discordrat | aae7699b056e19bc9fd9ba3c5aa7571c2505cdd50108ae71b9d31fc690109c82

Resubmissions

02-01-2025 11:16

250102-ndlpdayrhs 10

02-01-2025 11:04

250102-m6qy5aypdz 10

Analysis

max time kernel
279s
max time network
273s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yes.png
Size

158KB
MD5

2364ecb2d3966d365806878891a7cc00
SHA1

35c38f9e237a3b942c16f36c90292ade83ab496f
SHA256

aae7699b056e19bc9fd9ba3c5aa7571c2505cdd50108ae71b9d31fc690109c82
SHA512

2b8d46a63b1843cb44516a4632c1f689b25a1e55610762534e875753f98b367c814dc5981d88edb562c21f18d9f5dfa9432f8997ac380af02b79f0ea51357859
SSDEEP

3072:YOSE3N6QqCZNm3HXTu18hI/+g8MWqkPctocnlN7OEMm066SfTwFd6VFc2UTQ:lSENqwNOw8hVF9c2clN6EbUAg3rTQ

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNDIxMDIwMzQzMjEyODU2Mw.GhBlwt.hbO8GJn91vND_gEg4AT5Lp73JGjBNWLXYo0V6Q
server_id
1314209193804435509

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 2 IoCs

pid	Process
1892	Client-built.exe
2244	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
82	raw.githubusercontent.com
84	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
1904	msedge.exe
1904	msedge.exe
1676	identity_helper.exe
1676	identity_helper.exe
2584	msedge.exe
2584	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1892	Client-built.exe
Token: SeDebugPrivilege	1828	Discord rat.exe
Token: SeDebugPrivilege	2244	Client-built.exe
Token: SeDebugPrivilege	1556	Discord rat.exe
Token: SeDebugPrivilege	4260	Discord rat.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 1756	1904	msedge.exe	101
PID 1904 wrote to memory of 1756	1904	msedge.exe	101
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4844	1904	msedge.exe	102
PID 1904 wrote to memory of 4636	1904	msedge.exe	103
PID 1904 wrote to memory of 4636	1904	msedge.exe	103
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104
PID 1904 wrote to memory of 3528	1904	msedge.exe	104

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\yes.png
1⤵
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffda3346f8,0x7fffda334708,0x7fffda334718
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2992

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5060

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1892

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1828

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2244

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1556

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
38KB

MD5
c7b82a286eac39164c0726b1749636f1

SHA1
dd949addbfa87f92c1692744b44441d60b52226d

SHA256
8bf222b1dd4668c4ffd9f9c5f5ab155c93ad11be678f37dd75b639f0ead474d0

SHA512
be7b1c64b0f429a54a743f0618ffbc8f44ede8bc514d59acd356e9fe9f682da50a2898b150f33d1de198e8bcf82899569325c587a0c2a7a57e57f728156036e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
18KB

MD5
7d54dd3fa3c51a1609e97e814ed449a0

SHA1
860bdd97dcd771d4ce96662a85c9328f95b17639

SHA256
7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247

SHA512
17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
37KB

MD5
56690d717897cfa9977a6d3e1e2c9979

SHA1
f46c07526baaf297c664edc59ed4993a6759a4a3

SHA256
7c3de14bb18f62f0506feac709df9136c31bd9b327e431445e2c7fbc6d64752e

SHA512
782ec47d86276a6928d699706524753705c40e25490240da92446a0efbfcb8714aa3650d9860f9b404badf98230ff3eb6a07378d8226c08c4ee6d3fe3c873939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
b9cc0ef4a29635e419fcb41bb1d2167b

SHA1
541b72c6f924baacea552536391d0f16f76e06c4

SHA256
6fded6ba2dd0fc337db3615f6c19065af5c62fcd092e19ca2c398d9b71cd84bf

SHA512
f0f1a0f4f8df4268732946d4d720da1f5567660d31757d0fc5e44bf1264dfa746092a557417d56c8a167e30b461b8d376b92fbe0931012121fac2558d52c662e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
16KB

MD5
5615a54ce197eef0d5acc920e829f66f

SHA1
7497dded1782987092e50cada10204af8b3b5869

SHA256
b0ba6d78aad79eaf1ae10f20ac61d592ad800095f6472cfac490411d4ab05e26

SHA512
216595fb60cc9cfa6fef6475a415825b24e87854f13f2ee4484b290ac4f3e77628f56f42cb215cd8ea3f70b10eebd9bc50edeb042634777074b49c129146ef6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ae644f27170ae5_0

Filesize
66KB

MD5
7b237b7fc7f03a97fd90c27be0bb7998

SHA1
31885cf85ef49571cd68b60247f6219d5814b0df

SHA256
497f7553c01c07af854b9c0b35994e777f42d7a16a9faa7ebf36f7dd9d4925e8

SHA512
5adc4dd1c868bdfddd84cce0fd680f5f546460a6b1416f33c523cdd0f554752a356e7821f3640f5d20d7cd4e59a3e30afee6c8b94d412348413fdd5f0a88ec0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1986e3be1e85e903_0

Filesize
10KB

MD5
d960f390d13c482df3cd86be32c5abba

SHA1
e038795347d6b47016d8ff1a9dfe557c0edc1983

SHA256
442245aa15f351bde09f9c6aa329424c8c55b26c6d35eb8640033a42807fcdc1

SHA512
ddf6ca6494a44feae2127eda7183c009f976292b2cb8c14303eff3de87f240abf9b69c2bf8a5088bc009792000ceaa33184c14629d3ac83f7bd26140a7a9c2e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30777ab506872f93_0

Filesize
11KB

MD5
91ffc1a5305d15258ddcdaddc9c6c659

SHA1
ec342267b148ca6fe3a8c7003b5ba372727f93ec

SHA256
703aaa9f74d3d333b05911a4691e139a63941ef33557b5d950442ee4fd5a3189

SHA512
87a62d8c2d6c591ed360ed4034fd61aeab5008486141941dca632e892bc96481b62803287aa06dd6819ef16a5213e2a57d5256cd432658d830139ffa84b4d1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5007460b01db9911_0

Filesize
3KB

MD5
501f3fca8c523c8ea53cddb940053f77

SHA1
e50e4607a14801d0f1ca2c6f86b2868854e65715

SHA256
7c4e5acc8b2def87e9c71c58445299b9412109c30820effac27d55e7abbf9be3

SHA512
8132b75f61d6596512fc8a018916c5a0f552ac1dc2a935467886f669f2e11f9646093d9c8973687ffb7923b3438f7c8cd8c9d61be0b37991e48c566271295813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\60ad945ff317ba79_0

Filesize
1KB

MD5
04a723da665c7773a1358053457bb7f8

SHA1
5e28926e5db17ec05dfc49d88f1ba93bbfc3fe04

SHA256
05bb0c9f21e4789d32ee1e005a1c8952047c24a64e9615cf7b561db76f59f5e1

SHA512
41850e01e2a324eec35424786db50e227f5c1ef188c2bcb16712e0a65aff35870ec0428d840ed768e118d8491a3c901470fdb0dde77bc264130ef94ce89b7ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d0b78a7984afdac_0

Filesize
2KB

MD5
fde833c3c4c0277a3dd6ddccfd9dff3a

SHA1
7c24f3fc6fad9491127dac10b1232319a3c8d4b3

SHA256
2a5b8b37fedc845f4a8d886b1daffe3f6d85e2f8f0e4c2d9a02cdc4780d76d18

SHA512
9dc42ae64c2f0670ade1e196f107dc7adca9912c0bb9678c7356bfaf740be8845e89313bb45458ace2038e105a7ab66830578f096a185733410c245a50cb9392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a214c140e638714_0

Filesize
2KB

MD5
47ce3cb257b8fa2a658150f885d079f3

SHA1
fa41aeb23447592c62d708b696aee7b7590f7544

SHA256
98e414c5effe21440c5b4034e3f7206e21aaff84758576155ac46cce98ee737d

SHA512
ba9c2c292b941110024268133dd8f3336b39b0ac65df6a96f021082ef21b7047eaf3b9ea25c9c9e2bdacc0a75c55ee60a7d2a15940547c4b559687ec211e2a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a3bf0148b593098_0

Filesize
313B

MD5
75c9f4788bb3ebbc44a25b6dd92a32cf

SHA1
1fd702a7f860dffd9d2ca7a91c9b7013ef4af8d6

SHA256
65d65324e70e0a9664c0c64b5f12caae8328051897c1ae0c8f07dbb9eb250110

SHA512
cddd32a7ea18ae07570b8700488ce9ec127327a902b378f3ad466bcf28ae43ba2a3ac493866683ada8bb5567c7943e88ce152e904a3edd4d77614e287127b19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8f9fd988dc5ea5bd_0

Filesize
1KB

MD5
a937d53e52fb66a5dc37590951a1f213

SHA1
ab0998790d8737d6fd16eccc64196458804c72e2

SHA256
6ff2a60e3221d122ff9bb349786075450e11d658e1832343a9495aa601b1fc49

SHA512
1eb261418c05f157f69fa309a27443acc4c3f70f3749e669a9dea3def80cb08801bf20fb66806d8743e7f540a36a37027d509942c207b1d061852aaf75c29561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a994b1febf13f031_0

Filesize
1KB

MD5
6e93ef94f2844515ed6fef8d7ac48d0e

SHA1
fd80a02c2462666bff5f3772bcf179caab0d609b

SHA256
8e2fb68e8fe01b0836569f5a50b5d1994edc15ecc4915363b7d9ea8b0b770b77

SHA512
df3d4df9a506888de144c72aeebeef2d3ae8cf0b96c87283a2ba0b8da208dd4292637196b6113fd599c272e882fe65acc786215683f77af1887ffd63e89bb65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b21011e866401381_0

Filesize
2KB

MD5
ded199ea46548c8a9e40d924dca9077e

SHA1
7b6c4c6f9e02eafefd1ff0055205ba23d7d60f33

SHA256
316d8e880cc926f8a394ae7f398545e8805f4ce0808caae8b03864ac2855749b

SHA512
a81a79dd152e73450a413d05c3f86b9d681e3e77f61ca01c5500b47e4ff97ba458209ba10e2fd5277734064099d6bb89e30a949252f2d038de9610a64b76dbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb73c6570251aa2d_0

Filesize
34KB

MD5
b01b34419dacd170a68a53d08e26b4f5

SHA1
11d2cb43efdb152e5f460c538f8b76bc8b08c17d

SHA256
31d3bc34f7b793223f88cb10d83ed1586ac054c4dee5bf43dc18f16474eeb7a3

SHA512
78e8799499e493fc1e276b0d6b591e149e2d61cf70df0bba9048325f992ec8da1e22855adf86a6242aca5189b9651ef68e0649482efda551d1bd41dc3b77f1a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd0923a2b87def10_0

Filesize
2KB

MD5
337a85a6fdc9d8bd51cd5071f5aa5ab7

SHA1
1adb54844c56ffa262a75d8528ed151083d156cb

SHA256
1115e88bac0d6777796e6b7919fd198511f6b2df88699c4c96e007629cadf3b0

SHA512
44c8247cadf8eed118f103047f57c27db5a69a2a7513aff00db24f0c760fda578d387dfcf8b6f3eb66cbca78a06ccf703393bb1261fb90ae3059d364caaada9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee08c28427b16c56_0

Filesize
1KB

MD5
e21edcd332b22cfc6fb21f791db40d0e

SHA1
b1c8f5dded84ba9e9675eadf03cbb828bc4b2887

SHA256
0957ae495c36e8be984c3082a78d9310dcf362abe3d2713d2aa6036015961842

SHA512
3baeab84dc5b0f2b826aa40434d84c14015f4f9244a89c7824caba83fddd5bcd88bd24f1d15aff3fdac44e817e257e9108bcf4503d522d97881389a3066b8614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f1c02dd72d05ea5e_0

Filesize
6KB

MD5
e9cba45fe6fb10a84eac2d7fe4769b64

SHA1
712da7fc62396d92a358b3696627c09c117eb409

SHA256
9470b06d45c76f636f76308572574bd0e23d1a6e1307f973b918a3872d082def

SHA512
37eed7ad91305f4db6402fa681738138605a17a2210f67349100535cfebf76ed5906e779b5b14bfde5166e017c2342cfde109c6194dacf346a2c21f3c9e64055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
23806a12f8975623cccf4503b9e7b387

SHA1
a40e9020bc8089b4973e1470929ef493cea0ee8a

SHA256
e77b14a6c1f07bf58112efd2d934458e8aa4bb4a25f7d0d7b432d38a14026bef

SHA512
9e7ba808f4e680a4357d90bdec28fc5c8fdf4ebb5a5fd4cc109292357690aca0f9e2b443859d579e600b2af49d88a8d4e81cb906b2591d2f3d844355cf14b947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5497b6a5413f425bda70e7c82cb69be8

SHA1
060718683d3d02a49f355f3ff53cc6cdd68ad855

SHA256
31d1a9311cfa5b5a472e46d6acd7293f8ba59c2e35028455f134cbe741e99bea

SHA512
39d547da61a1834bd4b3173b3840073bd2d70c27677c1c7e4c51d9f4c457edfa3879eb6e9d81e77c10ab481caee545b30d4a4d6b4d0ab3bc8778d239ea08ac9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
baa5d3f6ccfe4be91c8999898df52d49

SHA1
12e3f48cc27680a0296d26f74d0ad5a4354214c1

SHA256
0bb40fbc2363a1e758b351e7650aa6ea9cd71705a54ebce37ace629760da84af

SHA512
ca80e03cc2e470c3bf25b3761fde08e4a95a743b0ea2c2dced0ff59a4a43922cd494a8fefad82b9685ef8783731d64ebb2bcd451a36678fb8b0a169dd125512e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
940B

MD5
2fadd8261e349dbeb7072e5fc756dafb

SHA1
139af686a14cafb190dd68808740e34fb7397e3d

SHA256
8c2f80aaa7ff491fad20788532160ab63b5ab1e494cff439f0aa6056faf95716

SHA512
078f58d6e742b85906873816d66cd2674e6ce503bce628910727a6e4d1ad5d47d733dfad47187d36ce5648151fde5d7cb3b71f2a6b184da723a74e473ed229bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fd456458e5ddf2abde0a9f590799fee4

SHA1
032bf2d71a6376e643ad576bf1fe457d688c16f0

SHA256
6467a60c16ac9286cfab18c477564ac76a547bdfbdb118abe10e9a3b4bfcf15d

SHA512
3800341dd2902110aee88e24f771a4a1c078f68a56ec9f78a3c80bde3e5f477f3de6e63f02be8d442779e78f62fa176f3ca589647fd52ac3d29de22aa9228ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e61ab4c2147bbaff155d4bb4207bd908

SHA1
fe9d0e71df45778b5afddba62383d8c57f8f5cd8

SHA256
dca9ddbd9c616e2752071ef826f0351dacdb732a73c6a9f737a07b7595bb4f5b

SHA512
756538774efa7e8a75c72947e83b4d010ac4950e51b4e639e6aa1abc7fb5e646e772a5220d83864957d2bd6c7c696f5616d27701b608c17db6e59ccf5d7ca941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9c08c8b16b299db78e2033636231d337

SHA1
2faa47bef1104db15eeae8dae1a29f3d951e944e

SHA256
cee97ecbfd8a421ffef5a9bdadc41742d991738bd8a00108cab0b9b18432dfce

SHA512
35d7e0e35d6879ec29ecab973c9df68b2d6e50c53d75d8d479ede72bbbd0e914d4a595542dce0f375363c466253a98ab4dd777ad06204714f81137bf9e14685a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
29d193524404ed6f2e0b3b7f34f0ee41

SHA1
0ddcb06603894c781b84058b9008405e461d8b0c

SHA256
83054610b90cdecf504129ed13ab3916c9a3d6c603f0daa900b15a0eac37ef9a

SHA512
b998124dec8878d331ff975f5ce3a708cd68c2c7d7b257d2ef373611fdf10cc05ba855863f26ea4626bf2b3100b3285d3a0761010d8086b1464b4db379d7ca90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2635a4c2f70abfcf6468df9179889d35

SHA1
6e0a47150d1a930994c74621b15f90494c9dfda7

SHA256
f9e902a0530a5793be3da37fb6f872d37703a846ca1ad95a01036ee066d43e00

SHA512
cc99bde4c25296c95f91ca613f18ab425ca5ab0a1d650aa1fe6ffd071aaef4e2771db8e47acc2bfa092cbef0dc371ea6efad1755c7ef76a90d2143f84a775d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48d8e5aa7b241910c3a5abd909273196

SHA1
cdaadc083bf65c3ff0f5896b8a53b1c253f2e307

SHA256
c3a7074383759dc42d7a4e75135f24042a86ac5e5bcf4cb8d8c3f762b63086a5

SHA512
f5a133ccd9a4ae94f77d7e063f817de931b0d63f882aedf7b3e75d02831a42c3a89d57dcbbc80a81c2ffb17a6332ca0770fdd32ec8d9703450c40f369c76282a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
70f79d0a39c7dad17b9c584140ab4244

SHA1
ecf514442c6c601a25b5e9f3e3d5ab4e37de0e6b

SHA256
fa46c345b9b9e987ccbd22b1c8617642f1a58e941e8cb0c9d72ed999174ef913

SHA512
e110f02d483466dabe80653a9603306f009b0242742e8271a888e0665e8d377908f0f8d1e8be764f5e56272b0fdbd71560498aaf710383178a40805881bfbd42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
837145a56e83e638158fbc299865a22e

SHA1
f668dbe9e34055c050b41efa066dd9160e34490e

SHA256
64194877256dc2eba8ab6c9842da5c8ef9c686085ed96147a80286449a14b338

SHA512
58b0795dfabbdf6e30748f565035aca040e038cfca50eb95ac254df20b71076fa92de1c477e82c1f45db4146951158a3c2b4e37a53f2f84cbc85c6dc21e60fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12f24e201c89432ed627817501366d12

SHA1
e26601d3f2354357ddae09b60eba0b87f95773b6

SHA256
a86d384539b971af5814e9030092cd035d293b88481312fa348e5ceca0c6ca5f

SHA512
0438c46b0895c40bb4f27b701a7456db3e4bac11f79c37b654448db78e7582e11674faeb028aa482056801b5f47d5a4fa46a735890d33ac469aeaca3e1c58f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8a18967f9d8c63def1abf10c25fdb00

SHA1
5619b15546fa38be3be1277abf17a69d82b62ce3

SHA256
b8aa165c498d6f4aefc979ea09bf1cbf9eeafdd8c1db44fec6d6c943a92d9e50

SHA512
35f84b0c486d9eb0b277b5f4f1b3c4cdbad1f6c443299b6e0e23915ec8eccfbcc89600e528e9ee579649e9c461eaea353c8a3b0b2dc99ee3c2deb018540b07a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
deb1a7246f50175d83f8219aa045fc0f

SHA1
600f0f154506b1c4e7fe48bacc65eff78fffc565

SHA256
cb5d52025b28cc13f9efc809cd7f197d8044fdfa71c96bd60c5e416da8be7e09

SHA512
00cb69191435225c1501d21ed45a0304026f741dbb186012d4baa230ab3415b5910f3e5d2176dbfb6b3fa062c4ef7140de45f232f723db819747d2c53c1f62ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ba2c024fa985931b08238ec8ccfa2e8a

SHA1
afaab63f28a647643cd5ced4ca1205f16f7daedf

SHA256
7c9a9bb726687027d15d759dae175473e4c3a49795c78fd7f20d96b6783a904f

SHA512
7f2f14327725d233f085fef26d469c14ee239e75b9ea303f67454c51750ac9f4b86c757bdf1f88b5a6a2adeb37400752a2528ab12fd847941225ae5291653898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5eaece1460ab98e04dfa9ec9fd466993

SHA1
e9685e30ed28d19abda987f5713c12f0dfb91891

SHA256
441a2647de718ad58eec5ec28ba0fd3f33df866b5cef03b748e9cb0255a6f622

SHA512
555c03e4df21ab19816125d411c9a1154ec08d1d4bbe36845eba75997c6ba184b5fe6e9724741c699590c9434de7ec37e14d57e366b240960e2805a9c574af06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e742fb2cad3ea150e25546cad6b2862b

SHA1
f4a668c4fd4acdf858814258ae99deedd8f93b0c

SHA256
5bbb344ddd49e07b8e36234ab85f470dc16b60f83d2a513442b6ee5b6c60abb5

SHA512
72b607f5c4fad9e77cbd1f8c06600a0fc6bc046436c268a2c486a6839d2fe530fed59f64025ffcdbd4e27301601920a804dada186b7a81f33380188e276ff280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b88f10177b3d224d7de5656a249adc5

SHA1
13a07c230540b5f32e2ad28ac8997d72e8a575d2

SHA256
5897a6a655ced8dfb550ee404ec19613de6438581429d48ea62f3bf7ca2e107b

SHA512
e46d3ed647e0672dc304b8020ca086ed7703689de7cfeba3e691ee570047c305437d808347288192e0143057271e31aa70a7b10d4b5a088de56af9bf12b1d22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ee5037aac6be7eb61db501c0d87d7ce

SHA1
73aa01b871161a1479166209199595fa28b614d7

SHA256
858c9695d56a588c3a303d256f9acdf69026f299b208337467c6cdaeb5e8d0a4

SHA512
230f53622b9ea466da7b594f96d565639ad1c666f6dd0518d7e4fa930f89c762a52a1670f7db308df2c9bcca14b740d974e084c2f482e41b89a73423b4d23526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585e38.TMP

Filesize
1KB

MD5
be7a61efa03e483fba413e71a3385f45

SHA1
5194bdd18471be91409e37030d9440dab1182ce8

SHA256
f156c77c171a71768f348e674554a0de3aa9ca709e1a8ecfe7585535a387108b

SHA512
4ce9ab24cc5aa68e22f960e71fa716770b5561280a3198d9a69ab30058b36945df4a58817b1fb0848839ec47da0ecaa6a851e51a296607594d1073eade45e16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
438477f09233cb0046ea56f1770769e8

SHA1
1b590ed9fbcdb2d7f4eeadf97fe0d4d5f2a55794

SHA256
925a19c5a7f8a158be0d1fab4d011d3a7556afa1a50bb274daf6dc728765954a

SHA512
2669f3d075e9e3ad2b88f588aab98cd1f23bf5664342cd52f52b4f9b2ed09d33305791871fec60362010f329a2df9063e4b7fbac134ad8154a0f3fea9d6d8ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b5ca10c6d92ef993aeffadfb3d9eb2d8

SHA1
afbd0e1737eadad5a73b6bd79bcaa5689a3d1806

SHA256
1d803fe51922fc7cc099c0724be854f02658ffb1bf3b73a8beb8e77290eb7c28

SHA512
1e1206bc46441ba4360f6629bdd3b4e80bb394700d05de775974abe06e0c2119843c2d99935ab3a73957170afd661e6385e32e4c8325fa06c2b439693f8d300f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c391367c5b6029ead7236120280059c9

SHA1
23e6497422c6c6b4e693ed15fa582db194315efc

SHA256
3018f4cf853701aa79fae0b288c05bcf7eebc3a7e30aa7d3cc0462919d3cc222

SHA512
ba42a1de37569b4ce8cfcb649b5c084a5298b0528124437a742d66a9da4e7b8bbc0c325514a49393cbcfbfcfa8d2a64a6e6b7ee6023a096e0077da41d802c088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a634ba61b10d20e12714f2aae2f5699b

SHA1
f17da53544172e60eaad10b684ee2b2317aba577

SHA256
46663c9ac4e830ebea9ab92caac28bd1f863cb9c542f3f9e686d1b9fb6c3a955

SHA512
42ebf6496d09e204d1cd76bfb0851801f28ea8caab38049f639741c82101bee59627495a7c8bb5972a6dda0182a5f75b8430dea902a819d4ba64a5c867b4b7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
dd7536e0d87bb72f85f3ffa0b9e72461

SHA1
b6bedb1c5a760eb36339df3ae1e60352e5f05f58

SHA256
5807fac5c657d689a95880fa0b23982fdc3659745a22777d5c14a4b693aea403

SHA512
fda90a4eafac171459fa51d42ccb672a2431391ce7469e339f115376a19a7e3923dfcbba7f14f4c1972fcbccdd268985bf67c30c06cbe39bb50fa9071a80514a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
ebf4d12bb39265c34acab583477128a7

SHA1
d698553c99cf05a1b3b98afc14faf4a7861e7ef1

SHA256
75f9d32142a4c1e6f2c9c751276b427a51ad86afbe5cf846548f7f1db3f0ec48

SHA512
57f3006242adf4932ca7957b3b2634ec510a7641426661d875223943a5ce79afc1e877618e19c8b528dc71e1931bfbd4e4999462d17d72df2a25c9e27785a55a

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
a4ff48d9e609d4171455341ba327c8f7

SHA1
e5bad9d7eda6588c7d294ea2b5716133b0a7e333

SHA256
5eed5f1f8902f24c268a410d1745561ff4352edda8c15b9ab45bdc0251009d85

SHA512
453ad92d2f45c49083f6772871371522af61c92207b1a841cfedc3164e075dbe440616dba9a781d1472e13f01a30743f97038d55c2ca86367d364998301df100

Download Submit
memory/1828-672-0x000001F579500000-0x000001F579518000-memory.dmp

Filesize
96KB

Download
memory/1892-653-0x000001C56E700000-0x000001C56EC28000-memory.dmp

Filesize
5.2MB

Download
memory/1892-651-0x000001C56B9A0000-0x000001C56B9B8000-memory.dmp

Filesize
96KB

Download
memory/1892-652-0x000001C56DF00000-0x000001C56E0C2000-memory.dmp

Filesize
1.8MB

Download
memory/5060-592-0x00000000005C0000-0x00000000005C8000-memory.dmp

Filesize
32KB

Download
memory/5060-593-0x00000000054E0000-0x0000000005A84000-memory.dmp

Filesize
5.6MB

Download
memory/5060-594-0x0000000004E60000-0x0000000004EF2000-memory.dmp

Filesize
584KB

Download
memory/5060-628-0x00000000061D0000-0x00000000062F2000-memory.dmp

Filesize
1.1MB

Download
memory/5060-595-0x0000000005030000-0x000000000503A000-memory.dmp

Filesize
40KB

Download