hxxps://github[.]com/KanekiWeb/Nitro-Generator

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 21:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/KanekiWeb/Nitro-Generator

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
37	camo.githubusercontent.com
39	camo.githubusercontent.com
40	camo.githubusercontent.com
41	camo.githubusercontent.com
42	camo.githubusercontent.com
43	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
4184	msedge.exe
4184	msedge.exe
3920	identity_helper.exe
3920	identity_helper.exe
4832	msedge.exe
4832	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2572	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 1308	4184	msedge.exe	64
PID 4184 wrote to memory of 1308	4184	msedge.exe	64
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 4432	4184	msedge.exe	85
PID 4184 wrote to memory of 388	4184	msedge.exe	86
PID 4184 wrote to memory of 388	4184	msedge.exe	86
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87
PID 4184 wrote to memory of 2204	4184	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/KanekiWeb/Nitro-Generator
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff917c746f8,0x7ff917c74708,0x7ff917c74718
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1945328146457098008,8337585713264640261,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5464 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Nitro-Generator-discord-nitro\requirements.txt
1⤵
PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3d0e9256-6e2a-4697-b9fa-02f14fbcd549.tmp

Filesize
11KB

MD5
01f3c5fc89b25d562b4fb4bdacf45d22

SHA1
a61a0cf4da044fc77aac58f217d0bca52bb65a8e

SHA256
73467facf04845be5d9e6dd0980c450033551ff48247ba8e1121d081d92ec0a0

SHA512
134295a19e5590a2c3b0ddb6de7e26a82144ea560d30134824715b6357f6c3efcc929dadd90e4ef82e32b32efc360fcf02ee7589f9ad7ec35972cba021bb2385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\38ce2a40-3ecd-4999-b327-f1ab6e4e0bee.tmp

Filesize
6KB

MD5
c7e3d9a68d214be36db965718aec8c7d

SHA1
c8847b4381b05f7c82d061248a4f71007273b2b0

SHA256
c7663777143b74c3d3c3280a5a917175f05870652b8f6c02b9d0eed91a84d569

SHA512
c3bed261fe078aa6d6186cf01938bbd4d8b1ae57740cd45fc5da1d7c8f43e54c6d83fe4285b88e878fe529573fff8c462e399484019d7cb8a5c6fdb254bf77ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b656d1d74719206506e590ea146b9015

SHA1
ab8b474b0e6874bc7125c55646acfe3f9fe22e6b

SHA256
972cbc5184c7cf088a1a99bd98c0fdfa02fb39b5655f45c94a324e576432d7e0

SHA512
53045a301de1ec7a3da8c01ee75539bfff3605abff6af15985ec838ee5bc22c910f4dc8a624aaa084daa45e5db25e4e3bb32100c0583b34716eebd32f90e6e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
657B

MD5
53e77e21f1370dad6f330a4f5a0d0329

SHA1
544d8b2938c9d1395381546958a381aae99e9468

SHA256
291eaa21093869ffb3451ebce7e3312c122c238306e3a86dda14ee91d8701128

SHA512
03415108638ba5b80a7c9687e2d21e2d26bb78cd878c1af0e345773fc85f988cbc465973d2e3bd1fedbd449c5a5fe753c6a557713f9b3d580ef062ee3d190901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb793bf2a1af74cc5d6eca635d2e20bc

SHA1
cc2c258a36458e52eef9eaad12a6aec6dcf543b9

SHA256
3d46cde36a3d1a9d8b5e17fd591d2d2f1a148859c09779ebbce01bd144dbfe08

SHA512
c6bcd43b735cd581975be81f016536feacba34739c5d6b4c4bbb2cab7619b945ede02c48fc6ece52ad81cf3fdee8bdc523d3aed2cd9bfdbdc34369a6bd3358ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eed116fb8614b54980cd76b2f9f27688

SHA1
f4246daded8b11f3b2b31d55914f16016c97f08a

SHA256
5d20d6fe316884e6c586b7b089075d10b24cb6aad59f3a14faba08dc02e3dd43

SHA512
109e45f9f37f505c57a1ec2c6f978646c7197627b499453544d086691678f1edc6188f856ec730c04057bf23f4e4072993cbdbef344f656f0c77d93d33e7165c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42e6da5cc6f2f2d216f62131df9f1216

SHA1
ecd62adb1029e621470dd1adfdbc72620eb28795

SHA256
daa63bc1fbe92f59423a04844c42318c4f33e5c1f47ed7456ec0dbf64e69afe8

SHA512
f289681b54673c60dcc0a7f4f36017e7e1fc047fd9099e72b8eecbe90f79105f914ca452c46c73c85ee60b9038df26263705f8bfa358921010fbf5d6e217c9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5786e3.TMP

Filesize
1KB

MD5
0e6ab19b6d2c51dcc8a80f901e38fe2e

SHA1
1669dade444a7e5495d6efd92f72d153a88c0bdd

SHA256
075d3a92c224548d0425fad5a9a3fca4448c2f406697236b3023013737ad6d21

SHA512
8f29568d327b0cfed54fe6410426e5a02359fb34f713915075940ca549ca468537f917f2fad566fd13df1fb911d083ed72fe4abc1bd6161010b7fa22b1a9dffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5d3fc04d17b0c458befa3afe39c667d8

SHA1
8b21e755c288bef314d0a7d24e7c935dd56995d8

SHA256
2e47c8d85b2e515fab28f1d66b4a10de3fd3a4716949794b70f0b6ffca1fc46c

SHA512
14789a05e4456f5bc6fb532de372b1b158c9447d4ea42f4663127090ab53f5ba8a501edc4d5310bfc02d80bf16d38fa1cff4f6d0d685b0aab95965d55b683caa

Download Submit
C:\Users\Admin\Downloads\Nitro-Generator-discord-nitro.zip

Filesize
16KB

MD5
d8977dadfcdaeab89ff79bd9972d5392

SHA1
9db938b5a6b66a260e8584ca05e8df0440032997

SHA256
8a02c7a3a7b7bc12df0f144d7f19e4234cfb668f0363ae840c8bc5aefdb3fe61

SHA512
c79f501da0cfca599347425cdaf9c007896686f2e8459041b10259b04b4d2d4757116d6b8a00b773515e28202d5bfec317ecba75a226128b0ec6b9595e423af7

Download Submit