Malware Analysis Report

2025-04-13 12:24

Sample ID 250102-ndlpdayrhs
Target yes.png
SHA256 aae7699b056e19bc9fd9ba3c5aa7571c2505cdd50108ae71b9d31fc690109c82
Tags
discordrat discovery persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aae7699b056e19bc9fd9ba3c5aa7571c2505cdd50108ae71b9d31fc690109c82

Threat Level: Known bad

The file yes.png was found to be: Known bad.

Malicious Activity Summary

discordrat discovery persistence rat rootkit stealer

Discord RAT

Discordrat family

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-02 11:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-02 11:16

Reported

2025-01-02 11:21

Platform

win10v2004-20241007-en

Max time kernel

279s

Max time network

273s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\yes.png

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Discordrat family

discordrat

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\release\Client-built.exe N/A
N/A N/A C:\Users\Admin\Downloads\release\Client-built.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\release\builder.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\release\Client-built.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\release\Release\Discord rat.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\release\Client-built.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\release\Release\Discord rat.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\release\Release\Discord rat.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1904 wrote to memory of 1756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 1756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\yes.png

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffda3346f8,0x7fffda334708,0x7fffda334718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\release\builder.exe

"C:\Users\Admin\Downloads\release\builder.exe"

C:\Users\Admin\Downloads\release\Client-built.exe

"C:\Users\Admin\Downloads\release\Client-built.exe"

C:\Users\Admin\Downloads\release\Release\Discord rat.exe

"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1

C:\Users\Admin\Downloads\release\Client-built.exe

"C:\Users\Admin\Downloads\release\Client-built.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,370306704760159466,13398361542660442879,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:2

C:\Users\Admin\Downloads\release\Release\Discord rat.exe

"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"

C:\Users\Admin\Downloads\release\Release\Discord rat.exe

"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
GB 88.221.135.11:443 www.bing.com tcp
GB 88.221.135.11:443 www.bing.com tcp
GB 88.221.135.11:443 www.bing.com tcp
US 8.8.8.8:53 11.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 95.101.143.183:443 th.bing.com tcp
GB 88.221.135.19:443 r.bing.com tcp
GB 88.221.135.19:443 r.bing.com tcp
GB 95.101.143.183:443 th.bing.com tcp
US 8.8.8.8:53 183.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 19.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.133:443 login.microsoftonline.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.133.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.133.159.162.in-addr.arpa udp
US 162.159.133.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 162.159.133.234:443 gateway.discord.gg tcp
US 162.159.133.234:443 gateway.discord.gg tcp
US 162.159.133.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_1904_ECVYBICBLULGJMRV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70f79d0a39c7dad17b9c584140ab4244
SHA1 ecf514442c6c601a25b5e9f3e3d5ab4e37de0e6b
SHA256 fa46c345b9b9e987ccbd22b1c8617642f1a58e941e8cb0c9d72ed999174ef913
SHA512 e110f02d483466dabe80653a9603306f009b0242742e8271a888e0665e8d377908f0f8d1e8be764f5e56272b0fdbd71560498aaf710383178a40805881bfbd42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a634ba61b10d20e12714f2aae2f5699b
SHA1 f17da53544172e60eaad10b684ee2b2317aba577
SHA256 46663c9ac4e830ebea9ab92caac28bd1f863cb9c542f3f9e686d1b9fb6c3a955
SHA512 42ebf6496d09e204d1cd76bfb0851801f28ea8caab38049f639741c82101bee59627495a7c8bb5972a6dda0182a5f75b8430dea902a819d4ba64a5c867b4b7e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2635a4c2f70abfcf6468df9179889d35
SHA1 6e0a47150d1a930994c74621b15f90494c9dfda7
SHA256 f9e902a0530a5793be3da37fb6f872d37703a846ca1ad95a01036ee066d43e00
SHA512 cc99bde4c25296c95f91ca613f18ab425ca5ab0a1d650aa1fe6ffd071aaef4e2771db8e47acc2bfa092cbef0dc371ea6efad1755c7ef76a90d2143f84a775d44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 837145a56e83e638158fbc299865a22e
SHA1 f668dbe9e34055c050b41efa066dd9160e34490e
SHA256 64194877256dc2eba8ab6c9842da5c8ef9c686085ed96147a80286449a14b338
SHA512 58b0795dfabbdf6e30748f565035aca040e038cfca50eb95ac254df20b71076fa92de1c477e82c1f45db4146951158a3c2b4e37a53f2f84cbc85c6dc21e60fee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 7d54dd3fa3c51a1609e97e814ed449a0
SHA1 860bdd97dcd771d4ce96662a85c9328f95b17639
SHA256 7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247
SHA512 17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b8a18967f9d8c63def1abf10c25fdb00
SHA1 5619b15546fa38be3be1277abf17a69d82b62ce3
SHA256 b8aa165c498d6f4aefc979ea09bf1cbf9eeafdd8c1db44fec6d6c943a92d9e50
SHA512 35f84b0c486d9eb0b277b5f4f1b3c4cdbad1f6c443299b6e0e23915ec8eccfbcc89600e528e9ee579649e9c461eaea353c8a3b0b2dc99ee3c2deb018540b07a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585e38.TMP

MD5 be7a61efa03e483fba413e71a3385f45
SHA1 5194bdd18471be91409e37030d9440dab1182ce8
SHA256 f156c77c171a71768f348e674554a0de3aa9ca709e1a8ecfe7585535a387108b
SHA512 4ce9ab24cc5aa68e22f960e71fa716770b5561280a3198d9a69ab30058b36945df4a58817b1fb0848839ec47da0ecaa6a851e51a296607594d1073eade45e16f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29d193524404ed6f2e0b3b7f34f0ee41
SHA1 0ddcb06603894c781b84058b9008405e461d8b0c
SHA256 83054610b90cdecf504129ed13ab3916c9a3d6c603f0daa900b15a0eac37ef9a
SHA512 b998124dec8878d331ff975f5ce3a708cd68c2c7d7b257d2ef373611fdf10cc05ba855863f26ea4626bf2b3100b3285d3a0761010d8086b1464b4db379d7ca90

C:\Users\Admin\Downloads\release.zip

MD5 06a4fcd5eb3a39d7f50a0709de9900db
SHA1 50d089e915f69313a5187569cda4e6dec2d55ca7
SHA256 c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97
SHA512 75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ba2c024fa985931b08238ec8ccfa2e8a
SHA1 afaab63f28a647643cd5ced4ca1205f16f7daedf
SHA256 7c9a9bb726687027d15d759dae175473e4c3a49795c78fd7f20d96b6783a904f
SHA512 7f2f14327725d233f085fef26d469c14ee239e75b9ea303f67454c51750ac9f4b86c757bdf1f88b5a6a2adeb37400752a2528ab12fd847941225ae5291653898

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 23806a12f8975623cccf4503b9e7b387
SHA1 a40e9020bc8089b4973e1470929ef493cea0ee8a
SHA256 e77b14a6c1f07bf58112efd2d934458e8aa4bb4a25f7d0d7b432d38a14026bef
SHA512 9e7ba808f4e680a4357d90bdec28fc5c8fdf4ebb5a5fd4cc109292357690aca0f9e2b443859d579e600b2af49d88a8d4e81cb906b2591d2f3d844355cf14b947

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 48d8e5aa7b241910c3a5abd909273196
SHA1 cdaadc083bf65c3ff0f5896b8a53b1c253f2e307
SHA256 c3a7074383759dc42d7a4e75135f24042a86ac5e5bcf4cb8d8c3f762b63086a5
SHA512 f5a133ccd9a4ae94f77d7e063f817de931b0d63f882aedf7b3e75d02831a42c3a89d57dcbbc80a81c2ffb17a6332ca0770fdd32ec8d9703450c40f369c76282a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 0b17fd0bdcec9ca5b4ed99ccf5747f50
SHA1 003930a2232e9e12d2ca83e83570e0ffd3b7c94e
SHA256 c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d
SHA512 49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 56690d717897cfa9977a6d3e1e2c9979
SHA1 f46c07526baaf297c664edc59ed4993a6759a4a3
SHA256 7c3de14bb18f62f0506feac709df9136c31bd9b327e431445e2c7fbc6d64752e
SHA512 782ec47d86276a6928d699706524753705c40e25490240da92446a0efbfcb8714aa3650d9860f9b404badf98230ff3eb6a07378d8226c08c4ee6d3fe3c873939

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 c7b82a286eac39164c0726b1749636f1
SHA1 dd949addbfa87f92c1692744b44441d60b52226d
SHA256 8bf222b1dd4668c4ffd9f9c5f5ab155c93ad11be678f37dd75b639f0ead474d0
SHA512 be7b1c64b0f429a54a743f0618ffbc8f44ede8bc514d59acd356e9fe9f682da50a2898b150f33d1de198e8bcf82899569325c587a0c2a7a57e57f728156036e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 5615a54ce197eef0d5acc920e829f66f
SHA1 7497dded1782987092e50cada10204af8b3b5869
SHA256 b0ba6d78aad79eaf1ae10f20ac61d592ad800095f6472cfac490411d4ab05e26
SHA512 216595fb60cc9cfa6fef6475a415825b24e87854f13f2ee4484b290ac4f3e77628f56f42cb215cd8ea3f70b10eebd9bc50edeb042634777074b49c129146ef6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e742fb2cad3ea150e25546cad6b2862b
SHA1 f4a668c4fd4acdf858814258ae99deedd8f93b0c
SHA256 5bbb344ddd49e07b8e36234ab85f470dc16b60f83d2a513442b6ee5b6c60abb5
SHA512 72b607f5c4fad9e77cbd1f8c06600a0fc6bc046436c268a2c486a6839d2fe530fed59f64025ffcdbd4e27301601920a804dada186b7a81f33380188e276ff280

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e61ab4c2147bbaff155d4bb4207bd908
SHA1 fe9d0e71df45778b5afddba62383d8c57f8f5cd8
SHA256 dca9ddbd9c616e2752071ef826f0351dacdb732a73c6a9f737a07b7595bb4f5b
SHA512 756538774efa7e8a75c72947e83b4d010ac4950e51b4e639e6aa1abc7fb5e646e772a5220d83864957d2bd6c7c696f5616d27701b608c17db6e59ccf5d7ca941

memory/5060-592-0x00000000005C0000-0x00000000005C8000-memory.dmp

memory/5060-593-0x00000000054E0000-0x0000000005A84000-memory.dmp

memory/5060-594-0x0000000004E60000-0x0000000004EF2000-memory.dmp

memory/5060-595-0x0000000005030000-0x000000000503A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2fadd8261e349dbeb7072e5fc756dafb
SHA1 139af686a14cafb190dd68808740e34fb7397e3d
SHA256 8c2f80aaa7ff491fad20788532160ab63b5ab1e494cff439f0aa6056faf95716
SHA512 078f58d6e742b85906873816d66cd2674e6ce503bce628910727a6e4d1ad5d47d733dfad47187d36ce5648151fde5d7cb3b71f2a6b184da723a74e473ed229bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 baa5d3f6ccfe4be91c8999898df52d49
SHA1 12e3f48cc27680a0296d26f74d0ad5a4354214c1
SHA256 0bb40fbc2363a1e758b351e7650aa6ea9cd71705a54ebce37ace629760da84af
SHA512 ca80e03cc2e470c3bf25b3761fde08e4a95a743b0ea2c2dced0ff59a4a43922cd494a8fefad82b9685ef8783731d64ebb2bcd451a36678fb8b0a169dd125512e

memory/5060-628-0x00000000061D0000-0x00000000062F2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0ee5037aac6be7eb61db501c0d87d7ce
SHA1 73aa01b871161a1479166209199595fa28b614d7
SHA256 858c9695d56a588c3a303d256f9acdf69026f299b208337467c6cdaeb5e8d0a4
SHA512 230f53622b9ea466da7b594f96d565639ad1c666f6dd0518d7e4fa930f89c762a52a1670f7db308df2c9bcca14b740d974e084c2f482e41b89a73423b4d23526

C:\Users\Admin\Downloads\release\Client-built.exe

MD5 a4ff48d9e609d4171455341ba327c8f7
SHA1 e5bad9d7eda6588c7d294ea2b5716133b0a7e333
SHA256 5eed5f1f8902f24c268a410d1745561ff4352edda8c15b9ab45bdc0251009d85
SHA512 453ad92d2f45c49083f6772871371522af61c92207b1a841cfedc3164e075dbe440616dba9a781d1472e13f01a30743f97038d55c2ca86367d364998301df100

memory/1892-651-0x000001C56B9A0000-0x000001C56B9B8000-memory.dmp

memory/1892-652-0x000001C56DF00000-0x000001C56E0C2000-memory.dmp

memory/1892-653-0x000001C56E700000-0x000001C56EC28000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c391367c5b6029ead7236120280059c9
SHA1 23e6497422c6c6b4e693ed15fa582db194315efc
SHA256 3018f4cf853701aa79fae0b288c05bcf7eebc3a7e30aa7d3cc0462919d3cc222
SHA512 ba42a1de37569b4ce8cfcb649b5c084a5298b0528124437a742d66a9da4e7b8bbc0c325514a49393cbcfbfcfa8d2a64a6e6b7ee6023a096e0077da41d802c088

memory/1828-672-0x000001F579500000-0x000001F579518000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 438477f09233cb0046ea56f1770769e8
SHA1 1b590ed9fbcdb2d7f4eeadf97fe0d4d5f2a55794
SHA256 925a19c5a7f8a158be0d1fab4d011d3a7556afa1a50bb274daf6dc728765954a
SHA512 2669f3d075e9e3ad2b88f588aab98cd1f23bf5664342cd52f52b4f9b2ed09d33305791871fec60362010f329a2df9063e4b7fbac134ad8154a0f3fea9d6d8ac3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5eaece1460ab98e04dfa9ec9fd466993
SHA1 e9685e30ed28d19abda987f5713c12f0dfb91891
SHA256 441a2647de718ad58eec5ec28ba0fd3f33df866b5cef03b748e9cb0255a6f622
SHA512 555c03e4df21ab19816125d411c9a1154ec08d1d4bbe36845eba75997c6ba184b5fe6e9724741c699590c9434de7ec37e14d57e366b240960e2805a9c574af06

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 dd7536e0d87bb72f85f3ffa0b9e72461
SHA1 b6bedb1c5a760eb36339df3ae1e60352e5f05f58
SHA256 5807fac5c657d689a95880fa0b23982fdc3659745a22777d5c14a4b693aea403
SHA512 fda90a4eafac171459fa51d42ccb672a2431391ce7469e339f115376a19a7e3923dfcbba7f14f4c1972fcbccdd268985bf67c30c06cbe39bb50fa9071a80514a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12f24e201c89432ed627817501366d12
SHA1 e26601d3f2354357ddae09b60eba0b87f95773b6
SHA256 a86d384539b971af5814e9030092cd035d293b88481312fa348e5ceca0c6ca5f
SHA512 0438c46b0895c40bb4f27b701a7456db3e4bac11f79c37b654448db78e7582e11674faeb028aa482056801b5f47d5a4fa46a735890d33ac469aeaca3e1c58f7a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 ebf4d12bb39265c34acab583477128a7
SHA1 d698553c99cf05a1b3b98afc14faf4a7861e7ef1
SHA256 75f9d32142a4c1e6f2c9c751276b427a51ad86afbe5cf846548f7f1db3f0ec48
SHA512 57f3006242adf4932ca7957b3b2634ec510a7641426661d875223943a5ce79afc1e877618e19c8b528dc71e1931bfbd4e4999462d17d72df2a25c9e27785a55a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b5ca10c6d92ef993aeffadfb3d9eb2d8
SHA1 afbd0e1737eadad5a73b6bd79bcaa5689a3d1806
SHA256 1d803fe51922fc7cc099c0724be854f02658ffb1bf3b73a8beb8e77290eb7c28
SHA512 1e1206bc46441ba4360f6629bdd3b4e80bb394700d05de775974abe06e0c2119843c2d99935ab3a73957170afd661e6385e32e4c8325fa06c2b439693f8d300f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fd456458e5ddf2abde0a9f590799fee4
SHA1 032bf2d71a6376e643ad576bf1fe457d688c16f0
SHA256 6467a60c16ac9286cfab18c477564ac76a547bdfbdb118abe10e9a3b4bfcf15d
SHA512 3800341dd2902110aee88e24f771a4a1c078f68a56ec9f78a3c80bde3e5f477f3de6e63f02be8d442779e78f62fa176f3ca589647fd52ac3d29de22aa9228ee2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b21011e866401381_0

MD5 ded199ea46548c8a9e40d924dca9077e
SHA1 7b6c4c6f9e02eafefd1ff0055205ba23d7d60f33
SHA256 316d8e880cc926f8a394ae7f398545e8805f4ce0808caae8b03864ac2855749b
SHA512 a81a79dd152e73450a413d05c3f86b9d681e3e77f61ca01c5500b47e4ff97ba458209ba10e2fd5277734064099d6bb89e30a949252f2d038de9610a64b76dbd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f1c02dd72d05ea5e_0

MD5 e9cba45fe6fb10a84eac2d7fe4769b64
SHA1 712da7fc62396d92a358b3696627c09c117eb409
SHA256 9470b06d45c76f636f76308572574bd0e23d1a6e1307f973b918a3872d082def
SHA512 37eed7ad91305f4db6402fa681738138605a17a2210f67349100535cfebf76ed5906e779b5b14bfde5166e017c2342cfde109c6194dacf346a2c21f3c9e64055

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30777ab506872f93_0

MD5 91ffc1a5305d15258ddcdaddc9c6c659
SHA1 ec342267b148ca6fe3a8c7003b5ba372727f93ec
SHA256 703aaa9f74d3d333b05911a4691e139a63941ef33557b5d950442ee4fd5a3189
SHA512 87a62d8c2d6c591ed360ed4034fd61aeab5008486141941dca632e892bc96481b62803287aa06dd6819ef16a5213e2a57d5256cd432658d830139ffa84b4d1ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a214c140e638714_0

MD5 47ce3cb257b8fa2a658150f885d079f3
SHA1 fa41aeb23447592c62d708b696aee7b7590f7544
SHA256 98e414c5effe21440c5b4034e3f7206e21aaff84758576155ac46cce98ee737d
SHA512 ba9c2c292b941110024268133dd8f3336b39b0ac65df6a96f021082ef21b7047eaf3b9ea25c9c9e2bdacc0a75c55ee60a7d2a15940547c4b559687ec211e2a6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\60ad945ff317ba79_0

MD5 04a723da665c7773a1358053457bb7f8
SHA1 5e28926e5db17ec05dfc49d88f1ba93bbfc3fe04
SHA256 05bb0c9f21e4789d32ee1e005a1c8952047c24a64e9615cf7b561db76f59f5e1
SHA512 41850e01e2a324eec35424786db50e227f5c1ef188c2bcb16712e0a65aff35870ec0428d840ed768e118d8491a3c901470fdb0dde77bc264130ef94ce89b7ab6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb73c6570251aa2d_0

MD5 b01b34419dacd170a68a53d08e26b4f5
SHA1 11d2cb43efdb152e5f460c538f8b76bc8b08c17d
SHA256 31d3bc34f7b793223f88cb10d83ed1586ac054c4dee5bf43dc18f16474eeb7a3
SHA512 78e8799499e493fc1e276b0d6b591e149e2d61cf70df0bba9048325f992ec8da1e22855adf86a6242aca5189b9651ef68e0649482efda551d1bd41dc3b77f1a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd0923a2b87def10_0

MD5 337a85a6fdc9d8bd51cd5071f5aa5ab7
SHA1 1adb54844c56ffa262a75d8528ed151083d156cb
SHA256 1115e88bac0d6777796e6b7919fd198511f6b2df88699c4c96e007629cadf3b0
SHA512 44c8247cadf8eed118f103047f57c27db5a69a2a7513aff00db24f0c760fda578d387dfcf8b6f3eb66cbca78a06ccf703393bb1261fb90ae3059d364caaada9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ae644f27170ae5_0

MD5 7b237b7fc7f03a97fd90c27be0bb7998
SHA1 31885cf85ef49571cd68b60247f6219d5814b0df
SHA256 497f7553c01c07af854b9c0b35994e777f42d7a16a9faa7ebf36f7dd9d4925e8
SHA512 5adc4dd1c868bdfddd84cce0fd680f5f546460a6b1416f33c523cdd0f554752a356e7821f3640f5d20d7cd4e59a3e30afee6c8b94d412348413fdd5f0a88ec0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1986e3be1e85e903_0

MD5 d960f390d13c482df3cd86be32c5abba
SHA1 e038795347d6b47016d8ff1a9dfe557c0edc1983
SHA256 442245aa15f351bde09f9c6aa329424c8c55b26c6d35eb8640033a42807fcdc1
SHA512 ddf6ca6494a44feae2127eda7183c009f976292b2cb8c14303eff3de87f240abf9b69c2bf8a5088bc009792000ceaa33184c14629d3ac83f7bd26140a7a9c2e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee08c28427b16c56_0

MD5 e21edcd332b22cfc6fb21f791db40d0e
SHA1 b1c8f5dded84ba9e9675eadf03cbb828bc4b2887
SHA256 0957ae495c36e8be984c3082a78d9310dcf362abe3d2713d2aa6036015961842
SHA512 3baeab84dc5b0f2b826aa40434d84c14015f4f9244a89c7824caba83fddd5bcd88bd24f1d15aff3fdac44e817e257e9108bcf4503d522d97881389a3066b8614

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5007460b01db9911_0

MD5 501f3fca8c523c8ea53cddb940053f77
SHA1 e50e4607a14801d0f1ca2c6f86b2868854e65715
SHA256 7c4e5acc8b2def87e9c71c58445299b9412109c30820effac27d55e7abbf9be3
SHA512 8132b75f61d6596512fc8a018916c5a0f552ac1dc2a935467886f669f2e11f9646093d9c8973687ffb7923b3438f7c8cd8c9d61be0b37991e48c566271295813

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a3bf0148b593098_0

MD5 75c9f4788bb3ebbc44a25b6dd92a32cf
SHA1 1fd702a7f860dffd9d2ca7a91c9b7013ef4af8d6
SHA256 65d65324e70e0a9664c0c64b5f12caae8328051897c1ae0c8f07dbb9eb250110
SHA512 cddd32a7ea18ae07570b8700488ce9ec127327a902b378f3ad466bcf28ae43ba2a3ac493866683ada8bb5567c7943e88ce152e904a3edd4d77614e287127b19a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8f9fd988dc5ea5bd_0

MD5 a937d53e52fb66a5dc37590951a1f213
SHA1 ab0998790d8737d6fd16eccc64196458804c72e2
SHA256 6ff2a60e3221d122ff9bb349786075450e11d658e1832343a9495aa601b1fc49
SHA512 1eb261418c05f157f69fa309a27443acc4c3f70f3749e669a9dea3def80cb08801bf20fb66806d8743e7f540a36a37027d509942c207b1d061852aaf75c29561

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a994b1febf13f031_0

MD5 6e93ef94f2844515ed6fef8d7ac48d0e
SHA1 fd80a02c2462666bff5f3772bcf179caab0d609b
SHA256 8e2fb68e8fe01b0836569f5a50b5d1994edc15ecc4915363b7d9ea8b0b770b77
SHA512 df3d4df9a506888de144c72aeebeef2d3ae8cf0b96c87283a2ba0b8da208dd4292637196b6113fd599c272e882fe65acc786215683f77af1887ffd63e89bb65f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d0b78a7984afdac_0

MD5 fde833c3c4c0277a3dd6ddccfd9dff3a
SHA1 7c24f3fc6fad9491127dac10b1232319a3c8d4b3
SHA256 2a5b8b37fedc845f4a8d886b1daffe3f6d85e2f8f0e4c2d9a02cdc4780d76d18
SHA512 9dc42ae64c2f0670ade1e196f107dc7adca9912c0bb9678c7356bfaf740be8845e89313bb45458ace2038e105a7ab66830578f096a185733410c245a50cb9392

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 b9cc0ef4a29635e419fcb41bb1d2167b
SHA1 541b72c6f924baacea552536391d0f16f76e06c4
SHA256 6fded6ba2dd0fc337db3615f6c19065af5c62fcd092e19ca2c398d9b71cd84bf
SHA512 f0f1a0f4f8df4268732946d4d720da1f5567660d31757d0fc5e44bf1264dfa746092a557417d56c8a167e30b461b8d376b92fbe0931012121fac2558d52c662e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 deb1a7246f50175d83f8219aa045fc0f
SHA1 600f0f154506b1c4e7fe48bacc65eff78fffc565
SHA256 cb5d52025b28cc13f9efc809cd7f197d8044fdfa71c96bd60c5e416da8be7e09
SHA512 00cb69191435225c1501d21ed45a0304026f741dbb186012d4baa230ab3415b5910f3e5d2176dbfb6b3fa062c4ef7140de45f232f723db819747d2c53c1f62ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9c08c8b16b299db78e2033636231d337
SHA1 2faa47bef1104db15eeae8dae1a29f3d951e944e
SHA256 cee97ecbfd8a421ffef5a9bdadc41742d991738bd8a00108cab0b9b18432dfce
SHA512 35d7e0e35d6879ec29ecab973c9df68b2d6e50c53d75d8d479ede72bbbd0e914d4a595542dce0f375363c466253a98ab4dd777ad06204714f81137bf9e14685a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b88f10177b3d224d7de5656a249adc5
SHA1 13a07c230540b5f32e2ad28ac8997d72e8a575d2
SHA256 5897a6a655ced8dfb550ee404ec19613de6438581429d48ea62f3bf7ca2e107b
SHA512 e46d3ed647e0672dc304b8020ca086ed7703689de7cfeba3e691ee570047c305437d808347288192e0143057271e31aa70a7b10d4b5a088de56af9bf12b1d22d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5497b6a5413f425bda70e7c82cb69be8
SHA1 060718683d3d02a49f355f3ff53cc6cdd68ad855
SHA256 31d1a9311cfa5b5a472e46d6acd7293f8ba59c2e35028455f134cbe741e99bea
SHA512 39d547da61a1834bd4b3173b3840073bd2d70c27677c1c7e4c51d9f4c457edfa3879eb6e9d81e77c10ab481caee545b30d4a4d6b4d0ab3bc8778d239ea08ac9e