hxxps://github[.]com/TKperson/Nuking-Discord-Server-Bot-Nuke-Bot

Resubmissions

10/04/2024, 20:07

240410-yv55fsac46 7

10/04/2024, 20:00

240410-yq8d1sab38 1

10/04/2024, 19:57

240410-ypd4sadb91 8

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/TKperson/Nuking-Discord-Server-Bot-Nuke-Bot

Score

8^/10

pyinstaller

Malware Config

Signatures

Downloads MZ/PE file

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk	PowerShell.exe

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x00110000000232a2-226.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 704942.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
4276	msedge.exe
4276	msedge.exe
4912	identity_helper.exe
4912	identity_helper.exe
60	msedge.exe
60	msedge.exe
2412	PowerShell.exe
2412	PowerShell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2412	PowerShell.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 2176	4276	msedge.exe	84
PID 4276 wrote to memory of 2176	4276	msedge.exe	84
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1476	4276	msedge.exe	85
PID 4276 wrote to memory of 1436	4276	msedge.exe	86
PID 4276 wrote to memory of 1436	4276	msedge.exe	86
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87
PID 4276 wrote to memory of 2756	4276	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/TKperson/Nuking-Discord-Server-Bot-Nuke-Bot
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4c5946f8,0x7fff4c594708,0x7fff4c594718
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,14714650713955683674,4568629732364154326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1604

C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
"PowerShell.exe" -noexit -command Set-Location -literalPath 'C:\Users\Admin\Downloads'
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c11a22dd68716997465df9ec20cf7f4c

SHA1
6c6ff1d4662243d86a93d3e9a8370991efaf5aff

SHA256
9a2a0a4002b0bb2984f82d41012bfce62e759e85d64e088765721b276ffa94f2

SHA512
acb602e31464bef86ed9ab3e701877cd0ca995af19745d96f2efb42c07d7b10bdccf215db2fbf87ef3049f243d9ea15338312203c1e8eed323f17b3b43027c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
5022b10efc3c6d669ded7960cc594a19

SHA1
a79ad985b345f09f5f4f265ba1867800ab4d3be1

SHA256
a6c395932ed70d3a45247d91c6593b48d6d389a52aa806ad484aef62b63c8e53

SHA512
a496101a7c30b7205f91698eec23c53b52d80a24a2208f3184733b905fd34066163df9688e00856278fc536fd955bcb0d2c62f3561f28718e378a08754c53c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
06d28600c65127577e9102f174b4ae95

SHA1
727724d607ca9b2616a7ad04d83e94f4e9f896f3

SHA256
61a095d24a98060d862122b78cebb5e96cbb8ab0855ba49632054b98f58cb48a

SHA512
e32e4a4d759f0c9b40ae930b48fe6898cd664b3361bcf1d40899325728238fcd368e53a16b9ae1d8004d399cb821dde2a91ea01ece5e32f1a7bc92e4613f27fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1533d9d57b8cc159edd20ed2351aaa05

SHA1
3f69d81df038f58331bcbbd273507c8d6e6cb7b9

SHA256
769f6ef4e03fc103afc1a66f3ea0bcb1c43487d6e7b8d7c98140b05a1698f9e8

SHA512
06a68acd2cae40ac238abe32ad958300e1b25b9424fa9fbd4d2b751dbd6f445bbd4104e4f7e1bfc064d823206ef668ec99021552d6ed0c6f882842424be239f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91cbf8dfedaffdd02fe39d1613af600a

SHA1
38f3a87bfea2635c601f579ad95425335e60eea1

SHA256
253308e4320af4ebb9fd63037ad806801fd0ce8e53561ff7e727c9cc57284e80

SHA512
6f06224b4b8859bf60620826dd6d3b81fce0b4206f810095478455e1941149eefc582236cf9745b43a71aac61d3993cc3452259cc496a0d7c462aaeb74bb476a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbe9bf6882923e0483dbcf9f48a5b2f8

SHA1
1f447199539ae27fe667f1b2bb19818e94ee523f

SHA256
2678ab89c921330dda64a8e9d8ae3bad604f0d89b2977f7a1e849e1d733a56d6

SHA512
2f3f80bb514c5ab5674f6f6def2eac757c44d4eb34f830a2dc8dee25c54b79214b93dd2e3ffc92a391a186825933ad99fadfa23bfbf0be313224a1d701b7e5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63225b1ea25c8373f276a7250de874ce

SHA1
6cb1faf37eefbefe8238f274a1138a883220e4ba

SHA256
b37274fc5fc2ef310b4e189bb66b4fb348cdb39821b68887dd9242c628ea7a4b

SHA512
1b35ee7163acd06ff593ee96747e35c6fed67c27a316c7f283f5534376ef62c2915b33063b33b7e9de9d4c7150857adf50dbfc6158330bb8fbe0c97642288daa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
d94b46d62df59957283ea09f1f2e35f7

SHA1
4c3fc3e05bd16a6049ca0dae4d7a25e3675ed0ce

SHA256
825e3e800d14d5392d6ee197e93b64d98a092a256bb6b391c1ff8b88090e80ce

SHA512
4b9f892c0aa40bfb97d01e62ed69f687458c5b1fe8d125d9eede707fa731cdf4a68d4f16a77df050096a92ead048b0a0f5fc51f3b04294f5c412814c4939cee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e465.TMP

Filesize
874B

MD5
e900cfa7371dc5e49299b2a97f990a01

SHA1
8a396ef56fc8fe5ca32567b5b156e715f896ec7d

SHA256
9123b972ba235e042e5ecfd86d506e21c0db1c798f926a49c8caf32ab2aba40d

SHA512
eab8831cb9aa6ff2ba064f724228f629d275459c0e6368f87b8f9c62f6cae3378053a45e5a96081095fc19ab57d76f53d9dceda015ee15f373882131fde852f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b54fc2fa-613c-4110-9ea8-9836bd3ced71.tmp

Filesize
496B

MD5
34a72154ed9746a609b29d25ad8d6469

SHA1
ee1fc6413972b90af4973bc1c158c47011e757b5

SHA256
629a1e55ae58d7e9e13caf2aabc58ad73415b514df679a5e15ac561b1b549f10

SHA512
2789dcc6843a73666ed06d51a7bfb8e92dd7c0a82062dc0d252d883e4c943fc229932fdb1410e9d40d7a7dd965623f3df582640a0952adf7feb7e05a68e37d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cf022d1755df31fb836213fffb86e367

SHA1
11326ed607caff38e1f8ad59bea9b49174ec1231

SHA256
e0cdf189ea6b5081aba2f67b0257606a275e58a2a46c69eef5816332e64e641d

SHA512
42536e4b7d5eb1f83ce9f67ab8022959d8e760477d1980f42caf5e22c3abb5bba48e4a2ba7fd7b890656b2a44d392c2e81adfc600d261831e5ff8027da08ef6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84a269810159704cff33a050f0fed4bb

SHA1
63a3bb1076bc13ca9e60f584ffaac1140d82cc27

SHA256
9cac27a04497d5163e21d040b601b5215b156a7dd739c2ba930af8db333e1156

SHA512
81d0ce1992f5968f19b7d8347c7ba019029ad67ae846498eaadc824c93165aaa346007cde7af8bd11c5cc945d1655fb33d4f1160fa80483974dce18351f56b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7aa822833a3e0b287ccf623b4f25078a

SHA1
cbbc1e95fca041b968d38ecbabb12b9a631da1f1

SHA256
70b7b7056ca5051fa5c64a9fd2a58d21f95362d63ee26ce39b3f035727ebcfe3

SHA512
a48a87dd94eb77b02fd05357a412256831dd6d6b549f35b67b1d0dd13ba72a0ff2ab5d8170f9e6aa41e274883b3811846225e30b9b9c4e01273901f401ddc592

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hidj3j0m.r3b.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 704942.crdownload

Filesize
9.8MB

MD5
cf88f81270f9a6abb71bdfacb7c5fc96

SHA1
6a99eb6f3b0b266136f86f81070afe8df4622615

SHA256
ac7bf1cf5d4b2ec6de9bc3e5f4402df6d9d7ebe089cdcbbcf7be8a8995a56f1a

SHA512
6657b2eab3d2af4985d46ca7fc78c92d1cc9a3913b2bbb0182dcd13702e9e58abac7273727afca031bb826f8e9e99c2e881ff7cfe1b0bdd2b9e7b68a04ee9785

Download Submit
memory/2412-415-0x000002BF7CF50000-0x000002BF7CF72000-memory.dmp

Filesize
136KB

Download
memory/2412-420-0x00007FFF3CC30000-0x00007FFF3D6F1000-memory.dmp

Filesize
10.8MB

Download
memory/2412-421-0x000002BF7CF90000-0x000002BF7CFA0000-memory.dmp

Filesize
64KB

Download
memory/2412-422-0x000002BF7CF90000-0x000002BF7CFA0000-memory.dmp

Filesize
64KB

Download
memory/2412-423-0x000002BF7DD40000-0x000002BF7DD84000-memory.dmp

Filesize
272KB

Download
memory/2412-424-0x000002BF7DE10000-0x000002BF7DE86000-memory.dmp

Filesize
472KB

Download