discordrat | 7bf5ffd27f4de79d44dfed376fde5f58c9b8479b1b102e88881ad4b4b218f5f0

Analysis

max time kernel
287s
max time network
255s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TRT.exe
Size

78KB
MD5

dc350fb27cef847db894d4704faac60a
SHA1

cb671a35127562cb8d20c92e471f0841b6b14ba1
SHA256

7bf5ffd27f4de79d44dfed376fde5f58c9b8479b1b102e88881ad4b4b218f5f0
SHA512

d4abde46cfea25f8645e3a4920944d0f7676418ae5c4d22256021ac3a7566c3b41ad812d26c10da344894c35b5457057f1184b42e3b5d83b96177606d326a63d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+CpPIC:5Zv5PDwbjNrmAE+oIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyNTg4NDM2NjcxNDMxMDY3Ng.Gc_wqW.b2EmK8XaLOl-3gOmCEBQuc_xctgLo2BaBegyQQ
server_id
1325882884120383539

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	TRT.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 18 IoCs

Web Service

T1102

flow	ioc
94	discord.com
100	discord.com
133	discord.com
10	discord.com
34	discord.com
52	discord.com
85	discord.com
9	discord.com
127	discord.com
101	discord.com
21	discord.com
35	discord.com
51	discord.com
92	discord.com
93	discord.com
95	discord.com
99	discord.com
123	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "162"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
808	msedge.exe
808	msedge.exe
4564	msedge.exe
4564	msedge.exe
3496	msedge.exe
3496	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
2552	Process not Found
2584	Process not Found
2980	Process not Found
1560	Process not Found
4592	Process not Found
2972	Process not Found
2000	Process not Found
2928	Process not Found
4824	Process not Found
4340	Process not Found
3684	Process not Found
644	Process not Found
5088	Process not Found
1072	Process not Found
3272	Process not Found
2524	Process not Found
1220	Process not Found
1196	Process not Found
3160	Process not Found
3608	Process not Found
3516	Process not Found
2660	Process not Found
404	Process not Found
2872	Process not Found
2208	Process not Found
1416	Process not Found
4736	Process not Found
2336	Process not Found
4572	Process not Found
2540	Process not Found
2492	Process not Found
1064	Process not Found
4576	Process not Found
2424	Process not Found
2324	Process not Found
840	Process not Found
4356	Process not Found
2028	Process not Found
4296	Process not Found
3760	Process not Found
4936	Process not Found
1704	Process not Found
2156	Process not Found
4344	Process not Found
4512	Process not Found
3352	Process not Found
3076	Process not Found
4860	Process not Found
2852	Process not Found
3048	Process not Found
4292	Process not Found
3960	Process not Found
4504	Process not Found
4984	Process not Found
3104	Process not Found
1684	Process not Found
2332	Process not Found
2172	Process not Found
876	Process not Found
1120	Process not Found
2948	Process not Found
4692	Process not Found
3324	Process not Found
2264	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4960	TRT.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4920	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 808	4960	TRT.exe	102
PID 4960 wrote to memory of 808	4960	TRT.exe	102
PID 808 wrote to memory of 1668	808	msedge.exe	103
PID 808 wrote to memory of 1668	808	msedge.exe	103
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 4012	808	msedge.exe	104
PID 808 wrote to memory of 2136	808	msedge.exe	105
PID 808 wrote to memory of 2136	808	msedge.exe	105
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106
PID 808 wrote to memory of 3212	808	msedge.exe	106

C:\Users\Admin\AppData\Local\Temp\TRT.exe
"C:\Users\Admin\AppData\Local\Temp\TRT.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe3d9846f8,0x7ffe3d984708,0x7ffe3d984718
    3⤵
    PID:1668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5856003862398118043,16663847783574391712,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
    3⤵
    PID:4012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5856003862398118043,16663847783574391712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5856003862398118043,16663847783574391712,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
    3⤵
    PID:3212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5856003862398118043,16663847783574391712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:3904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5856003862398118043,16663847783574391712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe3d9846f8,0x7ffe3d984708,0x7ffe3d984718
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1238525381687720070,17980669048966592541,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:1448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1238525381687720070,17980669048966592541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1238525381687720070,17980669048966592541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
    3⤵
    PID:4344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1238525381687720070,17980669048966592541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:3312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1238525381687720070,17980669048966592541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:3076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1238525381687720070,17980669048966592541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
    3⤵
    PID:2852
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1238525381687720070,17980669048966592541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
    3⤵
    PID:4768
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1238525381687720070,17980669048966592541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3960
- C:\Windows\System32\shutdown.exe
  "C:\Windows\System32\shutdown.exe" /L
  2⤵
  PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:180

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3881855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b29aaa93eb4048ecd8d6c97ac6e7b27

SHA1
fe76ff76f840a3ebda680321bf3e8bb0c0eb14c0

SHA256
25a33f09696211c7099e2ce39d9a9606389829db5c24c00fdd3e6b75d626ac0c

SHA512
07fabf45b5341c6928a2d1bb13aa5f8953713e7b281b581e886fee53a0d81a17d5c9184676d4db55b0dcc1a4b630221d087772640f7b5aae32e995774f18ff28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
513d221e561b58e5289c5e053392f9ae

SHA1
1d826559abbfadfa6fbfb583f495846bf84a742b

SHA256
6ddca9f9c30ba2debb5300374dc60c0ea8d292eac77f71a352f53f7ae15e515c

SHA512
0ed981cb86cd95e8f61d1a29c99a258a24565abd49cde53153ea1a18db7a3830bb9d0bdcc84d6108fe65712c03f18b1e5e006e6876d2cbe81b19479842b2b0d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d905dee0df062cebec2f48c68898ddf3

SHA1
02f2b5df91198d42b494208fbb1ecf35f3cc0fa9

SHA256
0fc5075af7cada9b8f46e1ce1db729679d39ba39f99646dbafaa30f2cb6c0663

SHA512
58ef13e673e1cf725808d051201bafd0099d0cba4d65e6017c790fd62b77745eb3e40e174bc758a8b85e06e8a4aea2332a08a4ef0f53016b2a15b33f8727b00b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
8d2f4f1930a28c32594092d8473c3e45

SHA1
f109c423d5d90aa05f2ba76a0bba3c090aaa2c5b

SHA256
0ccdcea4bfe8f1e076a05e33d70779b6ca9b6cae8c2aa859609ad15cad77a207

SHA512
8ac8fc943ea04886b7ceb775fa26149cee11ce237e9ddda0634f92e06ea18e935c1e9c4b16b8a681b64559da5450a53668dad28a0b1af1b116ca061c9e8c1bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
571b339f28c706b3021b80e8699dd17b

SHA1
fac345343e61a47a2b4222063f15d65f38cd5983

SHA256
f04c924d95845f75f456e3569b069bf9d6a75b597f5e7994a047e164b38179aa

SHA512
c85508f92769fa85ac5b433e184c1f201ba14869745325a8415b83fa6d293c967d5764b6b9babce97b0ee146e2514ebb9791650959e341e7bf8bd89612520fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
27KB

MD5
0dd3e79cbf1483610fa1ac438d0fb607

SHA1
772a1c6a1b4c50a727990cc53a46ec3ac3755ad5

SHA256
2752a0e9312cabae43b766907c81739f1b7b357d4b4410e8bc85734985473df5

SHA512
dc6c0278286c01db86dfe581c968e8c71737ddf1f6dfa4dae01e4f9dca68f330e13ce5abb988176ba42513c6cc3f7b6b003a670778881d69d41bf744b2067b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
65KB

MD5
4e035d4419924345da63c874ba6f534b

SHA1
3d163ded0e3ad03ad25dbc00eab646e66850645a

SHA256
f7e0f5593818363eb354bd153649a8c5e364b55d94596c5493b367271988b132

SHA512
6ca7db61c39c7a7a1b061170f024c5b8adadf402df7c3d722db9b7a1fa4109cb4401944d8661aa9436917d5513390bd4ea4d69124fdd44d770f914b45e056cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
86KB

MD5
b1fb857893c2c6b850d230b4831b5fc1

SHA1
31bec99d3bc2428e193ab4d9cc36279a382dc28a

SHA256
4af9119af34a9544022ab809aed9924d570cbebdd6e236ed888c71d7cc170c9f

SHA512
513ef69f761dfb79a7dbf72b6d2f9ac7f463602e65927f5c67ba7557c0247fef7dfb037c470bf68efd137eb31532ee34158aad21138ac5c4944c10e001e8e59c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
105KB

MD5
69f381100eaa41e244098cae8751d889

SHA1
eaa97e025389e3c5c49dc6f4d09edb66bf05bd7f

SHA256
7cd354622f72d2a26cc2d6ba79e009617adbdb26026b996ec50d26a290c70f3a

SHA512
4215f981f48d009c4c990e61df4de89999c54f73abfe862f614a76328aa6e1cbc8e2582a990fb7b051788d440cc3aaf83dce55551943a27d915b1f80206d3949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
29KB

MD5
cf776b128a74f76a26e70ddd68b46b61

SHA1
24c15fb603cd4028483a5efb1aecb5a78b004a97

SHA256
346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc

SHA512
20751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30b36782012a3219_0

Filesize
240B

MD5
2b4df67e3288cce4b3aebba9c617f8eb

SHA1
bbc28e056a98bcb116402d23874d16ee786b806a

SHA256
79ac20418c382e078dda788d54ed557cce5639e85521f3215465da49c8a530c3

SHA512
be71f41ae16f7ac1e42373ee91b87714dfe516b3213bb42e925e0ef35b9a04f0d3a9d2681a1fda9bd8f542fd307801ccb0d6e96254d3c232d7930e56d8b107e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3726a6d32a5a70d2_0

Filesize
228B

MD5
977818a55812867ddb55efb050b4f4dd

SHA1
765234fd043064dbc04ea09f64323231175b0d5a

SHA256
c9cccd6618c13bd8f069cdb4b334920254de58418142f020d24cee5d19c76c25

SHA512
fba24b882f2acb55ccece055958a61567ec3fe4b2a02ba3294ab1a93fdce16f72c8b959a782802f9fe929663cfd8510314ad083b7baac527512b462bfd5746b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d3c3fb446694839_0

Filesize
212B

MD5
71e3d91014b29d5c9258a9a920419dce

SHA1
da7d6112aacc1e0d6ec0112d3598d197a84cf1bb

SHA256
c59fedc5857e1f132005098714b2daf470b0b10ba0e83280056a6c4423d26b77

SHA512
e27f08e413f694a45c84eeb10e638aa5807cdeb98013460dd2b5f02619d6eb37af7038b7989c5498d05e8f6952dfbd0dfb8eacc16df791c1a25a78373782e464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4be043e0a955f51f_0

Filesize
12KB

MD5
7d2d1decbb82f7cbeafaf0a972a2a8c4

SHA1
ba4e4354f7ceea806c8dca7568dc57051f4d6f60

SHA256
e5a808cf2d3adffc4c9ca4ca3930d5dbd6d40521ae6d62529555fffd3ad96ef0

SHA512
9f7f741dbc68cc619eced51565b89d8351df383ae18e042573746de09ddb448cf0b860623adb3b17b32031e251529df520551d674ec43ab455c286ef0d1c0213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794a28efef760392_0

Filesize
204B

MD5
eadd2848443a91cee982f44fae361f59

SHA1
a0272ccf02613b846394e35959588d2c81206597

SHA256
3dd70afcb3882d66531f877459953c6c0ff249da2f564f6c1aba88e12b0ead6c

SHA512
a9819651cd222c0c59e8918f36e0aee081c7663bd4235a87d70373d71830f67f27feef1c5425a5ac4b3cf851bdf884bbdfc5aac8b71079aff415519eaaa28141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f878c7420b45bb8_0

Filesize
236B

MD5
f843aa17f5df287501d07a3027f00017

SHA1
e58c463344c21078cb6c7fe07e23e361d06cb43f

SHA256
3a4361adadb142be42d1f3ea0771d324cce2cdc2d17ddfa63ed66eaf80f9004b

SHA512
d0d456c1a6e7fe66390242f90d3a9c3d9fc72938ee059c1f30c34147f5827879b6055f3c9713196f47b4975124d847fc505bcfb8df79a9c4761cc6731cc46f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8b76b918b66b0c48_0

Filesize
233B

MD5
adc8243842b5a4160a57462fdac9920b

SHA1
07e7e2f69fce894ca8f794aca6a7f7328ce75039

SHA256
58af0becebe2665e62caf846fabd0ae029f855223dc7df34151c7b700b1bdf8e

SHA512
dfad3ef7eb8966af2bf8631761f9522ee53b8135874b8b4a802929f63bb965e9dc988e2fa5f3cf08a416588ce4bca7b39b1c3e6ef5f9578fdd5c702971f0b9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a10a720a1bb4ca6a_0

Filesize
246B

MD5
67c059d3c751fb5517c65215597cb7d4

SHA1
d090268a4e877890dd3f9ed31249e48976381960

SHA256
fce1aa26f479494f27a2efe57360ae7f969190fd992a27e2a60073b252fa6b8f

SHA512
017e6894c4679e9a210ba0bdaf8bf482d92fe5c957c5022c63f542ea40392228e962bfb19a84fb7ac2934f44cc15129eb4b3afe2d5f3d0a2fc65a88e3b611ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c3c4d375b6476674_0

Filesize
11KB

MD5
980b3f1a030903fcfe53903dbd1cf021

SHA1
4ca3670e8e3224d01cde12c6e34a840c10c0c6cb

SHA256
6ecae7dd8849006c6d9252770cfa5e7a1efc62dbe756a0e830a9956404a684a0

SHA512
d1203ecb9b84074f39bfb1a95bff6fdd7b2cc7ea06c9b5fa1452be4c64d675edae5da8b094535c8f82db2fb87e0a3e299f05902fe1bbd61f4b7bad690b848af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c3f149b0534fa3b1_0

Filesize
259B

MD5
dcc8b4755b7a160c74096de3ed4c8335

SHA1
7c349b810d1ca6ab749a5ca5045205385804c708

SHA256
4e838597b79e377146fa25ab44962c37d098a74962c5f99fc95bfe0a61f486cf

SHA512
92db418c2951b70693d88563659129eb6dcde6916e80e0a40f4a12cc351cbf556d81abd8bde4c5afbfc0cd805671f849388a6ef8eb3f5cf7bca4a9b8e84c3363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
e86ae5853a8682bc16f917187bc4a67b

SHA1
fb6d72b96c7a69dfe50729ab8f61bb4fb0edf1cb

SHA256
480af8d72f7866adc8b9d4d40c35bffc8027b69fbbda1faee403af3dbb46f0ef

SHA512
126972884e99bdc1d89e08cf3a57fab5f558da71dbe3b1529b27e2ea5817eab98efdb72247b76d15712daff9a42bb038a0699a77ccabc4b5f2f547f2ccc3294f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
045c2b76813d2c014c9584f8bd45f790

SHA1
1db1b2bc2be6e353992a9878bf813ad9efef0695

SHA256
31eebadafe5ca32f504bbb1e46a5a6e31b9d7abab20639740c79b4f360ecf753

SHA512
f9851cf295b3615c93e304b3139721e60e54671bc9ca1280b7f1cf298e16c9c777b3dbb428b10cd16a3bbf9722e34b44520c10bb60f76484737cc42e636e4fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
3f33bc1afc7f394f858a0d3dc07b68a1

SHA1
fdb1dab6fbe17ee4ed29bcc374295b857e1f22be

SHA256
b60bc1c426f5202a1839cd37e5c9e22d09651423e07eda1ab589125d6497542b

SHA512
cdcfb77f5d4ccfca4bb48daec26bb6204cfd99e1896ddf2581e6e77af0f7528ad8a32c0f6790a6f1ec293bbf783703b9063e6e5764781fb19208af3eb30b3d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
9b1f61830f502c8564e225e8b97775b3

SHA1
c0f1cbf494f32d1c670ce0e17af42669bbfc91bd

SHA256
c68d6e518ddb53a594834f433f6a82aefc1337d36d9902b2e92f38e941a4b43c

SHA512
17d9543c0148ab0115a14bd061c9ec590202b5bdc8f77364d87c2f10c9633ee39e368aa04d512585c825af147f401f482aeb7f8e91e08bf1cf7565b068c9f948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
bb4f199f227b94d41915ec899ad593eb

SHA1
d96512d67cd204285175b628fdd934e49445d68b

SHA256
8fd51e7c1ed70d6e32dc5134b3e4f4963d1a0ed165e74243be6b1316876dec45

SHA512
bd4dcfc0f5d34ad5b63a7ca75036bb65a1d65c7a43d6fdb08e8e1b3ddfcc2ad5dcc0c6627eb98cb9ee2ee2f30979bddcf1e2e62f0459816ad8ea4833a976d9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
838B

MD5
6c6bb3f8dd2c90a83172c1b0162484ea

SHA1
fe86202f623df6402ef4db9d7a95ae8342f8d2ea

SHA256
1d0ef9c899e5ca24149228f8f40c849ce5de8b5d1c19aa941df801a6de2b1b88

SHA512
629976e6ec252bc1b26f2e2c65ffe3b5a0f505c5280d7dc50b699b36a292eb9b6dcab60841df3896773c93f390d13d6a1febf7115ee949c10fc64bdc83b7ff7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
eadaeb90b9aaa76fe5a3d6fce1c4bb6f

SHA1
760b1fda7ebf81b7bfb703e2466eccea498e3813

SHA256
f49f6b9dca75ed0904e7d41eb34857923716499d282ce2bd8b6c70f0ddea1f23

SHA512
8ca5220ffc0c023a7cdd665915508bb23657e55d03a7460574d8a79c05c380b91985496e721bf588bdd06a83fb39a3a0206614eb19248653df6d2b5eb6d3cdd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
101B

MD5
7cd971003443dc7a10589095276055b7

SHA1
dc00eaf0e8d9c45b9e74829f1be01862b79360e6

SHA256
d0164201a832f3e8bc38204e74defe2192b92f69696e5980a0479d63520c4956

SHA512
bc0cbcb450e5b0558f32306b5416163088482fe4ef2e4a93bc5d6bba27b2dd970c16aaaaa821bb70121bf79267dd0f460aa7078a09d45cc89a68d1e293567616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
d38119f361965dffa720a5bc6f9143cb

SHA1
a56ca5e7d5084de9ae69565a1f245b045332eb93

SHA256
af30610063c9ff3dc345025d43be775105f7cf230022e2fe7575386d94d33fd7

SHA512
e8c931cf2d4d0484b7b94b9ed66ba1db59946c9fa0e8469e055eb5e5829c5026dc0fe2cfd7df6367ebe1c054d8782620c0a26305e0689727e35efa0d97b6c179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
994B

MD5
8348430b86b73064616313ff1352ac97

SHA1
f250d7d6aeadfb021992f082398922bdea84dac6

SHA256
e29253e278221047e2e22fd8e0dad0ac8f3da885c7507a2bd219da1b107d967e

SHA512
87237ff2cc748adaed9dbc9acc26a3623fd55b053d3cc8a9ac3b4aaa2c31723ab2e7dcdeb31983438f4dfbe2165aacf923f30558765df1d8dbdd832897ff8345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c1b2a84cae632f7dc20fe7355e5532ad

SHA1
e1a374f61e85d2e9256011a76560d7cd5523eaa6

SHA256
6651d029b03f6c96968fd2da5a282fc14b71b638d08b6544c9ab0300cf9c13a1

SHA512
372fa1a3774907e9d0e8188c4cb53d2f10a23fa1b43aed97875064c1e952b88a75c999897140a288a034f9798da93108896e76888486e2a0b37d4ff5e1046ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
479caa7262c8c05527e515f7b0850152

SHA1
1adf07999f1fd112cc43844ad5cd1c0d6bc92d89

SHA256
7dcf825cd6b123a9673cffcd6e2e8eff1d7a7d1e0fdd193a373571ba26659a97

SHA512
6fa53fa1b65d385b5dc777a68d981de0fbefe5e9ddc98152913f9053d763c77073202b96e753cd54ed3f26e446f82a3e0b963c73dd3cb35f00211d5ec02a5b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3f11b3c5c4dd72881a7fb824fc82de1b

SHA1
33235ca5e8812a5593ae2f36f8f01ac5131b103c

SHA256
0aa3cfe7e40eb31c461a6627db45d1658fce160d87f21f145d079b4f9bd9791a

SHA512
262eae00de54ee1b3ec852566da72cae639587f431e3e9e54d6e852cf34833a231614273cc66a365d90da9d0cd4e7cf1efc9d9532845441ebe3be0b0ab16a0a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53eeb932111b2695354632e8f349cc49

SHA1
c314e38911f2a4bfb7d349ec59a40992e51fb7f0

SHA256
414ee10219d8c0a7005254cde106d54771d3947e8150113e78c73f78d9e67bc3

SHA512
b77931bd62a08e31778eafad9b1240328701855e05ebd7fa9a4b28ff1e9bba81cc4658dad10f8c6c315f9be5b259f07dc2a4370ec5395f3c47e9b1518dc6d47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
56bdc3044538abdf56f33e7f56d1919a

SHA1
3eb3abf52e90a4012b13e98d9f15451cd6791117

SHA256
c3483b9772929bde90c67dfd8e023bddf18da09e20743e18ef3c73532326c878

SHA512
cf0af7d6a45c6e3cfa196d343ee7af2572479399bedcf5d30c3191bb8203aebe572d6eabf5e97e010c57980e03f60f713bf35370fa6c04218a63336b5743b541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
314900a2d335bdcb43ceddfdc15aced6

SHA1
082d41c5f45e266d1620d706440036367b784d0f

SHA256
1160997aee435f62537e6966a52d4dc6560585e87db7f0bc6fd9a138e2943bad

SHA512
58779f9fadc20bd0eac52da5ce00920d3807fdf6b71fbd7d53be0e43a6644e360cb9e71fdc04415b864d223d496f1dfb267ca5df7e610d21a1a36ccede6a5bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ad831.TMP

Filesize
48B

MD5
6ebc712310bb8478dad0da5a8658eba5

SHA1
db868f9da87fa35a9fbd7f60bcded2a45eb7593b

SHA256
a6bb8210e961584a8a1dab9169d7469b4475cc432f39acb5882c1fee3b98c1f5

SHA512
e1a0689c3599529081bd597f03e6986b51a9dff12c39ac2dca28fb812eea19b5e5a0c8f201f17fc3fa229d55abef9f87d79ee84238a13d2315655a76d4c57dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
319B

MD5
6bd8062129cd748a12175b932f849fd1

SHA1
38328370b8d1d35aec1a0aeca14efb94062ce10a

SHA256
8fb468d10ac6d8a6715dd616d7eb29ccb8c7996ac47d69716f49881cc10798b0

SHA512
b7dafeaadde226ce0a3343c8d2dabb48edd0a854dcda14cc912e354f401fc36bb5bee6a66e33530ca76a8a568648b822d1b3e872e0735ff5a64d5355378591ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
6d477ff0f162e564af64fa9fb7d1ed5d

SHA1
400da39c4b37b1b560476bad05c0775a24aeda1c

SHA256
f00a352beace78ed565665b89a085f4b7ffa7fec06be96bbad293602f407cffe

SHA512
51c1bf61e1d13bc8142f275f02664118fe5d04cee7e480f9a17321c3e71287500fa6cace54d9888bf259b7519a59ddcdec3700372f982d03388390887776673b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380675153094860

Filesize
1KB

MD5
56565f2658a6552074670f07615c73cd

SHA1
357f7ef31973e87ffacf18822a50355e1bf9e7cc

SHA256
11102c2293a822efab73ef7929ecf8aed685aa380fef39d870ac45a27334db20

SHA512
b5a5722335d773727e4037383efbc9d064c4c0ba171de30da60970e1cbbb9bad9fa23cbb178b1a7c52d393cb005e31814209eed2cbec801fa8ea13026cd4293d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13380675153110860

Filesize
1KB

MD5
53323784f8c27c3e73a7fd8dce2e7411

SHA1
1bcfba3bcf995acd98fadf7775effcf42571379d

SHA256
d53e1e7cb4da527a05c7aa124cb65a0a18a64c171eceecb8984a6f59e539bd85

SHA512
a613ee8378588a6b924faabd7c201e21b3751eff7899e9fc85e0b91524160330675e984a248886c70b7c1fd4be88c70abad4aa6dd52166d8d3745bf83a5e140b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
a322ef617b927a4a6546aa477c8f61e8

SHA1
8a9152bdf8e95a3d2d6ce9302ea6b641d73c4462

SHA256
f54e668c8bf314780031d10e620f861bc9d58db6cdc12f32db86954cef63ae3e

SHA512
dc9138d69e46207c81bbaa962621918119d6e2d247958130f194df256cbf7d2746af4a59b97b2abf088954d3e01b54db6c9b83e4c50a7556ceca0f5eb3ef5b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6d7fa9093d17011b4e299c3493981edb

SHA1
8504eec5c0fa484c49132df8dade8a3b689080ee

SHA256
7cf9ed2eca13df36c4fe98d99c68733ebdeb104242c143a53019accd98da4e5e

SHA512
ad87031e780bbe104f15e20938ff9ddb33b894d2dc4c66239504231d6e92f0422cb59330dcb211976d95a8790e857a31f18a6c1f20b62455699d350a687d7689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
23e18211bcab28c66e45210b4acf0f46

SHA1
fe649ab251ff3cbd60acc2fa3c3b6d3c49b71025

SHA256
225947f6140058ce427125c96260c496398bf3c50ee6f8f6c42eb3c2b44a491e

SHA512
c46674de99baf4d9f63c5ae0cc71539255b5c3d45283606513138fd4c8dcc4aa438b7987c41a91fd8f715c66bf442d229447c8e85604deeac0199f32a2a21373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
1a72c9d675b59f6ab53fd5f8480957c5

SHA1
a935d3423c57c8ba27a3ac915e87acdb72b8dcf1

SHA256
d55e3e8ed154b9baf6f2be76994040038ca96bd4584167b331c8ed06e6f32cf7

SHA512
327386183e3875d836e3e92a247a7efd319ec5cbaf6936ce7970527227492b3be3c1799fd0a93167b14012078a97120049ec721812ca5411a1907969ece8311e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
186f99acbfd44383558550515cd45d8c

SHA1
9c1ecf7337636a65640a65324447d8d9992fee2b

SHA256
e76c5308ed90fc421ad42f3f7f67957d79f660f398b1d46404f765f5ad48d6d3

SHA512
36730a1d721fe59081cfb0d3b329022dd4e4756f9ce1bb2f0d304fc4397c126d914c94fe27ba99fef875a219f297428687c1da96255aba3fd9481dfabc06e1b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
531KB

MD5
31f220cbad446386eccb87a960c86646

SHA1
5975048548c34e4ae6816e1422632783414887f3

SHA256
73d205842c95992666dc251ad928bf60d6db8700befa9f55e841c5bb355d2e8f

SHA512
c80af1741c5064fddecf34cd9fb7024517dc7d3987f98f685b18eb5508d0ec0b6d338065475ed15cfafede13d48b8eef7d920517a121598529c92abdb32782d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
bfe39067e9fabfcc8e6d78efde7af168

SHA1
eefcf236f3c2b50a4c5b26b7dabdf5b2d37fe318

SHA256
288d5ff8deeeb7360d344fa097a26c45a895a933e77cebc4059a271e6449d256

SHA512
c31b579d2b687a97385b4ddada16cc6c07763be0208ee46cffbf43cd8490b488e69456b3df17a6d3619d769aae14da6ea3f5eaf3877c63668335910dc4b73b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
caae41f39f23af0b75bb0cc7c77f017a

SHA1
775dc3977763610adb5a5e17ab7495f7566f6fe4

SHA256
0fe31ba92c7ed467bbfd709d2cda6cbfa63dae8961c6ec3457ec7e4d771d54de

SHA512
63fb126e0a32634db0371873b0d9d16e1faf486d35a9c61554f51d1cf3867e054e2a9c0d3bee5d04c22484fdbbaa855261662c21c8e365a8571bc001681c8b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
f1beb3e20813a963e5664348ec9b4b6d

SHA1
625c8b1dba87c03f8c1717cbb862262146056ec4

SHA256
f06ee0fe36c4cd6d340e2d263b580c4a2ccf58e1789e14da3cc390ee642f13ab

SHA512
ed4bdfd72ae591473c33a51947d1a0a914684a3b65e66ebd67886e0cc93d6e538151b3da05586113de1d3bb8bf558f21ed5b72b45fce4c1299a4080aebe48abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8187ed4c63056dda1b8d9b5780d2046d

SHA1
3ade20ba161e01facfe5c973529b805ca96c0fe5

SHA256
364ea9a82aad72966f83b73ad3b6a0d4acf9e52e45b34276ea8ddca1c9829005

SHA512
6d0e3f89048d54f9f540a7a2db942f95caff57765258861f64e2c8c37bbebf7d9e54890301417721fbf4cda4d38ce7e8ef722038a14b243fb7f2dc4cf70da91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
6432049f66765db03dbe2884ef063cb6

SHA1
eb4fed2caed3ffddf865f57f797f2487caadae77

SHA256
27f672f12a9a84dca03474f89e582b4bb4f93e3f28d34cd7b3234c6953fe3277

SHA512
f8a5c625a5bacae650b7c8769fbc8401fc474134fe741db1a2134d59ab875a7b490c7d6695cb69052c09b6264aa6d954ee05b73357110afc480444ba4893a76c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9d3c317baf6d228e67f623646f83091d

SHA1
64b8e3881e9751388d1066a6036695fd1e66a413

SHA256
cea8fb83cd1d43a24432901151db9e8fba6a0e5e3e1abea9f13488d680ebfa12

SHA512
c3293c364b5793e89ea225f21c3a594902cb2aa21c612e70508338a10e5840659d2c640e108fc43b3cab53bc45cd73deda5750c75553557930bce61e607ec16b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
830e099f3ac64918b1921847e904563c

SHA1
fe349c109003424b64d893d75a27cb9d0a912de8

SHA256
0f92053698d1c2f271d9802da89dcf9e3ba244246262a4f6c4560af4adcffd53

SHA512
8d468ae47cbbae0564469088e74a261c9340eac49bb6c17205b25ea2ca47f5a1d069a6286d47097e0efe0edcfc4447612675535475e221f24fd024c4aeb2c184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
a7653b3b0cbc78b870e03f1143b4c868

SHA1
0612bd3b8ddb9879a48bcff879c49a089af2bc8c

SHA256
dc729be401450576f556932a4057826877804fb3d9cc2b95c69a7401f6db4b5c

SHA512
c070602a0214bb30db225061d9bb06f45a5a6bc6aaa1866d2b2a8dfd2185490baf607301e1c4edb740324cdc91df75c9a106c2d2e2d9e3bb210f3493259ebc9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
15b7da39cc4d48a07a8a303005a3d6ab

SHA1
75c84d272c31e04a13f17678e75acdc3b0123081

SHA256
8fcd1c112de5d687e3f69bf82f6290bd20c9a5e4f8591841b01e5623962a875a

SHA512
261d9a79b5e2d54879c4d469ce47167915171eff0ffed7f675f597f697bb4f7dd7862badc5ffb8ef31bb6359dee11e083396203c22800e7e00d3c479e8b4d234

Download Submit
memory/4960-6-0x00007FFE43D40000-0x00007FFE44801000-memory.dmp

Filesize
10.8MB

Download
memory/4960-5-0x00007FFE43D43000-0x00007FFE43D45000-memory.dmp

Filesize
8KB

Download
memory/4960-4-0x00000235AD650000-0x00000235ADB78000-memory.dmp

Filesize
5.2MB

Download
memory/4960-3-0x00007FFE43D40000-0x00007FFE44801000-memory.dmp

Filesize
10.8MB

Download
memory/4960-2-0x00000235ACE50000-0x00000235AD012000-memory.dmp

Filesize
1.8MB

Download
memory/4960-0-0x00007FFE43D43000-0x00007FFE43D45000-memory.dmp

Filesize
8KB

Download
memory/4960-1-0x00000235927C0000-0x00000235927D8000-memory.dmp

Filesize
96KB

Download
memory/4960-456-0x00007FFE43D40000-0x00007FFE44801000-memory.dmp

Filesize
10.8MB

Download