KB

                                                    MD5

                                                    06a4fcd5eb3a39d7f50a0709de9900db

                                                    SHA1

                                                    50d089e915f69313a5187569cda4e6dec2d55ca7

                                                    SHA256

                                                    c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

                                                    SHA512

                                                    75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

                                                    Download Submit

                                                  • C:\Users\Admin\Downloads\release\Client-built.exe
                                                    Filesize

                                                    78KB

                                                    MD5

                                                    843bb15ce69606ce13e6887801ee1191

                                                    SHA1

                                                    8aa4d20ebcf8608d75cd00a74f55a5923c881003

                                                    SHA256

                                                    855e54fd1f7c04970e5405bdd07695b72e5f10550cd9e6cfd4cc9f0dbdb104ba

                                                    SHA512

                                                    da16eac39a5d0dfd6d9d50485217b4f32dc600fafb758f38cbf681a87262ba383883f520080ad23a4337979038d3845516e319fb827a5a8a6d3407e82fa56eef

                                                    Download Submit

                                                  • memory/336-611-0x000001FCEBC90000-0x000001FCEBC91000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/336-576-0x000001FCE3840000-0x000001FCE3850000-memory.dmp

                                                    Filesize

                                                    64KB

                                                    Download

                                                  • memory/336-610-0x000001FCEBC90000-0x000001FCEBC91000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/336-612-0x000001FCEBDA0000-0x000001FCEBDA1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/336-593-0x000001FCE3950000-0x000001FCE3960000-memory.dmp

                                                    Filesize

                                                    64KB

                                                    Download

                                                  • memory/336-608-0x000001FCEBC60000-0x000001FCEBC61000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1508-662-0x0000025C95790000-0x0000025C95791000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1508-656-0x0000025C95790000-0x0000025C95791000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1508-663-0x0000025C95790000-0x0000025C95791000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1508-661-0x0000025C95790000-0x0000025C95791000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1508-665-0x0000025C95790000-0x0000025C95791000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1508-664-0x0000025C95790000-0x0000025C95791000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1508-654-0x0000025C95790000-0x0000025C95791000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1508-666-0x0000025C95790000-0x0000025C95791000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1508-655-0x0000025C95790000-0x0000025C95791000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2328-626-0x0000020C8CF80000-0x0000020C8CF81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2328-635-0x0000020C8CF80000-0x0000020C8CF81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2328-634-0x0000020C8CF80000-0x0000020C8CF81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2328-633-0x0000020C8CF80000-0x0000020C8CF81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2328-632-0x0000020C8CF80000-0x0000020C8CF81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2328-631-0x0000020C8CF80000-0x0000020C8CF81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2328-630-0x0000020C8CF80000-0x0000020C8CF81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2328-636-0x0000020C8CF80000-0x0000020C8CF81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2328-625-0x0000020C8CF80000-0x0000020C8CF81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2328-624-0x0000020C8CF80000-0x0000020C8CF81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2724-622-0x00000257D6EE0000-0x00000257D6EF8000-memory.dmp

                                                    Filesize

                                                    96KB

                                                    Download

                                                  • memory/3448-621-0x00000207E99D0000-0x00000207E9EF8000-memory.dmp

                                                    Filesize

                                                    5.2MB

                                                    Download

                                                  • memory/3448-620-0x00000207E91D0000-0x00000207E9392000-memory.dmp

                                                    Filesize

                                                    1.8MB

                                                    Download

                                                  • memory/3448-619-0x00000207CEB70000-0x00000207CEB88000-memory.dmp

                                                    Filesize

                                                    96KB

                                                    Download

                                                  • memory/4356-572-0x0000000000B20000-0x0000000000B28000-memory.dmp

                                                    Filesize

                                                    32KB

                                                    Download

                                                  • memory/4356-573-0x0000000005A30000-0x0000000005FD4000-memory.dmp

                                                    Filesize

                                                    5.6MB

                                                    Download

                                                  • memory/4356-574-0x0000000005520000-0x00000000055B2000-memory.dmp

                                                    Filesize

                                                    584KB

                                                    Download

                                                  • memory/4356-575-0x00000000055D0000-0x00000000055DA000-memory.dmp

                                                    Filesize

                                                    40KB

                                                    Download

                                                  • memory/4356-614-0x0000000001380000-0x00000000014A2000-memory.dmp

                                                    Filesize

                                                    1.1MB

                                                    Download