discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0/releases/tag/2[.]0 bot [:] MTMyNjQwNDQ3NTQ1NTI3NTEyMg[.]Gq7-LK[.]dOv3-pxF5dlAOGQ_beS7VuRgUxKcJuPGgVs_Po guild [:] 1244454499527954453/1244454499527954456

Analysis

max time kernel
900s
max time network
888s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2025 04:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0/releases/tag/2.0 bot : MTMyNjQwNDQ3NTQ1NTI3NTEyMg.Gq7-LK.dOv3-pxF5dlAOGQ_beS7VuRgUxKcJuPGgVs_Po guild : 1244454499527954453/1244454499527954456

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyNjQwNDQ3NTQ1NTI3NTEyMg.Gq7-LK.dOv3-pxF5dlAOGQ_beS7VuRgUxKcJuPGgVs_Po
server_id
1244454499527954453/1244454499527954456

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 5 IoCs

pid	Process
1972	Client-built.exe
4180	Client-built.exe
992	Client-built.exe
4236	Client-built.exe
3220	Client-built.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3876	msedge.exe
3876	msedge.exe
860	identity_helper.exe
860	identity_helper.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4264	msedge.exe
4264	msedge.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3940	OpenWith.exe
4168	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	1972	Client-built.exe
Token: SeDebugPrivilege	4180	Client-built.exe
Token: SeDebugPrivilege	992	Client-built.exe
Token: SeDebugPrivilege	4236	Client-built.exe
Token: SeDebugPrivilege	4996	Discord rat.exe
Token: SeDebugPrivilege	2512	Discord rat.exe
Token: SeDebugPrivilege	4168	taskmgr.exe
Token: SeSystemProfilePrivilege	4168	taskmgr.exe
Token: SeCreateGlobalPrivilege	4168	taskmgr.exe
Token: 33	4168	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4168	taskmgr.exe
Token: SeDebugPrivilege	3220	Client-built.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
2904	builder.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3940	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3876 wrote to memory of 4016	3876	msedge.exe	83
PID 3876 wrote to memory of 4016	3876	msedge.exe	83
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 2748	3876	msedge.exe	84
PID 3876 wrote to memory of 3588	3876	msedge.exe	85
PID 3876 wrote to memory of 3588	3876	msedge.exe	85
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86
PID 3876 wrote to memory of 3212	3876	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/tag/2.0 bot : MTMyNjQwNDQ3NTQ1NTI3NTEyMg.Gq7-LK.dOv3-pxF5dlAOGQ_beS7VuRgUxKcJuPGgVs_Po guild : 1244454499527954453/1244454499527954456
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf63346f8,0x7ffcf6334708,0x7ffcf6334718
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,3384850147464535344,11723633423383610986,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1448

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:2904

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3940

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4180

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:992

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4236

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2388

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4996

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2512

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4168

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\builder.exe.log

Filesize
1KB

MD5
7ebe314bf617dc3e48b995a6c352740c

SHA1
538f643b7b30f9231a3035c448607f767527a870

SHA256
48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8

SHA512
0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
38KB

MD5
c7b82a286eac39164c0726b1749636f1

SHA1
dd949addbfa87f92c1692744b44441d60b52226d

SHA256
8bf222b1dd4668c4ffd9f9c5f5ab155c93ad11be678f37dd75b639f0ead474d0

SHA512
be7b1c64b0f429a54a743f0618ffbc8f44ede8bc514d59acd356e9fe9f682da50a2898b150f33d1de198e8bcf82899569325c587a0c2a7a57e57f728156036e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
37KB

MD5
9f394757279a4ff3ad2a3b668e96c107

SHA1
131eaef19e2953762922d0403a79c663474aa48f

SHA256
5144936a5db002ac68fcedc9c3336a0e0fb038c8dafbcf025f1641986d4193d4

SHA512
aa8b10b03b5986ce59c83b8de223b68cc21fd3163acd1834d288b54382ae5410125f45ab62cf52c12eb20e9d9b630b34fd08686426b2764680d9447d8b69684a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
18KB

MD5
abb8bd3b5a206b3a87c46a869c561e78

SHA1
baa9e7aa2be00a396b2631a8e46a41af73c389df

SHA256
a1eea8b5277e7e3bd6411970a0dfe1d6b44a0ae3b43ebf788f25d1544e3af6ed

SHA512
6032f78ada98afc075363ae2200e2ee0a07553630ed23a060061099c27a76ea52f114699da0572229eb5b88c8a45bfb7dd18b6033e860f1a5b9044f5224cc02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
16KB

MD5
cfa35eb916108c25cee62cfe1c13c087

SHA1
7fb0a039b591610029243c9f5d569a4e4674a99e

SHA256
986387f306783662f401ae5a2641b1ff1403efc91887185a8ae09187b91495bc

SHA512
356fcfc8fdbc7914734f5c6e057f15e52bdf35b8e626b46a0fffd2cd18c1e4ba8f11948f8ca656005b9d6e5007fbbd3d18b77699e00866a289bb0521e657cccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
438d9924cf54fcfd1c0eb8dd4ad2071c

SHA1
ea36217cfaef2255d4b70361b0f4bac9f7eb1199

SHA256
afea1a8dcd2574233fa32190083a8c1007d5d1dcc3588614c75b75e68a00c150

SHA512
cac143a94f709d1433c0189b1c93e50f4f7282178e8839d6a052ec1f3f2938ab1944cb87ccd9bcf6c550ecf0743db8530dd3e2ce4097e9f7b708fca504b2df67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b1344cb165874f62ccb0bc2ba33469ac

SHA1
25f152ffb963571ea365abb9d019c5ec481400dd

SHA256
a92ac5beeeab7deaf5be1faa2da9229005a13630a278f3fd400fa3c6af5c13e0

SHA512
c03aed38b7af68ba929f29fc89383e8c22a06b4d73921df8405bda7b1e1f69700b6c0fa873169607c99e97266caf7093fe75057257f83320babf3a61458fafc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2d608867d66af06f34685a8089310e83

SHA1
708e988b5013f40947b4767a4017e5afa580859f

SHA256
d1dc0872a47210c29deb9ac0129c36a257bf35d12046fc2aaf6c428f3a33fa1a

SHA512
2e4ee6020a6124314f023cd8d14dfd403ea3d5ae93693a46aac8187d25db70a983b8fae3204d954e70845329804b053443d664656159bcaad6425332db54ecee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
701B

MD5
bbd1de354d7cf2ef2998e00d00f07ae6

SHA1
6ddcb9b7a4235950d42f13486c79f32a22fdf674

SHA256
3e759e2e227d54be44b704311575f94f1dafcdba4edaee57cefcbc297816ab32

SHA512
ec4198b1ba96c2d82466729daedee7151f4cb70354d3a8d95ab0a3a6bd3e71154f18456c08c9bd1d8cbdb66475cea80396ff090f4515ea2261d7b092a7e31a3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
b12ee6b010e965ed924892682077404b

SHA1
cc06dbdc7cf807fb8aa0f90749f5f07c2fcf55fa

SHA256
fefc13d455791d6cc3d8bee48121ca6d7c21e147fd45c504f236bce95e0ea58d

SHA512
b4178d1bc5b95dbabbc5dd1f902f2601b39904279d56b725a9c4aeacf9c27860c02207b1409298c911976540a30eb194c469f7fea64cb3a117755e57a56c3e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
788B

MD5
6da403e1b181508c7abd193307fd4779

SHA1
e6c2ece56769ea57e6267823314b53878b342e7f

SHA256
6d67a8bd68b893654ce816396f6675f1e951a00e802f4ad03af1aab109aad7bf

SHA512
064006ef369c75ecf6ecea837a2e7d5b23f73ed455cd0f920ab17430010c79f640507e8a75e0ed9a786b8f4f5f8e70d14e4ccd7d332157088ec1e08c58725299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
488b1991b60ba182dea2da20dcd486c0

SHA1
6b45406d3bf37c7db78cce934ff90098e23f2066

SHA256
5e1caef8fc61ddd8fb8325ba08b45c458235fe23b2ee231808edcaa0bb1927f7

SHA512
c28a9d7de42071bb113831c66da3187452a5e9bbd8aa9a2e28607925031efc40231332f4a5fe73fdafa819f3d766eeaefd8503529e98d2d7c84bc5dcf1bcb364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f2e1d25aa4043a0e6e78b312ab48023

SHA1
cee2cc0b47bee28de4c570be86a83c31ed0f8303

SHA256
865572a27b29c342097f9c003c4d4ab21d09c32543a737020cf4d4f1eda544a8

SHA512
62c4a8b62fb081abc5c1132935b52e2ccb9f369ef599dcf65fd9020095273e2b75e3e856638a0da9a2dba5b4bf7025938274749eaaef805346900f60ece89f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
90d81f1070bc78a10fdf847d446e79b1

SHA1
c03f82d6c27b079e95f4a355bcbb4ade7ce33404

SHA256
cd99797e24f4db68a1b976907eb2092317585774b0f1482e860f25a5a93a504b

SHA512
b295a8d8f0b0c85dba1ad3d45b6de939c98d0778dc7e02ad6d41b5e2c8a8eee7bf5036eac63c4e9e1d930c6aa24da9f76f65ae3ceed34862a745da4214212e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ce6342c41d75da0600f87f2e6f85f90

SHA1
eb759c6ad0544ab017323c7b8aa11806f796f379

SHA256
b2e0af3add1fcc81236d8432ad8a1eb05fc602a4bd97a3e0801ec28ebe9cd301

SHA512
d7b209c3f635e0a7a92a2f34d7055237fa3a23ded431eafd8d91151d7a675868f86fc34aaedff732601d76e30cdff4a08e776dd3edd19653dc0c0013aeba0dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b19d5c9eddda17935765aa4f757a60a

SHA1
1901090a4624215c6d42b2cf671d50a3da8d3c09

SHA256
13ff8b9830c1ea3be9c57b0c8f9a5df9e0e62de6bd9481e23f21cbb07ce5352c

SHA512
650574287105c05fa56c8be1174e0e0bbf4ba8101e1277880b2cde51a731d5bc5e8ae78b2e5e637b00591d2f525d4ec3c995e42b6bc4df07c87d2744a5674ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e400131de441fe600777deafbf80422

SHA1
10875baf21dad1ca06adb86827101e3fb23aa503

SHA256
edcdb9359fa85b0b9b637316f5131c7c2134a632cac6ef4acb50f1f1cfd39ce6

SHA512
14877d98951be08338e545151927467451b6ea8701f727886b6a4e3bb864360679bf81303c1cb99872ff3c9df069cd8bf16d113e938008c16ef2d39fe01ca1fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
af7afb23812191f5d4011b1d443cb4e8

SHA1
911e9dac84bf0005c63fbaee2f6f63a9650a2fe9

SHA256
763b39593be5ca382b86ef014725bb814187905e14da38420cfc04ef01850877

SHA512
0559292b88ad70a77099ce82c4a83921c627b688adddd022b5a49246a1f138e283c276027c9a9aecdb483c3bd6482c1f3daf852d89e33cf90787430e63064de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
280cba8ce2149cbf0239f547427a14a3

SHA1
5d1f49e1855ea79b1f9b1f9699cdba9ef2a8b02b

SHA256
70828381a169a76951450fb16b3a8a264953c2973272d0dd52a048aec0b5bbfe

SHA512
1f057973664ace74d49bae5e9e6b4c091fced91f5d629a552dc74e92c53fcc9211b4dfec86128640f2dd8787211f26b3ce274812201d5fab7df041c0eb1a2763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ec16146f81a37757ef6f6421c148f6dc

SHA1
677cddebd8ce91b7a13e4ff3878283b3c97a777e

SHA256
8da437948ff4eeb87f86b5dadde8f4f879af9bafe25144e0396eecbedb5cd4cd

SHA512
d56c7e4f5606a08dc814b00a2250f4a42dca3f3cc69a3b1f5190fe51084b8cc8d6ae0098790f245bb39104f326c970970c832d27cf9e58348e02a45e21da2712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0941c41b4bf03028ee69c17e54ebf57c

SHA1
9822a201078b18761d870dd4c35a1a7a5951edef

SHA256
4dd1678d261d1e81a7d648d34432602029b4dee53b2fe26e1fb43e34f54309cb

SHA512
754d46ae302723c8af6fd0a44f3d1b8213f3909cd55853565bbca82a6003a183a7836c5db8a0b627260cfefd218159a7224470b0790bd09b8d0cd4d303377c87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e6c5c294dfd82d79b8956a4826650fd5

SHA1
ab3c4f32fece19377cfca66259da88f64e295fbc

SHA256
ece4d694d7b7236bc166e38014cc24659d9ffb7c44067efea3486dc0586b1492

SHA512
172ca34f8e2627ecb36601ea6484d711bf845f4ad3427b01f2ea329866a428fe8e436258e7b7ee060b9d435c2a1e4d98544b64f29f4870c8bf7a2457bb296a93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff40d9d4c769c4935d654b0eb8999244

SHA1
1e6c2df7fd1f3bae9889746012b606ce86f796f1

SHA256
7eee13dc6f5288a4fbc6e2b2a64fd6a3a2e716c9b5aa6d2e15317cdf5099c642

SHA512
f7d238d27607ba021c231fc3fde127b9ee0cdce6012b207e65c277d355cfabe93187370302b4326acd5fa38bae84a656379ea1acebbd0ae7601b2f653669d96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2cd9ae79cc459c34841fcf9eaf4cda5d

SHA1
34ff5ac98cd1848ce6b2d0b343a090664489d2e4

SHA256
6d946e6734d705cdb11f447a9ceef96f9328957ae55219500ca7f386a6b99934

SHA512
7f0788a5b961e01ecf8383bea5dce167043c56332fb074b120aa018ca846068f95cc6a306ee67d38578f354eb00826c916e1a0e1b03ee4c2ac2ffa3d085f6956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
48e91ee3193161830152e656a1fb81a4

SHA1
380f3231e40439679a997f470a3878703f3f0318

SHA256
d9763d371aa96b87c7d5d05f0ec080dde76f804cd95109f64698aef885d5a718

SHA512
0da6a834db4e4b672a1c8a44dad1d491e662f11dd669515ba892b28e17b8773cc1f1db9006f10976d0c8f88cec6493a9d6090c6de436ee099a4820b6cd80e4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
adfa1672ecfcb99012482ad725b98299

SHA1
6cb52be999842e1a7f56610453614ee1cefed0d9

SHA256
cf53ecf5e4702694cabc31c8b79cb9f1d854b504889d97b80b7cbb7c0ed0fb55

SHA512
be04593228fd8fe253ae6295505622fefd0ec10e6c6b33d948f2d091b5eeddb49815c9d83d60472f8ba1b77dedd1c0685db1d31dc843868a750ddcb45bc53043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e6f6800cbd2eeff554527dc1d64255e

SHA1
cdbc9ef2e762bc0dfe12503762f64aa4be842967

SHA256
d540e399c388c928dc9702d7c476fc4b9387af1168bd354e36d0e489255f4b3f

SHA512
e7f5d69908e251b1306e116850c31366f92913b16882a665f24d2b4d0bf15f115803e88d53296a8929c8ba2ca101fd4ecbe62f60fb5c4aa738cb22284d3d18a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e678.TMP

Filesize
537B

MD5
df3c57aca837569c26d6bf9ccebcb606

SHA1
60eefe8a413ecf4995870334f89e2ef159810e1f

SHA256
6ea4660bad0af7fdb01439edaa55ec1c4298836e1f92b506fa9e929e1b66fc12

SHA512
ee079570a75b8c72d25ccfa0956054b77d2a23bdb6bdb3c06ea0465b1825a8e40c1770bc1a27f1764876d484f55b19421f96d828aab14cf356769f103277388c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1143a31324c916415f419bf5fc9a8366

SHA1
1edd553010e4928df19390ab262a43107e383441

SHA256
b6e07d7aaf68a6d564350d5f34833451e3b4ad4fa4458458c8910a57f0adffbc

SHA512
4068958b306e68ee06c616aabf1d87d9ba28b1c133cfe0e0e1d7cf2d1107f8ab9e9e8a6e2f36b8b8bfb225df99b4659b39b0efeb1132e372526527d3242f8cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1269c2b39f0b54f53659041529a8a522

SHA1
7d3c32e69d29aec0e662d22f7a2e063ac480cf23

SHA256
68f5c958b9ca2b845df08171e083683293308ff77acba9aab8aae365124d46a0

SHA512
32ccf35f0142c0b5c395518318a78155cbcb70c3c6350cbd8fded6bfae4cbe5166db4e63ee86f87bdbd0ddf8830d3beb7a0528265b2ebafd7e1b69c814eff8e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1eef90fa2d972f637f2b163097cbfb55

SHA1
99da230567e4e89dec68c2ae0173b30f23a647a2

SHA256
a6ff5b9b0991f670ebe7b4159ab4331f5053c6190c2ee00a220b25dfb53b2c78

SHA512
5601de3a5a260f64af6bb2e2fbdc8a96c1ddfaf8ba462ff4b1fc612df0321294cc2cdfddf94cc5d1553b6b0e55cabd2a714c15042d58f8b5e1c42e94e5fa7de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0c74726d51e44dd781682c3789946a37

SHA1
accd421cc1de1e4fa10817ed090765db0157600b

SHA256
589ec44e8f896e9395818c8ced8d1184474884a3ae2a2279160a5eeffad6eb7d

SHA512
285d6e5c61bf002fe73cd62d4ebb93ba721246ac27fd8dd958e32500f55e98a43bef79483b3e39a3e884ad21d9d8f212833fcc61d6b25423634989fa59065041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d5d3e7696f98c0a7fd32d2870d1331d3

SHA1
c7c3dfafd9fc6ae720b86c559edbdc5671c4e09d

SHA256
be83e3fab9c3932ec00ad09e403f481e53b76dea463f08a30ed9d0433b8c4edb

SHA512
dc401cfe4459a198fc8388ee9c8de8f490178bb0b722c5d3903a848097042960dd23567a5ffcd9876c7680b5dcdfe6c35ab8ad49d261a5e384c88de8baa6df4e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
70c04c97efa0b825db357f2a69d17ab0

SHA1
8af385f18a10e79e773755b684120b5ed2b2a545

SHA256
d3d7f9890d6ca85cad886cbac60363c97ba4cb37d465fb06e43d1956810d2f8a

SHA512
ef0d22a0eb6e77a07d00a8f79347ef70482417fc03a003b356287bc7583d4adf9e3b0a9c393a54c30c2715622e928b5c3e19016671f3fb614fd91d1dd8063d7f

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
2bbd4e88b82caaa292eaa807b075fe42

SHA1
4cec740ccb16c951d412ff0b8ec248dfaa46380d

SHA256
5b109a0b8bd6a86d0212f76fbccd49c184682f06fc244a65225c60372b17eb4b

SHA512
70ef16a59dc8b2f704ca779e37ab5bea1a65e0f8893780751bc03db7ae5e6223aeb8b8b600e9a95928294eeb7299e18057cbfa3f56ac03de0304d0a0db46b27c

Download Submit
memory/1972-1056-0x000001E9A7460000-0x000001E9A7622000-memory.dmp

Filesize
1.8MB

Download
memory/1972-1057-0x000001E9A7C60000-0x000001E9A8188000-memory.dmp

Filesize
5.2MB

Download
memory/1972-1055-0x000001E98CDB0000-0x000001E98CDC8000-memory.dmp

Filesize
96KB

Download
memory/2904-1030-0x00000000060D0000-0x00000000061F2000-memory.dmp

Filesize
1.1MB

Download
memory/2904-990-0x00000000003B0000-0x00000000003B8000-memory.dmp

Filesize
32KB

Download
memory/2904-992-0x0000000004E00000-0x0000000004E92000-memory.dmp

Filesize
584KB

Download
memory/2904-991-0x00000000053B0000-0x0000000005954000-memory.dmp

Filesize
5.6MB

Download
memory/2904-993-0x0000000004DD0000-0x0000000004DDA000-memory.dmp

Filesize
40KB

Download
memory/4168-1150-0x000001DAAC600000-0x000001DAAC601000-memory.dmp

Filesize
4KB

Download
memory/4168-1139-0x000001DAAC600000-0x000001DAAC601000-memory.dmp

Filesize
4KB

Download
memory/4168-1141-0x000001DAAC600000-0x000001DAAC601000-memory.dmp

Filesize
4KB

Download
memory/4168-1140-0x000001DAAC600000-0x000001DAAC601000-memory.dmp

Filesize
4KB

Download
memory/4168-1151-0x000001DAAC600000-0x000001DAAC601000-memory.dmp

Filesize
4KB

Download
memory/4168-1149-0x000001DAAC600000-0x000001DAAC601000-memory.dmp

Filesize
4KB

Download
memory/4168-1148-0x000001DAAC600000-0x000001DAAC601000-memory.dmp

Filesize
4KB

Download
memory/4168-1147-0x000001DAAC600000-0x000001DAAC601000-memory.dmp

Filesize
4KB

Download
memory/4168-1146-0x000001DAAC600000-0x000001DAAC601000-memory.dmp

Filesize
4KB

Download
memory/4168-1145-0x000001DAAC600000-0x000001DAAC601000-memory.dmp

Filesize
4KB

Download
memory/4996-1118-0x0000016003A20000-0x0000016003A38000-memory.dmp

Filesize
96KB

Download