Analysis
-
max time kernel
86s -
max time network
77s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 02:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/ItsMrCheeseLive/Free-GiftCode-Generator
Resource
win10v2004-20240508-en
General
-
Target
https://github.com/ItsMrCheeseLive/Free-GiftCode-Generator
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1440 msedge.exe 1440 msedge.exe 4036 msedge.exe 4036 msedge.exe 4136 identity_helper.exe 4136 identity_helper.exe 3320 msedge.exe 3320 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
Processes:
msedge.exepid process 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4036 wrote to memory of 4084 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 4084 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 5024 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 1440 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 1440 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe PID 4036 wrote to memory of 3712 4036 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/ItsMrCheeseLive/Free-GiftCode-Generator1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcab8046f8,0x7ffcab804708,0x7ffcab8047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5928 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\logs.txt1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\Help if dont work\Dont Work.txt1⤵
-
C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\Ultimate-Gift-Card-Generator.exe"C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\Ultimate-Gift-Card-Generator.exe"1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\606.tmp\607.tmp\608.bat C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\Ultimate-Gift-Card-Generator.exe"2⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\modules\paysafecard.js"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5d2d66d43da4439fdf48121aef929c6a3
SHA1824dbb527524527b35e4d24e79ef277cebfe330e
SHA2566c559f18918140f9c9084ada4d5db85f6b0383cfbe1beb01db57435cb3704f29
SHA51215fa74ee625087f88e801af06b3d149ff270328d60e8aaad0f5acd69f0e33d099c399a146fcfe1b1bd63691b3ce053559041d7680101d6431bae511e678e5991
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
573B
MD501f8338854dcedc508e2ffb7acb86e92
SHA108c96796cf4bc927626bc6a46897410f788d4bbd
SHA2565e079b773e5f91c8361cd2235bc9ce7b3966e407f04dbace532914c941006350
SHA512dd3dbe305c5e7254efe826a70e2554a3f65a88d64285c50582d2b5ddcd32a04825f75e339da350a201797dc9236b097e3a719f10a04372b183527f49652929e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD59109098f881007d6e44d4c52bf233289
SHA10ea3fb22c3ac8d6c6066b770213c4f908976c5ca
SHA256564beba52c33b2b4fbe0b8c6faeb3f2a58cc38cbc5c3a277693dc780dd9187b8
SHA5120fb3ca9b82673ad49b291aeba914dc1fe3fe0b0e74376a8c404ea354a8ca77aec68582a64fdfd99eb983dc6b73b77025d8cf32d195517e80e92cd473375f87c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5cbebe1636292ed1daabebeaba651ccad
SHA10972e7e5f4e982a7f3c8f16cfe3046fba7a0d16a
SHA25615d960255f97ae1578e66f5153ed6c5a8a23be9cf7eb10bdf1698cff00f2d87a
SHA512b83dd2fc235a62b92a08894e309367b34a8da740df5900efef1cd9f2a8a20ea0872d1e06ddb7ad2ed62c6e3ec35cd7ff679fab3121009bc5870faa88e96d3068
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e6d83cf1377878f32aa1f8e60cf71d47
SHA1d199e357bc15a30bf12111b9d9a49aebf314938a
SHA256b993ccdcf6619e672225cbb14ac2a60788c55d6c76194f62d601b76cd720ebe6
SHA512b0fa87b10aeb2740fb2be782ca7b451ae751845a8c8c5fb28a717908cb07e573fd80d0d2dab3b8553db36a1b4bf1b766b53b486f215ccc16e1af11fe4f15074e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e6cae5b4ad649e83ecffcdefd1ecbdcb
SHA1909e2ceaf3be52578dd2b3aac09d94f770a64bf9
SHA2565af55d92aa05c4a9a8ad6d9d36fd70ef662362764440ea9a353ba980d55b1cb6
SHA512eda30641608ac79a4ea63002824d8c2284102a2b0b975fa792ccf0a2320f956f62701c9277cf3e6cdf8c61ee61e5e82b90eafaae68ffae4171e3aea5889ef1ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57953b.TMPFilesize
874B
MD533945242f718fdfa42b7227bc1ee1c99
SHA159844b5e3cc26564f3dd54c46b1b5b9b5b10a526
SHA2565292f6316ec076864e30dd60b5d4167f0e74c696b3bc6f5398968799889f5670
SHA512740e3040706c4ac70a9f3bc0f4320c374f0fcf7ac92542af0d0950585149c9405f85b68fa3adf88fa57afccb63d06314adfcc3b0210d280d4bdeeafeb03e482a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59d17d326befb1abff85207e965643f40
SHA1fa17efe3cfce3372a5eca2c3130f59fc43db841a
SHA256362353f5e9b8e237a4c13ed8c666b282c477ff5c269b341b525fe5e06c23619c
SHA51223f39cadac0dc47a4fc1482302243f2c793dada1f7cc79f6eea5474283d199950b3d914c3df2021220209f5893f15b20d6a5b3f3400024380d9698fe8ccee848
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD55f9074b77961be7cf1fef3d7ccd935e6
SHA1104303cddf4ab1fe116b1de3cc6fdd49cfe1fb35
SHA2567fce730bd1592e7b683150bc735c078831e481c054549a2e42e0b45aca59ef07
SHA51272fb4713c4223afc08a61efad2b7ac50727b32b0380d448378a3fafa86d4c26cee9bd3956af4a9e11bb1462cdd4c48304940c0096611c0a286419c10ffbf80ba
-
C:\Users\Admin\AppData\Local\Temp\606.tmp\607.tmp\608.batFilesize
2KB
MD55cafdca703025cc67f10550b33fff79b
SHA10ac7c7eac6a8533645bf01a29d5a86b81dc5f343
SHA2561d8b7531aec926a4f902373b4d00004692fc2b07d0913bdd576d97bd825631ee
SHA512057653b09a141f940e81d58cb43b199e6f7a3dd6194eea33202bc9f86fe355a1b7f0e961afb4fafcd447b4be988ebde126e9613ad19fbec8d327e90a34de1a58
-
C:\Users\Admin\Downloads\Free-GiftCode-Generator-main.zipFilesize
118KB
MD5dcf6bb67024c988985c024327a594f79
SHA19214dca073e57841fa462b75fab521f5e1c615e1
SHA2560f0ad31555ae43b39ae9a705dd7a22a5c67c6192aa1703005d7e71c128d16f00
SHA5124058f3507a152639b46d9d19fc9ff4d1390921fb1a40118f0722d22a10c9028dd867051fc9d0a75522e48b6464fad1fb8ef209c1cb07ddc4f44da2d16d75000d
-
\??\pipe\LOCAL\crashpad_4036_AEXOVBYLDKUWVPIIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e