hxxps://citra-emulator[.]com/download/

Analysis

max time kernel
75s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://citra-emulator.com/download/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
4880	msedge.exe
4880	msedge.exe
4440	identity_helper.exe
4440	identity_helper.exe
1720	msedge.exe
1720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 5028	4880	msedge.exe	80
PID 4880 wrote to memory of 5028	4880	msedge.exe	80
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 1280	4880	msedge.exe	81
PID 4880 wrote to memory of 3080	4880	msedge.exe	82
PID 4880 wrote to memory of 3080	4880	msedge.exe	82
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83
PID 4880 wrote to memory of 2488	4880	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://citra-emulator.com/download/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab30c46f8,0x7ffab30c4708,0x7ffab30c4718
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12126564151873747069,8852908570566007706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5480

C:\Users\Admin\Downloads\citra-windows-msvc-20240601-de1f082\citra-windows-msvc-20240601-de1f082\citra.exe
"C:\Users\Admin\Downloads\citra-windows-msvc-20240601-de1f082\citra-windows-msvc-20240601-de1f082\citra.exe"
1⤵
PID:5684

C:\Users\Admin\Downloads\citra-windows-msvc-20240601-de1f082\citra-windows-msvc-20240601-de1f082\citra.exe
"C:\Users\Admin\Downloads\citra-windows-msvc-20240601-de1f082\citra-windows-msvc-20240601-de1f082\citra.exe"
1⤵
PID:4140

C:\Users\Admin\Downloads\citra-windows-msvc-20240601-de1f082\citra-windows-msvc-20240601-de1f082\citra.exe
"C:\Users\Admin\Downloads\citra-windows-msvc-20240601-de1f082\citra-windows-msvc-20240601-de1f082\citra.exe"
1⤵
PID:2444

C:\Users\Admin\Downloads\citra-windows-msvc-20240601-de1f082\citra-windows-msvc-20240601-de1f082\citra.exe
"C:\Users\Admin\Downloads\citra-windows-msvc-20240601-de1f082\citra-windows-msvc-20240601-de1f082\citra.exe"
1⤵
PID:3264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
16KB

MD5
174653792b35f9a7ab2bd586b3c13f65

SHA1
c389802c901f6c6df7da0c484b6ae125394e0c8c

SHA256
6658aea2fabcd288bcf27b28ca6b1c7df7ae6a6d43a669dc63ab367fd33be5c1

SHA512
1c08b1039fb56043e3727853dc17f152f8c13d15e608d29a3fb4f1adce7e9bf50c7cf4a2bbd1cd088a272d213647cc09b4b23ca82fcaf7822006ca5074f703be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
51KB

MD5
21355be43ae63ab1e181353cee40eff7

SHA1
2a67c6e5a660d386c057157fa4d4bb3ed1ccb6eb

SHA256
b4b62b9906c639dda0bfa750da12e5eb417a0b35026500c6986027cc7fdc10b3

SHA512
badbf7fad7d7b81f6104209eb156b824f924e7ae7c784eed3fef4091ec791201a465206bfc44107c6ef6a5df358d975dca193afd35315a7dad452153714e0e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
87KB

MD5
fc9a9d35ed6e872da6cf127858f0f417

SHA1
38ff3542d795ce65c74c6760f44ae744f1556b54

SHA256
a9eb92fc8065545702312ba93948bd99111b6c32ff97251bdadd59c7ddcc7b99

SHA512
ef1be9ad2d4732bad7a12a9739b4faa2c404c6ff9cd4f0667d8228024e8a33b3d9e18e245c81eb7f0cf863d4997ef07608247f234b4aeefcdd74fcf0d0786437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2dcfb28e542db0b82c42a24ec1c549c5

SHA1
422ff97157bc387a520fe852a3d84151d7ce8853

SHA256
a519bb61a6398e03438292e7f954cb09ac667a33dc872d168f121a9798d55f26

SHA512
28bbcfa9de30cd7804619682ae851e148d2a938b01e28f6e4119980a785625aeb7672c314e7364ef2a6c2c9707b3db77d27852b2caee742a4c0599fe81af9f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
143KB

MD5
2a5757e0c277d93796e777ef64e5502b

SHA1
6490c5482d555eb7ae3cffbd9b67374fae637aee

SHA256
ef6a5a52ec4ebbc6b9c0cf3d57cb81359cb8dab2347f253edf82fa365c622537

SHA512
62df5d80659afcfdbe95d1fa6bc9e9c12fc403bded8d788fe6842542400518b56e9feb0dcb2cde1ec7453754f2bd7d946d3720efaca91017513b288995c57106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
e3bcc4d955bf08ccfffa51b0cc058788

SHA1
0b57e52d9a02516ee63100049eebd6596a5c0393

SHA256
856be9b267e08caeaaf2d75649d6d3023960a0365559adeadc230dbe48faccd6

SHA512
8ab0db93688aa184ea07914080a55dc57006414288ce4fdca43f2bd124dc9601d7c00e8399d0098db3b2f4c0fd890e186df19735e24d09d3672d236ca5ff1193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
19KB

MD5
ce1093c800c0933d7c9674eda75790d8

SHA1
371c2dcde092f51b18852e2617bc6c0c176f5873

SHA256
57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89

SHA512
fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0866dff5d9eb3d8da6f63cb54f0b253f

SHA1
2514948e51784644a34c1512956d3d4b727d62b9

SHA256
f7c3d8b62d1fe63bb35ae21b0dc31350c84b932715392c57c039d517e7bb2402

SHA512
81174ada343bd0e61062d23a3380da3230f01b4b61190d6b687d5a1976cd5bd2fb3d182c164f271be42e369762b6d572e0785f12bbe19902f93e168a15144b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
73a3b1fd24b8e015ee35e12d8016238c

SHA1
2caeac57069c88a32b14bd9e08752d0377dc1613

SHA256
83cbf61fd616a76f14ac2310c3e9a2e2d97306c84027ccc353e9460cdbc3b7ad

SHA512
e744a155a1e79af841743e30b8dfdc576770bfeb2b12d54e5c0958b263c26b93904a1534862d74b9474f7bd5b2694456211896889ba1573102ced7da70129259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab82a39af0a75b3b363d4349068a3246

SHA1
2c17aaa94a7150d59ebe3b35ad0503bef59daf63

SHA256
a230f53b7c10cd3b8c0a12da4c08807a4df778f10991d5c33b2b3f65a55d8fef

SHA512
88af15bc3f3eb11526e7f4236001000120536d5be27c8291f04b54b4f644dbc519e53233234698136b80722aff4504a3ebb222d027865310c8293bda14a66a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9fe068458ec297698811061af4b6b26c

SHA1
bb58a6f4c0d4ade2a1adab7ffc8d5037675d1ad5

SHA256
93555eea88712f6a2620bcd3e9f24f3d6c6ed7349eb59f18f684966c4caf8931

SHA512
5901384d1f656cc39ae24b0db63e4b5facd89478029f189212e610d428ec2e29c874233645678eb06210b2787fb29179a2730bc199933da6e73e900599721ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02bd527e1244aadea0cbf61f0755dc15

SHA1
92163f500bf484ce9ba5f76d8fe624c25e1fb5ff

SHA256
1cae90c1c263d30a8b6cdd2a21e7312ecd17f90ad1b43ef441c6f3eb31efd8b5

SHA512
44c332891c1fed75db6c06bbf68edc6d4ec0799ae329beaa759c74ddfdfd28e17f9e41159faea5fb28c5c5228ec9714f84d616bd17f980e1ec225458a85c2fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
103918639cfe935cd84bb8e2b644ae65

SHA1
82745d1780eb4aea8539f963d4de8a206bd46d91

SHA256
68a52b273dcc2438f1db40aa4481d860bfd3c2daf23022959ef693932bc56d1b

SHA512
d1e62bf5db80dfb4e6e421f2d536d6f251490250dd7e839826cf5ea33b9618e443a74813739f1a7737fbb895fe93b6b6f9a6719794186289fe8e01a2484103ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
24e30ce5330fc021d9bf0954f72d07b1

SHA1
772ffcad80cc32024733dd3b5bd1939d2773e4e5

SHA256
bef66dc3bea76047cb852b67a1851237728785481b318ce212d7f75d7ad0ee89

SHA512
9d93842ff47d132d2ad60c066948b268351b1e626dd8809d568a1e0aa3360dc384f2944dd5c2b99383a5ecd213f17332a74f77251ecee7ab88858d617798393b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
7a99fc2967dab826d6609edec784add5

SHA1
910d88ec4dc300de4fe6cc6a5b623cd6b23d746a

SHA256
fa50cba4b7e6d70a7343b2bebffda44fc66499bd93845907c26fe590e8c986b0

SHA512
13da00286b3c17cedf945f0d7d06ed3098d02f1c16e90d588986d1bd4f8e145890a2ca4aa19bbaf5a57efdc1e42a143c1850e80f7c5fa1ed4d0de24a243b3487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad47.TMP

Filesize
707B

MD5
580d89aee28a9e131f2326cb7aba2de5

SHA1
0eef60c78c24012c9ed1f3e33a3a1ad29b1d81db

SHA256
c8f5a5f73ff5fb7cdf9ae7c60e3d27a352cb437df16e28975253c830f3533a47

SHA512
6a8a5789baa872c9cec65827d00a6ad9c33619e6a1ec4ccc70e1cacd0f58c6d1d24268f09490408716e888f346663ed4ced195e0cc5fecbcc63536d125de0e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e8a07402-dd42-40f8-bc63-f660c59d6f1d.tmp

Filesize
5KB

MD5
d9d51225fc88748390fed41e91e1d4e2

SHA1
db012e97c3e0679b21023fc4f6e04322e8517dec

SHA256
d882aecc1193a0db377da709093a60fa216a02badee63981a0c95ad4c547f641

SHA512
d3c0735d959c824fd916cfd3daa7f87b4da014f646eccf85b2625cb24d822858f44099363e0447653287287ddfe118a057460ad49cf6a73d76bc8dfb62d95a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29a5c80f807212f3250439feb3ff2c6d

SHA1
7f4a4c42353c1c0c11b29a1170f80512f4c0c5f0

SHA256
126645ac97b2f9f9a5fa647ffda6c7f8fe6667abaf3f7ae7f6187910e95637a3

SHA512
2e072fba25ab9d88c6b8553f32f40c6066729fe489101e03f77ebd06e2f0cdc795dd81a868a9eb7d52815040cd10be9bdadf70061cfabd4cfe0f51a89b660c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
094623e524236b3bee1fbb3be5aa9f7f

SHA1
74814dca013a1d8918348bef071f77c82c985b0f

SHA256
6d4a7d2d53b53873197737ecd97715e28bbd489ddcbf53bd7a902dd063c33a8e

SHA512
c279077c02d9664e4c0265319702f65603eb1d2b73ad1ecf312709cb6eccc79522d7f90c9f3882e092f2383863574db20f871fc85edf9b817a1c9cddc592cf58

Download Submit
C:\Users\Admin\AppData\Roaming\Citra\config\sdl2-config.ini

Filesize
12KB

MD5
c0c80f738406e224e6235c1b269a8db9

SHA1
21bc4c6e6470c9dca8a0271af01c8f2b4041be57

SHA256
1b21feba5674dd9abd348fb10c77b314b044bf13b7e9d362cbfff3ce89b22166

SHA512
c097f715dab79a98fde55026f6867f24239da45078f597250f1e518b4ef835351f7d52f3e042b06fd2f05e95b24e826c4b48b64410146990c234c895af4499ec

Download Submit
C:\Users\Admin\AppData\Roaming\Citra\log\citra_log.txt

Filesize
244B

MD5
766ee93c1e92ea647b2253ff0ffcd3b8

SHA1
b22e012e9c22ce6944c2a4875db597e5ae0af40b

SHA256
57857dd11f2d33127254b26526e8e046a84d1ea73e5ded477ffe11af45445d49

SHA512
6848d9ee6eb37d1bf2dde417115ea6c6a302da029375a182178704c2c5d5f595b9d5d99c404799e7e5ca0f5e273ee6d76556765c7fbf836b63a3e2d9674a3c87

Download Submit
C:\Users\Admin\AppData\Roaming\Citra\log\citra_log.txt

Filesize
244B

MD5
687529b8b4b3d2563780c25f5cf0f649

SHA1
dd638a512ea139ca70cf528209ee01afb4fcff85

SHA256
23611af738a65e685f61ba8d61a4d4fd679889cf0865b1db7033f07f3ad5f365

SHA512
ec1b1a87114d21a00e5fc058e939562ac9c8d320f62e45b79a5b547839a8ad9d1a9876d3c4b284ae216d0b150643db512a454951e891d6f5c5fa3b3680f1aa1c

Download Submit
C:\Users\Admin\Downloads\citra-windows-msvc-20240601-de1f082.zip

Filesize
30.0MB

MD5
e28415c2f35fc2df1914c9eece0383d7

SHA1
c2af21cf21d8513dbacc5b1a0c7a0553934f5f86

SHA256
57c10f52c8af157182ea68e5495ae46fd4c7ec0dbd217fd03569b91ab2bcef48

SHA512
739748d96b229defe16552bee84b4c22dee3d9a32ae89a3d4acd59eab60326c461c27f26faebb12e20f52b26749c086764b09bcd929732bbfdf9bdde66295e4f

Download Submit