discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0

Resubmissions

09-01-2025 04:29

250109-e4lydsylat 3

09-01-2025 00:46

250109-a4yjzazrfs 10

Analysis

max time kernel
83s
max time network
76s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09-01-2025 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
848	msedge.exe
848	msedge.exe
1656	msedge.exe
1656	msedge.exe
3988	identity_helper.exe
3988	identity_helper.exe
412	msedge.exe
412	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4664	Discord rat.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2000	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 1196	1656	msedge.exe	77
PID 1656 wrote to memory of 1196	1656	msedge.exe	77
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 1644	1656	msedge.exe	78
PID 1656 wrote to memory of 848	1656	msedge.exe	79
PID 1656 wrote to memory of 848	1656	msedge.exe	79
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80
PID 1656 wrote to memory of 4464	1656	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/moom825/Discord-RAT-2.0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff895623cb8,0x7ff895623cc8,0x7ff895623cd8
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,390875762077880212,11950142478696474304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2776

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:644

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4664

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9607fab1ef5beb7802d7bc3bccea0839

SHA1
98aafaeaacfd49df27c50c25dbc7007871a4d6e7

SHA256
c5d17182ee1fe9e95bd1c141a4971a047c59b66f93d44600e256b4cae4fa732d

SHA512
91c3709adf43e7b13b1290a649599967c63f92706365214bde2d32155f6fd9629385ab4b63b6a09826f391958beebe54251292a6d4319d9baa0a37bab9ccb049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
33fc6f377130d6f3c13e931381c9938e

SHA1
c207a7edc2d704524d91a4c5542df3ef466e3ba9

SHA256
687af005a9ffb7618a8ee6e2af69b41ba02cb3f24d7262c1417f9677eadf1d80

SHA512
cecb614b3c4a89e23a98b5724c2b92d59e4e8df2f2780062634279ca82b0f9ff305abda9016815c5b723efc97d037368f5aeb7a701fe499da163e5b74f3fe4f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8a40e9be635969c02de9323bac0c8cd

SHA1
f1f0f9dde78a897102b75ac1ca282cc2bd7279d7

SHA256
d9725c31705758b17ed75e8eb9931133181550a68f137aaa4187f50d4143c583

SHA512
0cbe51ae2e68641c36c90284efc7f8b53340c3c98d0aa19e4db9a689d1da5dcf8bab8fa90683422d132c8c71972cb045253f585688708981c36954ad24a20987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
424540e509ac3753a8a3c41a9b56d3d7

SHA1
ccb5a77a7a23795024d9a222bf88ff085720db4f

SHA256
e089d6444b1bf244cf4a4be72b1a4fa2979b9f90972c5afeba05de97505d2a48

SHA512
5f072bf16e92556f4ef96a7cc2c3fcd3aa42fd2ed36a4e614308959ebb0f3278649fe4f37d39a7b86ff1fdc3b07e7cacd9faecab48089ff3cadbb0a56c7c9a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
842c247aee04eafc86142c3c9864c0dc

SHA1
1d95761e5b5cbff2b7ffd02d2631a882ef948498

SHA256
01c5156345913fe2d7c78c48fd6351de9da528abc9e6346d3a8c9aa30a97fe92

SHA512
994be274f06c33ca375d6d81a0fd3c55ae7b33c52745653a9d8be1844069ec4fabae1d69fc9cfb643201a201728aa2c97764ed2722b263bf509481b881106096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f145.TMP

Filesize
874B

MD5
6420e21c6bba8e81b2f53dc30770d550

SHA1
568dd16a7bbe72c5571a87650c8e4b60053203f7

SHA256
82bd6d203062af00585acb024911dd1065bcb752826aaf21d303383cca789fcb

SHA512
09860e26d5162ddececc59f678285215ceb4e79136638a634be222ca6862b4263172dc7f3b063a017644cdfae832d6e17caeabfbb9263a27ea4f269dd509c38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6419f60beb0e35168fca894502bb31ec

SHA1
3643481d05e1b39d647edd2d318795a304b00422

SHA256
26b73720f1c5eea07ce0675e78ed5cfe9b1c04327263ded026075e492d06fe46

SHA512
422de8162150f0c2190871289b43b959bbdd912d1963d5868e449f380ba6e0708f00c43a45196d72dd00df4e6dbe3ba2448da270d82e84c27ec0e3725162e260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b656101bae3e28ba1e19ce96e11452fb

SHA1
208e56fd77f8003e568b80f31a76d4e23558c3d7

SHA256
c92c31916d8a1a05248a3c88f613fcd5fc6076040b9dd95bcc3978f3bb041a04

SHA512
7b5be78ad346ef6e5633ec8ef841c75f1aaffd701748178055fa6925258089f43c9213c0aed7f958944649950380d44ea8a4bf0e5377a17a4b0da3a4ab88b837

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
069c37bf9e39b121efb7a28ece933aee

SHA1
eaef2e55b66e543a14a6780c23bb83fe60f2f04d

SHA256
485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8

SHA512
f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release.zip:Zone.Identifier

Filesize
617B

MD5
42b9c2755115f5fb637519d1f7556de1

SHA1
8ba14b866e5906a9e026188815a9955a7b3b9685

SHA256
d4b733b92e672b763d49f8f886013b98aac92ed028066216454b9d4fddde87dd

SHA512
dc652eb09c508842f28fd25362db0a454f9f7a87dd600ba82a42af1e7df0137fa9197e241ce3e8096dfb9951f90dc7c18ff3d121eb102a58385f5c28647dafd3

Download Submit
memory/644-212-0x00000000000C0000-0x00000000000C8000-memory.dmp

Filesize
32KB

Download
memory/644-213-0x00000000051A0000-0x0000000005746000-memory.dmp

Filesize
5.6MB

Download
memory/644-214-0x0000000004BF0000-0x0000000004C82000-memory.dmp

Filesize
584KB

Download
memory/644-215-0x0000000004B80000-0x0000000004B8A000-memory.dmp

Filesize
40KB

Download
memory/4664-289-0x000001EE555E0000-0x000001EE555F8000-memory.dmp

Filesize
96KB

Download
memory/4664-290-0x000001EE6FCC0000-0x000001EE6FE82000-memory.dmp

Filesize
1.8MB

Download
memory/4664-291-0x000001EE704C0000-0x000001EE709E8000-memory.dmp

Filesize
5.2MB

Download