Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://dropmefiles....

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    1799s
  • max time network
    1776s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250128-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    29-01-2025 18:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://dropmefiles.net/ru/MEhP9m

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    OTY3NDA1ODA0NTMxNjE3ODAz.GIMQIy.j9m3CAXqAmIpCUqw51MOyPwB3bYjj0xO5ZOp_Q

  • server_id

    1135848046257786970

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Downloads MZ/PE file 1 IoCs
  • Executes dropped EXE 7 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://dropmefiles.net/ru/MEhP9m
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff953be46f8,0x7ff953be4708,0x7ff953be4718
      2⤵
        PID:1676
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
        2⤵
          PID:3396
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
          2⤵
          • Downloads MZ/PE file
          • Suspicious behavior: EnumeratesProcesses
          PID:5044
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
          2⤵
            PID:4420
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
            2⤵
              PID:3136
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
              2⤵
                PID:4352
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                2⤵
                  PID:1812
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                  2⤵
                    PID:2644
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                    2⤵
                      PID:4820
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
                      2⤵
                        PID:4920
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1108
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
                        2⤵
                          PID:4572
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
                          2⤵
                            PID:4580
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
                            2⤵
                              PID:1856
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
                              2⤵
                                PID:4520
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                                2⤵
                                  PID:2012
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6568 /prefetch:8
                                  2⤵
                                    PID:2672
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
                                    2⤵
                                      PID:4816
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
                                      2⤵
                                        PID:1536
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
                                        2⤵
                                          PID:2468
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
                                          2⤵
                                            PID:3896
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:8
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:1540
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6056 /prefetch:8
                                            2⤵
                                              PID:2820
                                            • C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe
                                              "C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:2192
                                            • C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe
                                              "C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:2920
                                            • C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe
                                              "C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:2188
                                            • C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe
                                              "C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:1852
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,7471147806215382989,13365369824128695626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2400 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:2940
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:1608
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:4056
                                              • C:\Windows\System32\rundll32.exe
                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                1⤵
                                                  PID:4820
                                                • C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe
                                                  "C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:816
                                                • C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe
                                                  "C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:4644
                                                • C:\Windows\system32\taskmgr.exe
                                                  "C:\Windows\system32\taskmgr.exe" /4
                                                  1⤵
                                                  • Checks SCSI registry key(s)
                                                  • Modifies registry class
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SendNotifyMessage
                                                  PID:712
                                                • C:\Windows\System32\jggn2r.exe
                                                  "C:\Windows\System32\jggn2r.exe"
                                                  1⤵
                                                    PID:4456
                                                  • C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe
                                                    "C:\Users\Admin\Downloads\dropmefiles.net_Client-built.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:2668

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    0e97a507db8325bbdef7b1fcadf06f86

                                                    SHA1

                                                    7782c07045983db5ad0e43939b0c47b5f8e68736

                                                    SHA256

                                                    6f1f11f1f73b9c7c2e6866ea6759c409515884f382e22135c9ffde466accacb1

                                                    SHA512

                                                    47f8687649252eaa47447c56d53377577cfaad1d1a329f26d90d4b6a2f60110e022f262e98f77c409990909ed442e95a3a144971bda607fbbf8c5c52ca9f3f79

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    576B

                                                    MD5

                                                    cecedec8738e2bfd33b562d695381809

                                                    SHA1

                                                    5e2b4596dd5b681ff4e5f7a57f2072da3960b9fa

                                                    SHA256

                                                    a88dc946a828037a12fc60ca7ce8c152e53d1f0f633df3987fe23203482329f8

                                                    SHA512

                                                    1c819034f65fdabd01468a70046e0ec23ae4773e44c17ac65e63d6d5a9fe1f4a82338fadfd24be7c05a22763cf29e728c536002aa993c704c6c4431086164662

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    111B

                                                    MD5

                                                    285252a2f6327d41eab203dc2f402c67

                                                    SHA1

                                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                    SHA256

                                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                    SHA512

                                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    3KB

                                                    MD5

                                                    feb41adad3b7fefe5d1cb40f5769fe37

                                                    SHA1

                                                    aed7dfdf22d8d938e88e99d73728381c80847e4d

                                                    SHA256

                                                    ca00880454154ac8d99aba3ae152b3269d07ba0851f13c127d11848b9ee464fd

                                                    SHA512

                                                    54a6562bfb900534dd3149a8ba8bfab2eb8dc37d3418ee245822c48b7166718226f6be90739cb1b24cf4322106b5b8e9914c0601393145abc7d7b483b543c04d

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    b3283e5b5e4be9d09dc21aa26f261af5

                                                    SHA1

                                                    42f5759e30011ce71e0279fc681de5580d0d4cd4

                                                    SHA256

                                                    df8eff806e15af0d211a3f539f154e31e262662fed0a98b2a4c9e2fe129ed3bf

                                                    SHA512

                                                    e9dba99d991070362d28b660e9f109f768097c262d405efa477a5ae3921d4690f4f2061530eddf1deb79ce7c44b7e98c617f3a9aa6c748b5d33aaf18cd0d15fa

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    ee93558ae84d12aadd864f4efba226d6

                                                    SHA1

                                                    ac7ba8e4c90f16161df7e7d528dddd3a37e462aa

                                                    SHA256

                                                    596ef6b0365e7b287e8da97c15a240061e3b1a1c9934127ed0f3d102541e8f8c

                                                    SHA512

                                                    8807ce2f9f6285eb54a1f9cf42657ea5978ff91c57291c67c9dc50174deba4d953f6e6651b948c2d48f8bd90a2cd869e10a170b8f0c0bf2210384c2abbab37af

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    5fc43a2cf5902b2647183794b0acde99

                                                    SHA1

                                                    c6b5b4b962d823bed85a67fc790158c1e14d99ae

                                                    SHA256

                                                    ba301569dcf6b4ecb9b435cfe6e6fca75606fc522ed2b5266b58720741b2b975

                                                    SHA512

                                                    48606e1778eac6234dd2156e0466d5bb3ccd2d39818504869d8150cff047a989fc69ad0e5a448627c284881b3fe861b89d926277adbc85ee672a618c1d5845f2

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                    Filesize

                                                    24KB

                                                    MD5

                                                    580f41a17061a1d849f7e9d60ff18aa6

                                                    SHA1

                                                    762fd39e2b9eb3e21d51f4ebd7c55e0557420800

                                                    SHA256

                                                    83637c94ec37e78e34bf1cda227eed230a7424e39f0dec45bc07cf3f4f22d139

                                                    SHA512

                                                    3ea6bae95cdf95e30429bd39dc5c8d0cd18337d63916972d21d0b86ae21b472fa1da6ff0f57f03268b447b47efd17b6ebd435df3737a3da562772b5f69038802

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                    Filesize

                                                    16B

                                                    MD5

                                                    6752a1d65b201c13b62ea44016eb221f

                                                    SHA1

                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                    SHA256

                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                    SHA512

                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    0a6d4cb132865444415fba09eb032e23

                                                    SHA1

                                                    b84f3c30a98e2cef039114c94608ed33a8ef9181

                                                    SHA256

                                                    d015b5de4fb35f20c0b1da7b286c187d78633027a59752e5c57747b5eefb35f0

                                                    SHA512

                                                    4bf45f037dc094a283937b97edbbe09672b3cb4a1f895b46020fba0685e8212d7e747196e53595fa4b218c06243601d039699611ec3d6918e06a290467ea9539

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    33d065c0f75347e55060382503b9bed8

                                                    SHA1

                                                    8d00eff42ec5d3c16d3a39c4a8314c149dabf2f8

                                                    SHA256

                                                    e84046a613488f6910348679ea8abe698eb078fc416d68b748e6f8d301536317

                                                    SHA512

                                                    0e250eb9d66b02e0047fc85c4c4a67e01c07421b3241e4439a3c33e331d20f11684c81804c8b5de342e620e2e390693fb2139bd770d43464fc7c764fb8566b8f

                                                    Download Submit

                                                  • C:\Users\Admin\Downloads\Unconfirmed 939698.crdownload
                                                    Filesize

                                                    78KB

                                                    MD5

                                                    9aea34f566ae337085d861247e3977a2

                                                    SHA1

                                                    4e61a9a5d14d68054934fcff79785780333b0703

                                                    SHA256

                                                    1b15ad7f96b33dc37600b521db9917636307d89d6e2fe91b9fd5d609b6101de6

                                                    SHA512

                                                    aece5022453e50591c2ca2b5b5f585b75a70c754ac5ae323b52835eab16199454b3dc52251fa0fdbddb43fc989bd5ba2c9b3826a88c64fca35b4acdfdb0040ea

                                                    Download Submit

                                                  • memory/712-264-0x00000188B4DF0000-0x00000188B4DF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/712-266-0x00000188B4DF0000-0x00000188B4DF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/712-265-0x00000188B4DF0000-0x00000188B4DF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/712-270-0x00000188B4DF0000-0x00000188B4DF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/712-276-0x00000188B4DF0000-0x00000188B4DF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/712-275-0x00000188B4DF0000-0x00000188B4DF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/712-274-0x00000188B4DF0000-0x00000188B4DF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/712-273-0x00000188B4DF0000-0x00000188B4DF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/712-272-0x00000188B4DF0000-0x00000188B4DF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/712-271-0x00000188B4DF0000-0x00000188B4DF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2192-214-0x000001DCC3750000-0x000001DCC3C78000-memory.dmp

                                                    Filesize

                                                    5.2MB

                                                    Download

                                                  • memory/2192-213-0x000001DCC24D0000-0x000001DCC2692000-memory.dmp

                                                    Filesize

                                                    1.8MB

                                                    Download

                                                  • memory/2192-212-0x000001DCA7EC0000-0x000001DCA7ED8000-memory.dmp

                                                    Filesize

                                                    96KB

                                                    Download