discordrat | a4dd4197be7f40d3abaaed97c0ea6ae3f0b532982038e24ce1a53ebe481967dc

Resubmissions

27/03/2025, 02:13

250327-cnf14awtfw 10

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

c907de67dc2e803be97478576db2a190
SHA1

9d6c48e1e4ec6ca53c5dea48f6c1131f7a926689
SHA256

a4dd4197be7f40d3abaaed97c0ea6ae3f0b532982038e24ce1a53ebe481967dc
SHA512

229f3054f1d5ee5bc4c6250291c47d3426617c48a5415e3c527a4cd069b9887a9010ed4dc6a7da858e0e7264555d8465515ab4c17c81cf64a858575760750b4d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+BPIC:5Zv5PDwbjNrmAE+RIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM1MzgwODUxMjM2NjQxMTc5Ng.G9rKeW.pTwvhYCM6HQkgqve7Nz63_p5459NDiNG4PKoAM
server_id
1354578979142631616

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
9	discord.com
10	discord.com
28	discord.com

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_2060510590\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_1268748725\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_556533213\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_556533213\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_2060510590\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_2060510590\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_2060510590\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_1268748725\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_556533213\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_2060510590\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_1268748725\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_1268748725\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_1268748725\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_556533213\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4152_556533213\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875152195175166"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{0530F8AE-E7E9-4ED5-B17A-D953AA18F051}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5908	Client-built.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 4152	5092	msedge.exe	98
PID 5092 wrote to memory of 4152	5092	msedge.exe	98
PID 4152 wrote to memory of 2148	4152	msedge.exe	99
PID 4152 wrote to memory of 2148	4152	msedge.exe	99
PID 4152 wrote to memory of 1516	4152	msedge.exe	100
PID 4152 wrote to memory of 1516	4152	msedge.exe	100
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 2408	4152	msedge.exe	101
PID 4152 wrote to memory of 968	4152	msedge.exe	102
PID 4152 wrote to memory of 968	4152	msedge.exe	102
PID 4152 wrote to memory of 968	4152	msedge.exe	102
PID 4152 wrote to memory of 968	4152	msedge.exe	102
PID 4152 wrote to memory of 968	4152	msedge.exe	102
PID 4152 wrote to memory of 968	4152	msedge.exe	102
PID 4152 wrote to memory of 968	4152	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x254,0x7ff8952cf208,0x7ff8952cf214,0x7ff8952cf220
    3⤵
    PID:2148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    PID:1516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
    3⤵
    PID:2408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2584,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=2592 /prefetch:8
    3⤵
    PID:968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3536,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
    3⤵
    PID:3104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3552,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=3648 /prefetch:1
    3⤵
    PID:3360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
    3⤵
    PID:2028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5612,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
    3⤵
    PID:2692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:8
    3⤵
    PID:3004
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:8
    3⤵
    PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:8
    3⤵
    PID:2720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5140,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:8
    3⤵
    PID:2612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:8
    3⤵
    PID:436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6600,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:8
    3⤵
    PID:3136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5636,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
    3⤵
    PID:2752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8
    3⤵
    PID:2352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5600,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:8
    3⤵
    PID:948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:8
    3⤵
    PID:4216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6736,i,15842054372471521363,8841108927646827486,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2540

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1412

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4152_1268748725\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4152_2060510590\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4152_2060510590\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4152_556533213\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b50969a244d774d654d619d00044c136

SHA1
24caf754a4afb77f2a38278e6572fe2d1b3ac32e

SHA256
de19b0fec52c9a7ffe726155dfe3e658616238b759c2c87a384d63159e65b5ee

SHA512
6abf908b465212013789a492f401486184534e15952c812fbd85608d8b42082b2ef89298f3ef99bb1ece04948c5ba9b3bbc722cae4ba3477e244083e90c0fd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581db4.TMP

Filesize
3KB

MD5
f87a7bffce9729726cba1e3546a7fc7b

SHA1
d07e6befbbf93f6537503bc76ea0ffff73e74abc

SHA256
cb5bcc0149bdf68dab265440d24a90b5bc0048b1a8652bfdf6e61edd85d6f037

SHA512
236b61fe4c49170eea5f83919146750af09d5998dd03c7233f01d435819541b7c5b9acee1ca26eef41a4e03647aa9bb4223329abd6fe4d021dc439e0b5bf86d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4f0455c95a9fa09145aa87e93461b4e3

SHA1
45a4facf54b9d356b4400eca84b647eafd2e80f6

SHA256
c40dab594a54342b36eb0be86cd670b20db35b3ba848587875508ae7280a8e0a

SHA512
85ac5d7092003224b583195bc96cd907a9da5acdd6d8519a8fa1ac1a9c63655b200b7fc9771afd2003f59ad8c5d656037f183222d03df64313a358c1f4a3ec12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
d9a86673f9dfc83726b5c89f01aa2e13

SHA1
f0deb2d8e3e5104107929ca3daae531003c776df

SHA256
482e08e2bbd37fb966cd3a69faecffa6b6366a61eba3d0c30842065a3daf0679

SHA512
728a69e87567ee988bba2791e1664f3a26a1c21e6ddd4a032a229ae7623b87ccb9371433599ea647445f132feaba74f26146fa2e16bae3b40141b442a895197c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
ebcdf889961c49a5ec657f1e6151829d

SHA1
d8f018f008b8f9bbf0de8ddfcfe0b59098c719c3

SHA256
824b6dc1c23da57c63d81b69259142eacb2aaa4041afc19d075ac804c2ed257b

SHA512
6ea72ebcbb42e052ecb667f675eb5b3b41eb9daf8ec0b7c2676d4dd173c70618705263d22a866afd2bfb61a73bb41614bccd99d70f1628e35c4dc13b79969b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
46873e8b804d55a706c47d48174841d9

SHA1
3498aa0380e3d26c23b7ae4b0afb21ac7b7d64e9

SHA256
d1224d303d443372a097de43049fe8a9d538789790d88b8561f4bf6587c5056c

SHA512
0be7a8bd0264639bff820562c25bc3053dfa4145f5e199c4d491d0e28007930caaadbabd48e8b49376e67d93d5f5194c12e5315fc43e57ae328afa938865f4b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\3b23d876-3b29-4552-b5ee-c094dacbfe2e\index-dir\the-real-index

Filesize
2KB

MD5
09d78d614db9f914182d3a21e498c49c

SHA1
a6b067a04dd4094e4736089edd10dc1a7da446ee

SHA256
8e608ebe374679a3382a12366066c356eeac709223931dfbfc94c295ed328012

SHA512
f8e662019a405ac72f482b3ca24b1b546d560276846bfd60c1f64ab111e421c4a141817f8f54842e4884fac8c6e71c55a7483393d4b435eefdd6fdce6716415f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\3b23d876-3b29-4552-b5ee-c094dacbfe2e\index-dir\the-real-index~RFe581316.TMP

Filesize
2KB

MD5
63e37264b32b7bc1f85c76d84cb967d4

SHA1
7f6f5973deabf33c6ca4f534f5c1847380c16cb2

SHA256
5c128930d645eb645d6798701f547cae5ce7506b13d9b5c0598887e1becec06a

SHA512
ffa5b7a54db8c1ccdbdc98540a03405522b8b42812d972c3b29cbd9d5eb2b4568373563b20e061a0c56b2d4ce40ff05d5956f050ab2addee2d3c7e18e88b4337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\509375a3-c058-458c-86e8-dc2911f03d11\index-dir\the-real-index

Filesize
72B

MD5
d69857d903113ba159cdb94b593df737

SHA1
a5f9b56da4bdaa8372bc6c65fd3317bda2ace1de

SHA256
ef4bd00e6c086f4cf7b60d0aabac0f63bc8ede8c70bc54c28632f43e1a4b6920

SHA512
67249b2f1af7414d7952c6b8ed2c0a8d4cf2930c31d788fa7a04d1bcbe46e140fc5671a9a46450f61030ca23ad1632807f96103f28e0bf37418e50ada6fac9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\509375a3-c058-458c-86e8-dc2911f03d11\index-dir\the-real-index~RFe580328.TMP

Filesize
72B

MD5
c0b6be947c823498580aafb4b6e1aea5

SHA1
12883659f88d72ab0a403097686b639c51272ccd

SHA256
5e2b8089e17c757bf337a6bba02d9019848bbc28232a4b3a3759d221235fe49d

SHA512
4dcc6dc468f8a73c354e08cda0a5276c7f887e2ea3671f72e058083b03401aba84f60d40dc7627e3344a01a80c521600a0d95c60d3813b45c9330fe9d603de0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\51dd4356-764a-454f-acf2-f7a3a38e35fe\index-dir\the-real-index

Filesize
72B

MD5
443a0591b6df019810a4c9937cf7ba7f

SHA1
9e50b865d183beafdf8a396dbe9fc02f969b1f0e

SHA256
e7900320cc3ac5a2497390f0d5a58d3dfc8d9ab41de366f00a93f776c9a32355

SHA512
e9d66ebd02acf5d73a23a072065decc697076af39cb844e897f6633803eae3315413b9826be594abde6e6471d08d9d49a1705787a9a001b54d4d7dd35f04b4e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\51dd4356-764a-454f-acf2-f7a3a38e35fe\index-dir\the-real-index~RFe58001a.TMP

Filesize
48B

MD5
da07cad94d648c6035d2b85dae63b8c5

SHA1
18afc790e913b282efae4eae5614f74280b682db

SHA256
774020392cde8bd48b8b22a58d15aa949b8cf3dcad149c797575a0c8adb85cf5

SHA512
197faa7c21de0e77a937eeb66ed968db5a24976f7ccf91e1aac11da84b59397f5dea81e9e661a303362c9981c2e4b1a41728aac44fa76f8dc7c5dc1b08794802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a069ae0b-be61-4d50-84ef-3cf33c8ca9ac\index-dir\the-real-index

Filesize
72B

MD5
c6860d18032ffa011988ef45a8b4214b

SHA1
6e79ba485ac390448adc3306eb48a066dd0e0a18

SHA256
e67b75e761d3303cd3cd4b9054749985cf80e1e9ad8380a0e56784457dd639cb

SHA512
f786366e6b809e6cc9d2f4a2915d9159ab78a8447e97c1c2dd61a84df943a29276208de2bfec4616aa64fb7d89d009da14b5f1f6e0a641105b46f8d9040a378b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
84ba3cce8e6ab21e00a3e5f23e5e6dec

SHA1
cc205542b06109dee659cb19d2cffae30b7295ca

SHA256
3acb9362b42c6b74e79f9df03f2fa449c90dfe2406e23b9ce703adfee90daf1f

SHA512
4f9056cdc85104368f1c4d815621c0dea0170fdb0efd00890ee91dc15cdcad3a3b74263615cd44a3ef3dafe2f1fa42eeba81b306069fcc7b7180442fbd583d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
2775c92bb75e80c0f90c44a25f967822

SHA1
eb1449f70443f06c269e9dec7b128a52f42fe3c9

SHA256
bd5a1a0b707d823df16282341fbf73f16bfa0591a6b861f176cb89699c88ea6f

SHA512
f4cab82f86c06f06e3aaaeccc37faf516ed8e969d07cbeedbda8f320dde7e7936930815b789740805b0a45c58d2996d38b15ed0ad1ca2597a3e502e8e3f54308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
53dff0c001b7b1aed5f9cd51a0fbd412

SHA1
d17af7aa1ba983eded7e5ad74995a29b82e987bf

SHA256
ae6b605a602932ece47ebe79b061828f4e3b7d1c9c1d0cfdbb8575b0de2df2d0

SHA512
9f07f32dea351477fb2121d84f3636f37469b4b49beef05abb5c1745f6c8562ffecfca68f3008baed0e72904c201264c397c8077bbbee244a499d72394a71a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580eef.TMP

Filesize
72B

MD5
5eeb26cbec21c143e896a1a28d5fd193

SHA1
c64bfcfeb25216842b9fd9f92089a78afc1d6c71

SHA256
38c16b145871759c146b31b0aba4c10f160ee1c0351236e4e8c1125b2d0ba96a

SHA512
fe94d239f0f2c6b8479683900da3f73fc7ede845bcd1602dc4f4bcfaeea04f1eca563814ee8814a02b33b82b31588b07b6f82358e74b25bdfa9a42ef7f83d7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9e6ed54c22aeac10b468dda8e7cb106b

SHA1
bf858ad0b83c9140bd83c6de0978226f52dccdb9

SHA256
508e3c6ab6328e3542995818b1682c1127f44f12da9b895bc3b82e9fde53750c

SHA512
32e7b19af81a6f29d75b33b95c3f2a63a72220069ec9f4460698234088e941f1e32911c3574355643d7634c6541e6db9d92a5181a323e868588625194eb554c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
b25a90cadd53ca0bb18f88a889a68647

SHA1
25405346968cd691637f1711724a274d57a1ac9c

SHA256
2fc214bb04a0d8d4d5789830812ffc581054a572a08ab2ebed7b9b3a9df1cc06

SHA512
2674369d377c2cef0d5da89c51477fa904600f696a91107c9bf4fb7a178a72b0bd04c10a262fd8b6b8687b954e7da31a79fbacdd21d474a4c20b8f06bf8f7628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
aa32caa03fd0446957028de3e669d2fa

SHA1
3b53b67b2f0ff911310c0e45249c84937d8a0081

SHA256
7c25303ce9cd35c934d991cb701e46cfe041d385bb847782a4a3d16589f9fae4

SHA512
25c664d1b01ee06c7a1c4bb53269ba2c1e8303d672981ccfb9c063a4b163800a5e9d6db912d8b9603abcb7e3704cf2d686f4d8233a9a0c0c59aad38ece6d129f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
f5477ed40cd99a8c77e17ce7bbe3568e

SHA1
2b12d51fc35917a507dc466f665c19ad21621f5a

SHA256
cfab4153a64f9a0d085c505dbe03d164094ab35b652a9412fbe11f15b5b64656

SHA512
11c1eafc7bcbbf16cb4d9ab7bfd6388962e8addda6e0e80b02cc1ecf0481542cbcacf1613429280911ebfd3c451253efb929848ba72245651d31e212331d0ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
afa735bcaaa7a6502042bc78bd3352a6

SHA1
d4071df3de6fc63cc4a09377f501084e7b3cc757

SHA256
3aa5a705834d65094b2b33fe41b154ef2a894c51a7381533421b5d7153a3749f

SHA512
dc938ddcab993f036dd57e996746114c135e8c8debcd7f52a1dcb10ba8db15b7c1268e681bbfa3d3e701c4a3c997c6c5a94f81abeeb9ddf02f5d9e41c97405c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
d52969a7d9795a73860dda743d522f4a

SHA1
ac4c4a8e7ec049700cb06bbd4a8b93e0afaeb85a

SHA256
766a1989e076f67ac85b4300e524085e91993a24609e1d0fd402dc9e425df496

SHA512
2fc9542be5f3e14f5cc782eedbec85b9aa0ed4a671defae12c8d0b3b92c94f19e3bdd4dd74f08dda6f9d865f9a28898ae947f0a9fca2882472d56bbf7deb9dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
6b907d2817849f2081c9200e40329f77

SHA1
60372927d256cb76875da54bcba98ccb3d987882

SHA256
984890ff6664e4a5128fd6a6c107ffd8dd1d6b62a1a686229f38fe2287e91143

SHA512
03027d7f4faf72f153bb7642916df7451e54822ed04bf6ba3af648d7299a6751d4ebbfa6a0f57110fd3bb4a3ec5fb05d53148c308929ea6ebd03e7249838c564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
4f42367db405b6448cdf440b79567d7b

SHA1
1c732f14c69e8316b75025798ccf3c172f6a1f5d

SHA256
ea1e648cabc5f9ebda2498e1952ce0963e155ca5d3e9306fbd0c936e2ce59516

SHA512
e169154cd9da145f1dc51b0ae6465f29e962f4702097eeae49c5854b77e804d467738a7cee994c0de89c668536a53b0a5d5a95b8c968d70d394b7b94ef26e423

Download Submit
memory/5908-1-0x000001BD81060000-0x000001BD81078000-memory.dmp

Filesize
96KB

Download
memory/5908-4-0x000001BD9BFC0000-0x000001BD9C4E8000-memory.dmp

Filesize
5.2MB

Download
memory/5908-3-0x00007FF89B8F0000-0x00007FF89C3B1000-memory.dmp

Filesize
10.8MB

Download
memory/5908-5-0x00007FF89B8F0000-0x00007FF89C3B1000-memory.dmp

Filesize
10.8MB

Download
memory/5908-2-0x000001BD9B6C0000-0x000001BD9B882000-memory.dmp

Filesize
1.8MB

Download
memory/5908-0-0x00007FF89B8F3000-0x00007FF89B8F5000-memory.dmp

Filesize
8KB

Download