Analysis Overview
Threat Level: Known bad
The file https://drive.google.com/file/d/15SC86gG8AepffXhD7HKVHz5hQgZLoMQs/view was found to be: Known bad.
Malicious Activity Summary
Panda Stealer payload
PandaStealer
Legitimate hosting services abused for malware hosting/C2
Enumerates system info in registry
NTFS ADS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-02-22 09:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 09:46
Reported
2024-02-22 09:49
Platform
win11-20240221-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Panda Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
PandaStealer
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Discord Nitro Generator + Checker.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/15SC86gG8AepffXhD7HKVHz5hQgZLoMQs/view
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffecd633cb8,0x7ffecd633cc8,0x7ffecd633cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
C:\Users\Admin\Desktop\Discord Nitro Generator + Checker.exe
"C:\Users\Admin\Desktop\Discord Nitro Generator + Checker.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,13396754068400033158,16084329697561001321,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4880 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | drive.google.com | udp |
| NL | 142.250.179.142:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| NL | 142.250.179.142:443 | drive.google.com | udp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| NL | 142.250.179.206:443 | ogs.google.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | udp |
| NL | 142.251.39.110:443 | play.google.com | udp |
| NL | 142.250.179.170:443 | blobcomments-pa.clients6.google.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.170:443 | blobcomments-pa.clients6.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 216.58.214.10:443 | content.googleapis.com | udp |
| IE | 20.50.73.9:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 2.18.66.88:443 | tcp | |
| NL | 172.217.168.193:443 | lh3.googleusercontent.com | tcp |
| NL | 142.251.36.10:443 | content.googleapis.com | tcp |
| NL | 142.251.36.10:443 | content.googleapis.com | tcp |
| NL | 172.217.168.193:443 | lh3.googleusercontent.com | udp |
| NL | 142.251.36.10:443 | content.googleapis.com | udp |
| GB | 92.123.128.150:443 | r.bing.com | tcp |
| GB | 92.123.128.150:443 | r.bing.com | tcp |
| GB | 92.123.128.150:443 | r.bing.com | tcp |
| GB | 92.123.128.150:443 | r.bing.com | tcp |
| GB | 92.123.128.150:443 | r.bing.com | tcp |
| GB | 92.123.128.150:443 | r.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.251.39.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| NL | 142.251.36.33:443 | drive.usercontent.google.com | tcp |
| NL | 142.251.36.33:443 | drive.usercontent.google.com | tcp |
| NL | 142.251.36.33:443 | drive.usercontent.google.com | udp |
| NL | 216.58.214.10:443 | content.googleapis.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 601fbcb77ed9464402ad83ed36803fd1 |
| SHA1 | 9a34f45553356ec48b03c4d2b2aa089b44c6532d |
| SHA256 | 09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15 |
| SHA512 | c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220 |
\??\pipe\LOCAL\crashpad_4324_BFUPRTMQLJGZHAYR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a91469041c09ba8e6c92487f02ca8040 |
| SHA1 | 7207eded6577ec8dc3962cd5c3b093d194317ea1 |
| SHA256 | 0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f |
| SHA512 | b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ed6a049de7461b4c1f1dffe383dc40a |
| SHA1 | 8b20f1729a0217a3ebe99161a1047080f53cd5b3 |
| SHA256 | 29e8836788bff89584857dd2cec3ef6c51c96161748ade45910545c494787738 |
| SHA512 | d6a2953c220c4783aa4ed705667ccf0d76f7e7760e628b0d1364245ea0b612eb63c073b4af1a5d320f92fd101ba186d26ab7f7e04ecc8867595408c20cdf28f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5a82f7df9df363fe6188a240c154daf6 |
| SHA1 | 8b7b4d952dd44593cee9497d76e3fcf031350821 |
| SHA256 | ddb18a4649a4d2a4c1ce71c0e377aeb9f6dc334714e6872d1b2ce180a25aeb7d |
| SHA512 | 137f0630753088745df33f359b0482c0aab013707145d7d809c576f1045e5fe2ec187bb534c4c5c1afe7933f75fcfd6cd7385fb5b865978feaee4d6ec9e424fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab827a2f63d5e6492c489870d473a958 |
| SHA1 | 9344a0d58d9607c50710d77c5ae07a74f67db024 |
| SHA256 | 5ca341bfe9d24a7182f4781d5ebae54205826c7cbd21732ca3a8dd8395515e67 |
| SHA512 | 40d33787f5fd11234d8c4e9ad52be2ce1c28a9eee5b68a944b48408f2b2799260f8c3f194dded79426e18d642705052a28048802e89ac7c628bbdef5b0a0f996 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/4032-101-0x00000217B4400000-0x00000217B4401000-memory.dmp
memory/4032-102-0x00000217B4400000-0x00000217B4401000-memory.dmp
memory/4032-103-0x00000217B4400000-0x00000217B4401000-memory.dmp
memory/4032-107-0x00000217B4400000-0x00000217B4401000-memory.dmp
memory/4032-108-0x00000217B4400000-0x00000217B4401000-memory.dmp
memory/4032-109-0x00000217B4400000-0x00000217B4401000-memory.dmp
memory/4032-110-0x00000217B4400000-0x00000217B4401000-memory.dmp
memory/4032-111-0x00000217B4400000-0x00000217B4401000-memory.dmp
memory/4032-112-0x00000217B4400000-0x00000217B4401000-memory.dmp
memory/4032-113-0x00000217B4400000-0x00000217B4401000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6cd1b8d4d066ccc09aa994c915292795 |
| SHA1 | c4d926ef30d05f1a715960e92c54d0621dd0ea68 |
| SHA256 | acd39c78396a3ac292b811767d5e0194555c9ce940e54e7c7023eccfc58c660b |
| SHA512 | d4cf4ee33317f629bd89876fc2ede0ca2e687729cf1e90ee633376a851a1f80cc9c1f7fb734ed2a9d7480370e3410a26a28217abc1dda755cb1919f68b2860f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c08aaa6959c301fc3d62a383173af57e |
| SHA1 | 14c675dabeb4c086b7dbc77c88abb1098355c3fa |
| SHA256 | 3207a8e4016b6fe5539bc051982cd1f2388b1cf9e9ee32852d9a54134af79c2a |
| SHA512 | 635318e1364084296ec97b943715350b41ba23af733747b3ff95d183dd71c0e714d36483356bd4a06220e5ab2222e469f818ef9d31298a1b88016d61ea61082c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9d2c102f49b66bdeeecdcc9bddfa12ad |
| SHA1 | bcf510adc95ddf4e250f47d7f569d670592544fe |
| SHA256 | 17905668f71d652decb1fde8eb18a83d6ec6857ddd0cecf5cd16d55609031077 |
| SHA512 | 0987cdef061d388de998e993457b0890358d05d68c55f6a3dca4fb56f3be438a30154476774e828b37c40b7afe472e12ac28813dda88ba263fb26e31bd22d857 |
C:\Users\Admin\Downloads\Unconfirmed 290932.crdownload
| MD5 | 6d037001b224adbafb9203e28412528a |
| SHA1 | 060162104120846e031a246cf7d602e2803c4e94 |
| SHA256 | 11509d1c300588a8176d444e1d9971db236ec3a040d57706e54a6eb8a58271ed |
| SHA512 | 4c8d2972e875414527566bc64d407dcc59974c513dd996f3f43df052d6daa9cf8531a6b1b1014978863bc80c7d273ad6bffbdec3888193eacc7749a47fa1d4b5 |
C:\Users\Admin\Downloads\Discord Nitro Generator + Checker.zip:Zone.Identifier
| MD5 | d99a738b129cad7f1f2c6b0ac8060701 |
| SHA1 | 88b0e62a818028edc25a7a6d5f02c16bf30bde0e |
| SHA256 | 40742e17d1d694e607a1df208ae4167a99b5de2d88dc36155234a6ddfa9cb85e |
| SHA512 | 587f9a6e9b05e7ac09f8c6cac64c88b7f1736258bb78feb78bb67029152770917a3805d6272e4bcfc1079f001ce50f36005a63c72637d0d43c783a985e16973f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 8445d8ab94a6b6679694fd08c69a6992 |
| SHA1 | db89d80cc3e72f24ec541a36c4e51abff149ae78 |
| SHA256 | ead9155d4b3088d8c61230458788d6da412b593c2a789afbe390398071d54cf0 |
| SHA512 | ba2f21dc8cbf7dc02fec7df6eda52531defe9f1e64d73c52d43b54b2566f3e1ee428ae94ee78ce20a6f8943d7310e860b89f11e168cd40fae518c49a167cf133 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f2182b8ff2477adc440c6032bb69341b |
| SHA1 | 66aa2a3a71ebf483ef5a4cffb906a765ae9ea3eb |
| SHA256 | eed834a837049e44f56152586abef7f8d0e3c5b03025bd94eef3456c9b898671 |
| SHA512 | e406e6c9584e16997f7215ed40bc8cbdd447a8c7d1772426c158fb9129c0cf37569ebc18b3c6fadb96125465419128b971dd19f891c6022cdc011f21681fccc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cee254612868681b912bb2c2dcac10dd |
| SHA1 | b100024c898118b3af2fddbbc47ce2bfa6fae50a |
| SHA256 | 2178a35f6b5db822efb934b8c5f65765696aa31580225f04971253570d365bdb |
| SHA512 | b259f36f84020fd1910b440c37bce3c070f1bb48a17669c51455e4f8d606f6ac968af82be9ff6d5e3b1fb23533ed6b2283f4fd1bd8b3f8788c99f4c3d5688aae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 36e7f705e9851e9d552d542bf918236e |
| SHA1 | be161a76c70e66d8206ca04ca33debc0f4ad18de |
| SHA256 | c634c6be6dd1efbf5c194a6e9824ca282e2f2779d609ca8b43fa273662783e78 |
| SHA512 | fa7bbe0dcda32a56af08a98fe0c35b06c357ef3d6f0a50e6b6c68a0234c816d441105336f170325844b55811f91df1a88722259361748d6a4066c0e8c7aab406 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 95eedb35215249c13a7c3ea965c68549 |
| SHA1 | e0d7b67241a0c2e1e14cdb3315927bee50b77866 |
| SHA256 | b96dc1a28c16a3bf3e5588f66527ca3d1d254d01a67b585a3d97b5135a3d071f |
| SHA512 | c5df0a91a8c2702f224e8070667238a7aea175542b2cefce3f4fa7219423180020b9997137d57d357c4f54454f2c6919573a54f643c79ccac3e74f02fc887707 |
memory/3860-262-0x000002B287930000-0x000002B287931000-memory.dmp
memory/3860-264-0x000002B287930000-0x000002B287931000-memory.dmp
memory/3860-263-0x000002B287930000-0x000002B287931000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | 9e466b4837d8431be725d6b9c1b4d9ef |
| SHA1 | 3f247b7c89985a41d839cad351cd0fc182fcb284 |
| SHA256 | 2f9a5eeb5ac8cec52a3e73621e4d392f501f5d657dfec3215ccd40eec317208d |
| SHA512 | 01de0fda555d63b5c38339b0f6d38c28de2a882643439679e63cf5d75f13516b57dc90e8dfb8c638bda328fc12342e58d1e501acec8f85b92dbd5589dac06418 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 16846df493521e84fe47cd6b6451ec8f |
| SHA1 | 6d99eb017c5aec08d3a7e908bbd4a051ce250c02 |
| SHA256 | 69f19f2ab2f3625faca623477864766ab1ef3a21712bc892d7b2b0886585b3f9 |
| SHA512 | aefa5121601b8273cff6b79b7f76417c71e29e835b66faf3e1a67d0d38fb9ebe90320b75493fd5c4a2d9ea3e3c485d0a84bcdbfb78c26a8ecee3175cd8bd93cd |
memory/3860-269-0x000002B287930000-0x000002B287931000-memory.dmp
memory/3860-270-0x000002B287930000-0x000002B287931000-memory.dmp
memory/3860-271-0x000002B287930000-0x000002B287931000-memory.dmp
memory/3860-272-0x000002B287930000-0x000002B287931000-memory.dmp
memory/3860-274-0x000002B287930000-0x000002B287931000-memory.dmp
memory/3860-273-0x000002B287930000-0x000002B287931000-memory.dmp
C:\Users\Admin\Desktop\Discord Nitro Generator + Checker.exe
| MD5 | 326ec775fb8fa48082c18248864674e8 |
| SHA1 | 062751ef1949f75f25a23e278e18a1105b9149fa |
| SHA256 | 88b0a2344d8c7433afb364f5d0fb67301ddb6948613a4cb3a9e023e7b2080d82 |
| SHA512 | cea1e2f0b5ef81818e1c0958ad37d56cf89f532fba1e2bef2047129a9421e3bc66eff7682f69dd2f46dd5b67715ccb373b19cd9c0831b62b2344a5d803478379 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 438a4efc7981490e2f65baeb85aac9ea |
| SHA1 | 626f72e506698194f2efc912d54c69afae704f0b |
| SHA256 | 74232406cad67f178dde92c1d058c0d6f8ab0e55b68e2521c5e831d332d1d1d7 |
| SHA512 | 3ec759a59fb467c75db469b6fa7add4fa1e38dfd78b0f92f64334913c61757cfcc0acfaca67bd0fda1e103b85609fceb6f96f2cb9dc46163d162b57ee00d2dc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f0bb625fd37f03a0544c29ce8d48d9c |
| SHA1 | da9a7222d3e96ab4962f761f9f398f6042f4b348 |
| SHA256 | 1d3b5b08e1a4323c1a0d7ed2d608cbc25bb4a7bfc306d187c6da6f3d7b098280 |
| SHA512 | b3e2f50fb7fbb9658dfba8727e612f5613dcc7403e8700c4bf517db8aa57474b083996925ee365dce203c2658bf797015172b6e98d8daa2b3b074abd9f8fa2e5 |