locky | hxxps://memberloading[.]top/sitepad-data/go[.]php?nitro-generator&__cf_chl_tk=b0_mh2ZigX7hhmNVBV2Ko6YYGBNTyvPB41R54e72jUU-1710370879-0[.]0[.]1[.]1-1599

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 23:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://memberloading.top/sitepad-data/go.php?nitro-generator&__cf_chl_tk=b0_mh2ZigX7hhmNVBV2Ko6YYGBNTyvPB41R54e72jUU-1710370879-0.0.1.1-1599

Score

10^/10

locky ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Executes dropped EXE 1 IoCs

Processes:

apt installer.exe

pid process

6108 apt installer.exe

pid	process
6108	apt installer.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
5140	msedge.exe
5140	msedge.exe
5008	msedge.exe
5008	msedge.exe
2348	identity_helper.exe
2348	identity_helper.exe
4784	msedge.exe
4784	msedge.exe
5648	msedge.exe
5648	msedge.exe
1380	msedge.exe
1380	msedge.exe
5416	identity_helper.exe
5416	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exemsedge.exe

pid	process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7zG.exe

description	pid	process
Token: SeRestorePrivilege	1876	7zG.exe
Token: 35	1876	7zG.exe
Token: SeSecurityPrivilege	1876	7zG.exe
Token: SeSecurityPrivilege	1876	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5008 wrote to memory of 4056	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 4056	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 400	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 5140	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 5140	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe
PID 5008 wrote to memory of 1784	5008	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://memberloading.top/sitepad-data/go.php?nitro-generator&__cf_chl_tk=b0_mh2ZigX7hhmNVBV2Ko6YYGBNTyvPB41R54e72jUU-1710370879-0.0.1.1-1599
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd9c46f8,0x7ffcdd9c4708,0x7ffcdd9c4718
2⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
2⤵
PID:1784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
2⤵
PID:5128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
2⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
2⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
2⤵
PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
2⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
2⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
2⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5000 /prefetch:8
2⤵
PID:5712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,5088337220132647007,7729898050141530270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5848

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\" -spe -an -ai#7zMap887:146:7zEvent21621
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\INSTRUCTION.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcdd9c46f8,0x7ffcdd9c4708,0x7ffcdd9c4718
2⤵
PID:2736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
2⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:6012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
2⤵
PID:1828

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
2⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15816474596946388732,4681773792883246807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
2⤵
PID:4488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6112

C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\apt installer.exe
"C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\apt installer.exe"
1⤵
- Executes dropped EXE
PID:6108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
050e5e43397c8c9b85e9c863229d37cb

SHA1
0003f5862a9e0187442404f92bc7d6e0fbd83ec2

SHA256
77e3b1fa5dad25ec5d9f0f91bb51fde3c683484f647288c190720a971ddae5fa

SHA512
2a160d2715a1d47e657b0c0853787a24c48e720e69330c86bcc5a782f9f2fcab042f100d48866c5e79a92e93d448a161799adaea6a159316edcaa4e01fa4b258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c51d0df112b07b05ed823a0d3e259b9

SHA1
a4bfcdbd103eba333540f8b039707c1a858b1a3c

SHA256
eb76a5739bab72e894e96c1cea6be3d2d05d3edf3dcdbe5f19412d8c3299f885

SHA512
4edce1f3a5a598fe6337b2c575ddbb36b2d73d2b572342889d085d3739fd486c9852329b03a47e3e153ecfa390595945562cb4d1386a32e1465fb4d9e6ef3cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f6e3420f8c2ef4a17c9093377190a9a0

SHA1
97070a5f7eb3cc02f23c590c945643c01528f308

SHA256
f17c1e6625c513305a8abab8343916debb0264c48226e83f09e5866cf5941755

SHA512
947188ad79da492f2d02bef052c96826d60179b6f27e2b3659e1a437e30bc808248de64ac1913459cce5d74c4a5190aec5b3406b8cb0cc1743f6b9ce003476ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
0ab0ceea4c808e317171b689d01333b4

SHA1
e4e9e2fad0610478e7d07e5712840c6a21350970

SHA256
2a66de7ff1d556956fbc12adfde6bee9966c762ade3febca9a4cb05799dd4a6d

SHA512
4b823192617133a146c6e30ab0ad1116c33f0f8b2c6277570138521442e87939ed646245bd4005cd3ceb9cc923a7dc22922d288bfc85adb35af9b46af3d9c19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
cefb06e61bc2fd1f64db9b22e6f3d256

SHA1
84a578e5248b8d62891af5626fb418564c1f8e43

SHA256
0b33931c5817791b628909dea3767747cdb5f2cbbdc35c1628d0f5f8e1a42b03

SHA512
931d8d826b73fd374ed5b1d902e4e16ddde5198359ce58cd3a228b663e7d1034e1eebc52493d77fb0e33ca8104fedf79c2124b06de94f355ed39793d04fc75d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
3.3MB

MD5
989a4402642995dfe54c6f01847bab35

SHA1
6d0100910a17da92afb2bab4e49215c3292d8bc8

SHA256
5d2e4e9d06e002e0a07b88ae57603e75ad1b9ca354ef0bb713a4b7d017dd9fb6

SHA512
d88987e01444657f412da6ac888ac606c4fae38e0ff12b7edc9893a12ca15c7ae64ebadd7bb25e73ef8f15b949653af03573a6c2a394e9f17153ad5f3a9751cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
45663ed20fee9fcaec92beab32624cbb

SHA1
e9dd60d3085e93aa56ef1514b717a49540fb015c

SHA256
5a5944858e63aa4409b86a893e0ff3e6e0d606e585ab82562d13319aae70a9dd

SHA512
b12a5f59e17bf98f11027f1aa4eed3a7281709773b71cdaffa9ebdced3d9304e57243e83be8e59234e92bae044e09f98186a03cbd3315054c5839473ac3b4fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
fce287ad4a9379a56d8d9dbbc54f62cd

SHA1
6bc6c168c0fa5b3d508e97e0cce3498f1c9d946b

SHA256
da2d1b60d72b0babd9a5a4e153e21b894264ab5e7edeeda9cb7a9e2d07f75796

SHA512
98f8c9afafb1558738ef2f49453c2ba66b024e1aef9f4c4633ba721b183b7501e2d603c5b026e0895d1d7d8e11446e6e085138cd288529e65085c5c13783fed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f86295fc7599f616c75d5d37d7634890

SHA1
a304dee4c854ba73467a02e60cf68099d826ab93

SHA256
30bc7c1a8098fcb09d7f101d5920c9a2f4d6990a7a0bc84884d21dd1d572fb30

SHA512
b13f678de113848a3dc1b62eecf1bfcdbcf8c1b0140de98c8b0eacc80be02885009e0c76d6b9deb759c6610cd9e05813e97c9d7876ce10fdfef68781112d8dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
6763c9f214c8e82b469a1da0a020fcf1

SHA1
25a8c4915df393c09c6881c992188eec46588e80

SHA256
3d885c626e9aa402a382c8b79ee386ec1d1e1a10ab089215435477948dbb048b

SHA512
4c0584b5342510bc71774cb993304f5bdd4ade3ca0533c22501f4adb50dcad42ee8a7ef67855c2aa575522ee54de95f04b6a71b83c926960f566036a9b7c2d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
db837f50ea7a6865e834b6d6eb20235a

SHA1
1d3f4f655c6e1e9313fc8a35e7291188d6160d3b

SHA256
f28751810193f77ccacd37540bbe57e562b3aa03476908312905aafe8be789d8

SHA512
fc2aa6c1be11c708fbcd41e0d465d8dd7fd8963e51363ff7ad3ca68d55b09a8231a0c43dfe715cb33d98b0d78b861fa404ef82f4c4d58c9c583a37beb6f37575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
4ba437e221d55f793df3c3e951c11462

SHA1
3c54ee32cb2cdc83fb301b5bff33e10823801e73

SHA256
be9c4ea1d12b13dafc97be5a2175d0b7c63c812e7163f59b3d5ec01b5d02b952

SHA512
31ffb37608d9f53ec8bfba5f1385430e3c015b3d08d4dc43ee7a2dd64dc5aecdb93ec59ac0622bd7f9b468ec0d5c0b480a21f45349694899d5f059b8007b39dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
b0bab0ef652bb8f91928477b231521af

SHA1
7cb89a9fee84794b8ba3aff819ae1e78d19c16d3

SHA256
76811d2557e52af174e2423f137ab07255529006f0be3fc257657081daabbc42

SHA512
d3a07939210fd2b9fb06ae60f995f17508a510fc3f283a860b37ee0ebc60c63254c7c9086e0f9ada206d14f4254a6fd370f4785cdf4976f32d74821e4cebd852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
558B

MD5
e59d5777a98afca7c810cc54f2e94f6e

SHA1
56d0931a944c7189ea02b39f9dd458d76db6053e

SHA256
6786582f8b38b3d3d53661c0e6f1a8b8164478725ca4a2380b7cc3767b550067

SHA512
4c12cd07d2fbb5b8c0168dfa8e28c27c593347a9aecb1fece4212f1ebbf1696a45917cb6d787b8d427b21b952fc11f379bff860e52b6d1ba2507f2e5ea93dea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
579669731327ef2fdefa2a85256b8a03

SHA1
ac401907165a72fb111d871677a9ac7f8776514c

SHA256
98db2c272bcf5b895292703540cf7e55f4d3984a9e9d61cf69dfb038f12179cd

SHA512
1bfa3fd2b29194f74f7b9dd1a1f56ea9254a45e199336fbcbffd5cbbcc73ae231797036a98c1f0bb3b023206b124495591c0684493039dbd2261f033bf095622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f2ad1bceef289191156fb8bb188d3e0

SHA1
9776e25297204cc4c5aced93d6223656ce38fd6b

SHA256
ad92a22f81507c31f2463c3b2b01d6b4e127e918fd615ee722aad9b621f5b894

SHA512
2bf8cde121dfcf053f446c0b6b7327b43f7b6dd9aa0fc9e38f23264774380348bb0e9008be05aee583080b1e48f8cdfb8dbc0fc12575a8e8462de73b52f07324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34c08a4db1fd339d975f1950fc26cb41

SHA1
9091c8bb16481ac2d2c96f8bda9cb4c80d76a3b7

SHA256
2d2db9bcc719e259893a72287af6fa48cdfa70b326fd7fb8ec0c848d0a398562

SHA512
ecad72cf71df9d08ee132bc465ecf073b108d524bb2e8f67ba42b00a08d2752288959040fff260ec7bca27a45bde7426718f4f024fba55842fcb9a70881f377d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
044425a04b6acf70a7a8acd297b0bf4f

SHA1
0431ce58fd8c8b2ed479530f4ee9128972f40194

SHA256
aaf8aeac79c09a828e631b492196047f013cba2f9d5bfcbd651fc889942c965d

SHA512
02a75cb6049b243ecbe0338fb55b7d6fd07685c145d42e11559c13def45f029222dde101184ff7be615780a2f24ac725f4448e9d25d47b95c03775a648a0c9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef633180cbcfb600144581f336f128ad

SHA1
581741f0694559ba52f1c6a99bf72bf793cd0537

SHA256
7e3dd84a43ec79c0b9ddf9e3b2ca7b4a969c54ff2cd74e3321628208cc160d4f

SHA512
732bb2be2f17095308ef6e958b6d02328c79e16bc2249f56660ac582d37108b79858b1e07b5d664cbf8b2c0ee6ac85447ed574f1475b4e3d75e36b5a76dee2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
415B

MD5
2b00490fa85ae26b95bdf2fb5c320122

SHA1
882ec7dc770cd019a8ae4656a9d3f81b8fb3b412

SHA256
2814a5f3b882f9142414431eaff0b2097ab559a0fc5f1303f3bacd3100bc85df

SHA512
8fa511d6a816d03359437dc264297d11be6e6fc6e5a91588ae4b7234081237988507423e7709d3534d63cf62e3cbe02c3ee74eaf49d6a8051d3400a4deedfe7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
c62687ef3f7a149ef7a837812df851b6

SHA1
c1dde17e307a57fb8c97786039ef31cb29231596

SHA256
e1a040cb31f73f19236c02c7aa510cf879b6df9dcc4b4f4dc418bc0614a4e6a8

SHA512
a37ef3260b96353df1b907183f977154c1e1d5e00609b8de1b3e8ecfd55aaa73fbd45e2f0614d3ad4efeb5e754bf62b437b9fc3557d176b37597d916c98db8b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13354844525327221

Filesize
8KB

MD5
89b58a2cf0bbeaccf2fe0839a8dc8bfa

SHA1
64658178e89dc97281430f23bb150eff403ce44c

SHA256
93bff85f5f149320583c28cbbd8af298ce75f46d931063078ffda503a324f276

SHA512
b3eb92a00c2bd8fd6b98ce6fb5621a5ab89637c3d8eaea72fd368eaa8f23b2dba4707d728efb0861cb6d5d6c850a746350cb77964d476497a7e689ad546f2771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
4fb78d73d062b44f84134b4c18b27215

SHA1
84275028ace7ec0448626c5bce8cfa92e8ad6a85

SHA256
d708478a40df0a9cf3d5f8c06e8f5d1475090dc15db94f378162f1959444c598

SHA512
d29a9d7f11a859c4b98dca4f8b46c5562dd646c0b4ff8bc60a6d56162b0fc24bca2b192ac0c5fe1899981fbefe964b075a20e46d1c2a49a7c0c34f8883b9993d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
235a4ae7f8a54fdd4ea07c096cd64da8

SHA1
84f20022e9359309208973fd9e093f23c858b792

SHA256
fef1a06d697f0a2e26168dd104adebf652098b87c2c8840bd0793188d2d71c4c

SHA512
4413dcac48e9e8b46b5465905ee5f59b89489bfe6b58940067e80ad8aa38806c6e15cf97c8ce5f1eebcdaf35afb38c779c4942581c554123990eabbaf735e2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
774b4da03e8842d9e81b17f8d4f91fb5

SHA1
c2ac0c9076c9156fa6e86a3cc711a286e5cfc4e5

SHA256
f27acaaae0e7a2e885503f0c880115df0bf40cdb33eb02b1d21b3fed6cbf3dc3

SHA512
53b3f73fae381694125ee5a218f024e9770c3037e9e462b7f98104a885e32a061d4d5e63e17113114519553b88edb7945a6bebba4863e7e43375af1eb038ab53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
07dcad016882991ea5917340f06dc920

SHA1
957665f128ae38a5104e5884f8b01db1e170a1b4

SHA256
7c18787d78c0ddf35c147018b4c45c50ff9ae9e3d0c21524f38b713ea625f0ae

SHA512
526c9978ca5140386a19ebf16d339c76363f32609b3b39015c4d783857776d16d6681878eff48d1258db4dba9f66da2315f1c98476255507351b40b2b1e462b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
607593c6f98fa598659a45433d91df9a

SHA1
7eae40795aef2a9df290f60e8a4112764e1c11d6

SHA256
d46e8312cec915819c2f3ea0c9800c951c183bb4d98280c2f0a50aa04c6ceb40

SHA512
9dcb256cb8247d4a3f8e897a41011f3e97a89bf30d3a15e651f8a28ee2e4805d3ff764b9d99026a8ef2104ac7ddb9fe92dc59f6ac050cfc419ee5cb460e16061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
84KB

MD5
a7316ef960a731bb972beee2a8396b3b

SHA1
79ff93f3c9c512328921b2afc762ab8a65c401b7

SHA256
c4b1eb2a234d323438faa0544bb31ec5deb02286e7c246be3ccfb6caab2b469d

SHA512
66d7bcc17b5e009feb83b0d8c99aa74a04df3393b449a10bae3487ad2defb0cf96a080ad207236e7addcd75cef57ac298551994cbb0452a98b6ea5819e0e1761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
cfd081e87c98acfc9483d321d4b10059

SHA1
f758841b7dcef63fb882c356a9de7523aa7b03db

SHA256
be134318c96d24b9567f8021f349b8de82914152827d6bf0b90c3ff6de1f1b88

SHA512
58f9ab73af197b5c3fcb69cc0ff3deca8c5d5f8a648b9a6b15be5517433bc2da061802b59689e0f2ddecfae9196a760b617d187756ce305117677eb5076db27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
0bfa4311b91547fce191c04185d1054e

SHA1
cb66b1ce908b3955fbf89add184e78676cfac5f5

SHA256
0894529959d146ab906373248325425aa11a2aed62cc305f5ff3f77042211840

SHA512
288a0dbd3c77bb3e97f76055af77c21fa7d807768c8031625d47fd29b393b26e7d90c65ed57f25506d41345b786d0090ddf9b24efe49594584072e59a8e580da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
72b24c07565ce5a1fba5551ceda0dc9d

SHA1
3aa0aa6d31a11bfafff5c4c818c918ed8261d666

SHA256
4c1fcd8b0d237c1ce00e8ce3655f5c7952d8bd774934689876bbce8b012410af

SHA512
8fa46536502e6e38aac95b79919ce2fc24ef414896f0758c72bfc45077cee61afd396c70c5117ead73a07e3bfd2d5c16dac7e2f53dc9a0e40099372cf1664a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
0f4fd74e5112b7a3dad1e034285d0c8b

SHA1
2007b2c70621ee51d74434101c077597a36a7195

SHA256
a5fecec248283ff05ff5d8d726b5900fda305edf7859964b6866278b3aac26a3

SHA512
b34411f99a1edfe345c272abdb3ba7c918a1533855bc016685796477f0d003dfc4e3b90a5e90cde555b7e9b3f5fadb731a2ccf72399713e2424acc52ca276172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9ac0577f9bee27ae606c3286a32515b0

SHA1
2598679a7883c7f54b5711f96d1a715491adf393

SHA256
2ceb69fc23393deac431e914d0dc9ed9faf25144b049b09f2288d71c4c03323c

SHA512
b9e8a98f80f4d03f7af60f9af0b5448a9437501681ddd4fb1f3656e8cd64c3d31ec0981b81715c2dbd3e56fad5c1f3090beacbde608e1ee0649cdeb801f5f887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
0bda56b7dfc879645478d7f44e1befab

SHA1
51935abf4a34d0c37904fe2f1a5e6862a437141b

SHA256
64dbd59bc1da5ab4ea7639f677eeec33da8a2eb01185cf0e3402b41f25a9ad86

SHA512
d19ffadac89c57a3f3eb0ec56ad0a90010b1a91eb7834cf0b97b213a79a76d996653c939f1c9e86a2df213db9b1a1866a87c365f25b08ee41ec742d87edacf56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4420b90c0aab1c47bbe6082646934667

SHA1
d2fd0330a2a8205957833e9235dbe6ae030464c5

SHA256
60afda33696f1f8e8837b620c1bf37194b6dede071f4bbd77fc56dde4594c10c

SHA512
76c6109c3ae7c46538849d14c6b0a614890902f498991d41f0e87b6d88983f249c7954a4fcb6c6fb2e8e1084191ae925ea8fac01b601beb2e72f69022cef3fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b1f54371082a2a9441e31a974620fa8d

SHA1
4f71c158a636dcbb577084e02ecc0ca57cb6a05c

SHA256
d958a452c05b465849a95eecc23116575ab117438a64ed1a3fea3a13b11aa212

SHA512
0789b6c33d5ffa62f7de7087ce75fa6986d0ba8182a811a1c72ab5bdefce048ce858b00930ce0a254cb635826d7c33fb37ce8d1df000133a44310234324f33fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7cd3a7d7fd4ba5132ac330098043c3e4

SHA1
92251ad72ec77bdc7b5d660d7ceaf5e04cacedf9

SHA256
92ffe4ff16dde8f454e031b44ed026cbc76d189b539b15887d3258c0b64a97f9

SHA512
d3685c1d2c6189764ead4fa376f277187650ba1e77862d8ce1fd3951fb6759d39c77cbda125fe131419da39240d10c06b830fbc18dea079dd5fca748c43a8dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a0d6fb3d64f3150dcb8c5277dcafc16

SHA1
29931e15004f84e7b020f66a939cbdd0bd0ce878

SHA256
429b51f814ab60b8509409e6e604ea60cd5559ae0413a75ea0c3a60ab59c6969

SHA512
f4bfe86ce459fea1a22b77d82a5545c8c6999e6ccbb05c1bdbe121d7df29d988416121b36998f417cc6e73c8fc46230cd8d3b46a8b4992a7fad014ecd740f05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
19e43f8921b4603f429d83d7cab94fbe

SHA1
96be3af4c7af86b5a02e6ba86152708b13718459

SHA256
eb28b0fdcddf3bc1e51cc369df2dfdde790492938f5f88f84604604e7841dba6

SHA512
6b39231c19a0fff98f8bcc00e7d4c0d626f35d27c55f5693dbce630d69978d7791e395dc9beef40d14561c50722a88e1593e513ab910f0c67a25cb9bf375d0d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
cfc38c834ea57efaa322e245c856a5e3

SHA1
81a126ecfc4f6034c6972742a94d00fea78c2899

SHA256
55f42499c4bddd857daef89d3bf40042a779f222d883135536ee440afa7aa5e5

SHA512
324289b27f60ed7330a9e921a69f8623b1d20fa8e89fb08f9757c3baa3769d550b5486a77a0acae6abac124ae698be95d9eb016d12bb6b33cd5df0bab162c7bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
c0b65737ffffb695a8c8cc6a3baa5fdf

SHA1
d7ff7be967ab7dd4ddbb576958ef4a6acdedb6b0

SHA256
711015e00bc5224dee94877dc53f0134fd8cf6e4957c978f6f778d5d42386957

SHA512
f5bc3df92bb85126d92e6b2fada5442d96f023f0bf6ea8c29c9bd2e0916a67416c977325e5868f63870f7743365810bfdcaa3683d2a195cb6fd0435c33c69d7f

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9.zip

Filesize
35.2MB

MD5
578497bce725ef570ddf85f6149a8738

SHA1
be54e021807a1df1964dd42ea1db99717241e97b

SHA256
60a17d64bcfab89b55a8dfb52074a06d67047952e0e517d9f410c9f628b3de2c

SHA512
95370fa38aeb8f12d8b61ccae16c2c88549487c8a11f7bf753b2f5f230024a483fc4c9bea673402a4e440a3adf6afba51676db336e431a04abeae6d4b1861784

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9.zip

Filesize
7.8MB

MD5
f3bd4c3b4a1600e8363d3c0708645b13

SHA1
5b03f6eb2acf67718ea39b21fee51d63ee229d83

SHA256
f00aee3f20257775329afeacffd8931101afdd110751ad36df4bf217ce97d945

SHA512
80f1a5893f530b26f069ce49cd816d0ba3c099dadecef9fcff58b9113283c8d78f0b1994bd19170a5dc18cfc27614e5f75e5448bcb8030773cc6bc4952a2cdc3

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\INSTRUCTION.html

Filesize
4KB

MD5
b0e1a89f526686c61c41355a30092e13

SHA1
7fdca917d70a20c3e5d3cffe14c8d45be112e19d

SHA256
eda941b8de3d4ea77ac0137d63b5c71aa0847a6eab170bf661cd19d71442212a

SHA512
acb38e40eea7d052a8b2d3bbb4fbdd3a758255f03d4974d792eeedc881c4d7c3856d3fbc8b80baa490ccdb4ed8c91a719b1f3073e6db2e2e3cfe4315dce0b250

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\data\img\1.png

Filesize
114KB

MD5
89a33d88e2aa6a46fa4f0b7b683241e1

SHA1
b62c580644a42338302b34612e01090f0a45fa51

SHA256
a493f8b980d4e09ce1cd4e3ce156ab20d40c2ef11fa497300b76fbec2aaa73f9

SHA512
83848e65f6061b382906ba455d23054862a22d29204e5b106849537514b60d2f5222720efd8d4e7705dbf07125e1fc53cc7c3dc085414083404c546c355e4c49

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\data\img\2.png

Filesize
114KB

MD5
0870c1db5e925505aa2797b5ad07a6b5

SHA1
4c579d7a0fd635199211ffce53d2e20b3fb8c283

SHA256
0f83d55e6867da94a7506ac3d2542cea30f96dc51647fe2d6639a6a1fe0dcfb4

SHA512
df23bb4ac3f6f42a530d6dd177b5d98aebd8e882f0ec513660e8ff706774260d7619fc885861311eda28d8108a44139accd0c2ff598fded090a10830d0e91a96

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\data\img\3.png

Filesize
113KB

MD5
6a763d41c5992c965bf373204e61c133

SHA1
65dec8d0a7f966cb74a1b9a2c0cd774fa367cfea

SHA256
ae5ce85a742481df2a84d94c1bdcc74046a9ca395ac2d01f905afff7843d6131

SHA512
7a29d92cb621a5f9d71dd9167fff7a7610e62aa08b60d18e7f84799f05a7f3d386090f41abf6ca1ecc52ca1f4300ea348ac92aeb412e36c48063b93ad403aac9

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\data\img\4.png

Filesize
69KB

MD5
bdc950c8611a6bc19ac75c5b1712f103

SHA1
3e23ca79264af842eb93253b6623b7f9d6b38c62

SHA256
883e7ea2d1b2e1bb2436b198777854d4b060ada02965002ebd61a77c590d94a6

SHA512
20636a91708a78ab37b5a47687863662fa7ebd411cf44d98a1780798d0b30e39cbf7953c4d18105579ede1bd4ce25774a13da08909500946bf7d9add8813d0ee

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\data\img\5.png

Filesize
1KB

MD5
8b20bd00fdebffb9e0adde12c7c73ded

SHA1
85b43dca0348c9fc29f13f93474ff7b65a8b32ac

SHA256
24e9722b2e370cb11615aa1bc8d4576a2bb738442d5e9fb264e5a54b74ac292f

SHA512
d2e9c499c19ffe610e78911cff84584b0df74b75ceb89b4ce4c6f8bdd1b5869d185ab5ffcf212cbe1f628f7ba3e83911776d9bbe35c36a12301b11766b131164

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\data\img\6.png

Filesize
27KB

MD5
7766360527c4e1dec139797a33e1e274

SHA1
e89ce902ec3f24d30f041058abb149afb3ae607f

SHA256
f681226c609dba73ec92e93b28109ab5b8417785c68b1cfddaa53f3e2915f358

SHA512
0d05727f4341ef0e097fbdefb7bf812bda3820977784b308ecb7ec0800be191c5df449bf858a08dea33dfbbd1f8cfcdb3f8152927ccbfb9b7b5772e2ac6cfb11

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\data\img\7.png

Filesize
31KB

MD5
58bf9a342aef1fb74fc91d91b7334432

SHA1
1553492f93c54c63843cd79146b1dda587bb2612

SHA256
d1d3c6254d8e0f2f23a167c26d72599c574216fa0439ccea2e3790939df4647a

SHA512
7d855445fb3f4991c374970b61fc65a320e21fa216d3c966df98400f6a0a5999c413c78a8da5b5315f1697f4eff927369243d153202127bf05362171bf04716a

Download Submit
C:\Users\Admin\Downloads\nitro-generator__Application_65f23072570e9\License\data\program.PNG

Filesize
696KB

MD5
a3d4494188555fd642820346806fd1d8

SHA1
53a37fb21d1fdc91cdea14721eeecac83cc2825c

SHA256
ace20dad2b8ef82a5f8674afc8e9ca05f5f3f63efc798d66b43eb7124dc802ca

SHA512
a4265bf8fb50fbdb1b13b3d03126b2ec354cbd4c0ee9baa51911700e1be73753f549b1a8cdace269b674afaab04b03f545a2a383f3fd8a0b7898b8498a4a25e4

Download Submit
\??\pipe\LOCAL\crashpad_5008_MNMLKWCUKWAVUOJM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6108-390-0x00000178B6B00000-0x00000178B6B01000-memory.dmp

Filesize
4KB

Download
memory/6108-413-0x0000000000A30000-0x000000000279B000-memory.dmp

Filesize
29.4MB

Download