Analysis
-
max time kernel
133s -
max time network
135s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
13-06-2024 15:53
General
-
Target
https://gofile.io/d/RVPzaO
Malware Config
Extracted
discordrat
-
discord_token
MTI1MDMzODQzOTQwMDc4MzkxMw.GfV_yu.HzWF6ZcJaz7Yw87TGxUFSwuo14lozuMNlgXOaA
-
server_id
1243114572278141000
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Drops file in Windows directory 6 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 17 IoCs
-
Suspicious behavior: MapViewOfSection 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of FindShellTrayWindow 47 IoCs
-
Suspicious use of SendNotifyMessage 46 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://gofile.io/d/RVPzaO"1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.0.497840594\1799414579" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4aae818-107b-4741-8410-7a368c58adf3} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 1828 14fd5ef4558 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.1.358750845\222648262" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2164 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b50a149a-3211-4ead-a6ec-8dfb2874d87f} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 2180 14fd5e03e58 socket3⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.2.1409832301\1582235655" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2896 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d8d2ee-5c24-4389-9f68-f0b57b890b23} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 2868 14fd5e5e158 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.3.1975653109\1216459858" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4051857-eab3-4fff-a6cc-cd07aa09d5bc} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 3528 14fd86f2a58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.4.1760189678\1819340115" -childID 3 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08141ed2-eae6-4a39-8059-50cfc127c591} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 3892 14fdb3af758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.5.1663639183\1103121469" -childID 4 -isForBrowser -prefsHandle 4852 -prefMapHandle 4904 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfc6a7b2-edf6-4dbf-819e-3d270f7c26fa} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 4844 14fdc885958 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.6.1144153019\1641060523" -childID 5 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a74eccec-bae7-4095-8b50-d10ba2d3b06d} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 5144 14fdc976158 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.7.1737797071\1653838769" -childID 6 -isForBrowser -prefsHandle 5348 -prefMapHandle 4880 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {377566f8-1078-4ead-baab-db66fb4d8d96} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 5336 14fdc977358 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.8.2021948642\650235736" -childID 7 -isForBrowser -prefsHandle 5684 -prefMapHandle 5692 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db7c9ba6-1432-48b9-9e51-166b6de491ed} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 5436 14fddd66358 tab3⤵
-
C:\Users\Admin\Downloads\skcrypt.exe"C:\Users\Admin\Downloads\skcrypt.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157Filesize
4KB
MD51bfe591a4fe3d91b03cdf26eaacd8f89
SHA1719c37c320f518ac168c86723724891950911cea
SHA2569cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA51202f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xmlFilesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\bootstrap-icons[1].cssFilesize
93KB
MD506cb502613f99040e534fec65fa725c7
SHA103006f32792e033497e9ca68373b6c3386305933
SHA256e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f
SHA512734faf4aff6d9c64b87f3c1320114f71d099d10c0ff9a4de3ef65e009918a5b8faecabd0e7e56b2630e1de58a5e3c2c82c9c6120241feba750f2dfc12723a8fe
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\bootstrap.min[1].cssFilesize
190KB
MD516b20908101acc6624cb9446fcac64a1
SHA1b7cd57a4fd6a1fae6126150f427ef217397293e4
SHA2562933c96348a4eae7cbbf8f280ca0981586a9b5c097ef952b996cad7d28f2fad0
SHA512b22c1efe85cc8528c60b02e7fac72b68f396ac9c4795480c04c65774f7b64e7937234c771120a82f3ed66793531fa499af2c0c63e3c1d5c8f2a89e63025b823a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\warmup[2].gifFilesize
43B
MD5325472601571f31e1bf00674c368d335
SHA12daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\RVPzaO[1].htmFilesize
9KB
MD5ffb61b4ca45ab3d92871c042cdddff35
SHA11af12b370063bcb21f01aed46d4868fbcdc8acbf
SHA2561fb3591a803c615833528204afae0024ab6446adb6b661c395a60289eff524f7
SHA51285731e41e94dbe5e8ba71d124f6320ad6ed7930b4b2552669ccec971f1ee8da65b07d3036a8aef6efa3cf857517fe591d8acc051e52d0589dd90a02baf82d462
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\alljs[1].jsFilesize
222KB
MD5cf3055f0a76de9b153d08b149f0ec5d0
SHA18d5da97d6c62532c6871f52c8731d4f17074e985
SHA2569352feaf87550220dee9bca539cc054439b7b4c213d13c3244cb9b659dbbff8a
SHA512e8fe847f7095033e9eb7d51168a12b09c3d4d3ce736edd985b03a735fd49b43ccb776046eaee4ebce0281a565200c875dee5491f62e9d6a92d0a74111c659075
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\bootstrap.bundle.min[1].jsFilesize
78KB
MD59afc1e0eba9521f29775ad2f6ace3f1f
SHA177bcf0c882fa4be8fbead35052c39a944f9035e3
SHA256a85b2fe307777c8eb47f06a1eec399fcbddfe83d252fd202d3e1358051fcf27d
SHA512d532b8863098e7e13d1f7af9fb4e5b1066ca1b22b9d3a59a0cf7cf7b5b3f8a1c118ebe8eb4be37cc92f338543eff372238d11dfaca7b2f0adf3829f2ba43d2b2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\chart.umd.min[1].jsFilesize
194KB
MD50956511163142649b6cf52a819ca8641
SHA1177174c1e7b5650cf3cf0c184077420f6b67abc7
SHA2568706c07750059d4f474353cc469150fd09a539df6f8830ccf418c47709f25b36
SHA5121828b09b30346cd195b29d68b734c9e0b5904f68e318910d2c6c8b95eae5cdc90d237d26a22d84413d007d123b7cb618603291fbb867ba1df9af7cb5b89cee83
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\customParseFormat[1].jsFilesize
3KB
MD517f04d7e2386c3ceeca2758bd27321fe
SHA18ecc81c22b1fb7af251ae237f84b76ce5892662a
SHA256cb72289f70690b272267a0741402cdc3f4099ae40c834a13cb60a59f99fdc091
SHA5129e4a524f47fafe0bc4a5e61e96dcbdaae13deef24dbbe96dbe04ad714b13fcaced790ae6f6b5e6c5033ccece4042f712be153143be5d333d780cb765eee633f8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\dayjs.min[1].jsFilesize
6KB
MD5fc50c4b32f73acd0ca4a31e0b94418b6
SHA14cd4b7159ca9e1de084a7d1ede12ad51a5d4651f
SHA25611f24ea8272c8454bfd93c6102b511bb75a7f1bfd70c0e1f6cf58a4b067ed41f
SHA51285c57a0d7df904a8224e2598ac980f6eedc5c52e82b028ca826aec3d1a543e45d66ef3e22b1bd2552761597d325dc3dcb4e236149e163fa375cc7fb5ec1fec00
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\marked.min[1].jsFilesize
43KB
MD5a50d303b83ec6ced6c105da710623629
SHA104f3659d853b57d6e608909960d4f1f4c0f01c04
SHA256d10fcd57fbc3eb87320fe1469bcb522ded6c480f48ed51c511ef6da20f165760
SHA51284f825fdf56aa5b9b3dbd5af65d74609c3c34bcad4778193d837d1188437fbbac660540df01629dc1977f4e831f7731160854dfae617e088310cfe39a3d79c4d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\plyr[1].jsFilesize
108KB
MD549ae56a37a5b8dca563256fb605f6260
SHA124a8c5bf85c8d1bc7a9586d998308c462e28cb71
SHA2566729042fecd6e011c0ba45f807dc93fa750169d7ac57c14daa01069f14430f73
SHA512508eaa76781046d439eb85c706c9c7307827efc23a5b7ebe085c173b9a38a32ed343d8916d14df105203922dee0fbe123d74ec185e4ca12fe7cec6d679a2a9b2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\qrcode.min[1].jsFilesize
19KB
MD5b33682b5a531b8617d4ee248926fba84
SHA1be527be38f28d55217b02f818ca67987f433cada
SHA25685bd0e28180f06b7f944d35dd07ef1ce75d6d9b63c2d70cb8e65f8b566c43db4
SHA5125eda51cdcceea9ec42c8f3a6e462decc5847e74aac8dce4c0c190c0434c2abead936b7c836c5f1c8c76aaa25050169381a01effba7cf7d7f8f8be304b439adc8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\sha256.min[1].jsFilesize
8KB
MD5e5a5b331cf54c474203628eb9398470e
SHA16d2e5b6a22edb7d95e0ac7523d74f5f7013cb344
SHA2567157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a
SHA512b33279152a3d8449975deedbe40515b67fd69cbf1ae55a1f9c57980b68b6cf4dee4b62e101c87b7b034b6e5e5f96c1264d38a630dd1e9c1660ff7b10f98392cd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WJ79JOJ6\allcss[1].cssFilesize
1KB
MD53a6bf9ca7770a5ad5d8f3e95617fd15a
SHA1dbe7076f2bf5f2baf9926d38a7f68c34d32959e2
SHA2566cdae1b50efe90bd846a6f76213cfbe0f0e212a95dd60c31612b8baa2dbac931
SHA512633c5eceaa2777cc414be3826eec3f67dfe8a1e2c0b11190d0166d111d3be9424e265216c59dfb6b7d334fa56e40cf2e9cfb5e4b089fc797901f20b04b797308
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WJ79JOJ6\plyr[1].cssFilesize
33KB
MD5e039a23ea465d2de0388937695a7e724
SHA168e95d5b4060761fc2b0b58a593ebe7d661c52f9
SHA256bc3b9c09bf69ce51b930e86a23c6f249f9cc6dc98a84fd278d4131c9ddd78f43
SHA5125fedf2fbff555599108ae7bdaa86cb9d22537e46ecda50cbd7a25199338fba4bef35bfa813eba76b1b367fb8b93e2c1ee9952a55deff9f49daa189f22b5e0336
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WWQI7LX5\bootstrap-icons[1].woff2Filesize
118KB
MD57f477633ddd12f84284654f2a2e89b8a
SHA117dad0776899ad1beadabd061c34e2a22b2cde74
SHA256966620f9e3bec428663687f9e8d67a6b8e35d79adebf6fb204e9b139eada7599
SHA512b46baa2a3ea38512f8b539774c751004cc866d085a9739f4c25f2ade9d97c10d6f4b20cf87dcbb6a003e0df0ca2df200f9036a4c76a013f24c57d365981f6e00
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WWQI7LX5\bootstrap-nightfall[1].cssFilesize
50KB
MD584952f98cccb079b3f36f29c0f2f7d8d
SHA192a207064b6cb9cb6104bd8b3dd1e1e3e789b26c
SHA256d9a98b67c7edffef7138d578788a1c25310cd3561b94d8bce6999f40b0073186
SHA512a052abb5bfeb8ece88ce62b46ecc920db7db71467f1433d96fdc13072ec4dc4a67f13853f4d14e8f5794d9fbc58cbe1bf94e9f3a2afb7dfbdcecc2af2046bc37
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\FR9BN32Y\www.bing[1].xmlFilesize
6KB
MD51d683aeb7730fac4246324290b2c8c11
SHA1a6c4c2503021f6104eadf28ac6a685c8891adca6
SHA25602a5448cb5983549f5c0739a68b92ddb7d1ec3486d1415ba0216c717221bf3b6
SHA512db59178803cbe0ae890b92bc8d174fedc3a6621d0ecb168ea21eee773169e4cea6c2de70b668edc04b9233c47cf81238ec0b3bddf1fded5afc06a31d0cd87345
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HHFC1QXP\favicon16[1].pngFilesize
503B
MD5ad98355e85075a8ebc15a01f875e1aab
SHA1de8398fdfeb3bbd48a58a8b12453e1fee61e5f2d
SHA2566a437098dcbb8a0354ae28a5f7825685f471c13cecb83186cc950844df7c76c4
SHA5121b5d5402256ec3ccc20f1b1b635a9ea16131c2aec49c94105c8b7d3e32c9bfd45e937bde8af35ced6b22f39526de2672ba145ec43f49aba4d7a66da79e13819a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q8Z4HTQM\suggestions[1].en-USFilesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD5180d3cb344bf932c86207a843c5c0fb8
SHA1f30615dc38c4ff94769515523243c07e550de088
SHA256e23705a1a01b97d63ae0ab344ab5dc8bb2cc473299171e6e5de0e8052dafb9b6
SHA512d0a7d0335c58f2b0b9511fd15118cc09cddb26b9e386486316f88f8183ccd28a20c842ca133192ce9f7095731922b33a90eec71258729c97a94c917ffdef6324
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\18d55033-4e70-4828-bd36-f6998a3f8f12Filesize
10KB
MD5f4b41c8ce060956e00612913a43063af
SHA1671e8f59d39f1603b0b76c64cb3f01db44f40abe
SHA256c04dd2fc5d82e9e653beaac14d518d8009d2545465f150429dcd900a31d8bd99
SHA512de1da99961ddd9827052d3d00b79cc2e4a5046759cc4ad27fce4c9496e285a7485e2a7a484dba1e15ee82fe27429da1dff863a8b2b4949404887d9e4aa8ea8df
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\90281f60-2055-4f97-a200-28734f39c546Filesize
746B
MD5626526a6285196d54dc32c713dcb428a
SHA18c488884213994e02a471ae0e5649a83583df00e
SHA25626bf28cf79db50b3fa737fe10e2819d48d8b10fda5890117ad12c4b7a0fe6c60
SHA5129d79173caab7216dfb9e647ac4372cbebe8048f9e92db36ff2d55676345fb629deaf9bee9f51b3ebed1f5989398560529ad0aa7b6d69573a9fd834f2ffb76d48
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.jsFilesize
6KB
MD55d58092a5872b07799390ef3410ff124
SHA1ef57ffbde6798dc98983f97c506340feec2a8728
SHA256ddc04b294a38653f1ae3e9c3f7fd4d1f5d34a4eb5d72325c5a3b6303ce84ba20
SHA512775a8383cc3c40906482ae721eebdda77d536ef636354150e28e59a03c669c5a1e3f6154bdfbf796666814d905190fe8284b6c6f13bcc1a0ab4e49d351434a37
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.jsFilesize
6KB
MD5e122861b18adf899d2f317113f668e5e
SHA166938eac1e1f175634cc484f7800801af0100437
SHA256891729013a34f34aeb54223b0e9b6c6454f9ffa554b273280f03a939adb59dce
SHA5120c87519bf61f331fbb1eadd3b4a2787d5d466b2d5ea5e176cd3129005066e9174a27f4881a132eee6d04557a9a0c0699d795a330b97e90f160d05c7ce3c673cd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.jsFilesize
6KB
MD53af08589606e507a98367ed84ed30b56
SHA1e61d0bdf8f3bfdd08a59f8c45e5c074f002fee9c
SHA256395b4b85072dfd65c0129e30f7c476cc4a53fca3320e7bf043d13abdc3bf1787
SHA512d5781f778f74aa9b15667fa366efef9999af75bfe8cd0a8ffe75df873f5bdebcb59da1e2c30e8b0c1d3426df985342805551aea201236715d4cbcc63bfde0b6a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4Filesize
5KB
MD5b37c3fe3b5027c7287b97e35a7628778
SHA194aa59b3bdaef7c751b222a1d1e33d1158f4e448
SHA25648ab33ae18cff5cc966649866a4f7a7c285d02ee14a9086fa7a1d408c397e579
SHA51261031ef29f9f2e0cdc43a5a678814cd6078a75d28fc7a64af7b0d0c37faec04132995ba522c4dac7ba7b54e4ea6c9bca1d2bc1800efa7d709245010126dcaaca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4Filesize
5KB
MD5997f99f90ca3c6fc3e73bbe50088c12c
SHA103cccbbd7591bc34562351882c0c95ace00a8e5d
SHA256c5bbc30ae67e3e7334cc95d60eadfe07c553b24453cfe9f2d79083d5ad84c6fe
SHA5121fa0e1af868779c04dd99b35bf13ce96606437022ef515d118959bbc3ab519050aafa3c1089e740174be8e74c0767a3a6b9e794ea3d36bc0b4d59df471cd864c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4Filesize
4KB
MD57d325cfc5ac13ac77e88cd4d74c35124
SHA1188cea972eedc17b4ffa90c6f1a481a800934be7
SHA256ab32d83d1cb9b591dadfa52f05466e9f1363bf31d2572984d3bd2624b0799736
SHA512facfe4058cab4de7e501896945e4a96ec9be60ed6fedbe0804f369c0bec2923443317cc1082775e34c7a2e8ff167d867cb9624ed514c1249a19525c550303a32
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
184KB
MD50d0013d9708d9fef539adc917f5b87f6
SHA15e071e6b4d8abf007c8bb78ee948caf5bb0439e1
SHA256f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b
SHA512851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388
-
C:\Users\Admin\Downloads\skcrypt.exeFilesize
78KB
MD5c1e35d14d5a86e9c2fa58365a739bb31
SHA1772ac314ebc067f88286adb5714e4fec45beaa1a
SHA256ef69dfb3dff0ee231d311679f7c9d20ee125c466268b01a23ecb6764808898b9
SHA512118594c7ac7c8ac7e7c871759a5fa1d2dbb8dcc421de437eb16ff869bf6a2eeccc12c4d76160bef3ab6f13c511c78092066879207a4d07c5618b6af28646573a
-
C:\Users\Admin\Downloads\skcrypt.rQGoQNfd.exe.partFilesize
4KB
MD54de28cef69cafd0798cdbb7761a5729d
SHA1e64370649c47224c6b24831868d88223e691b8cc
SHA2569cda46e983f63dc69213424d81c043280d0fab1c6fc8557e73325e0dfa8dba2f
SHA5128829b03c6b5ed4656b3c23fb27c66e54221f3d4e16f324596e549774bdcd80b475eba6cdae760f7f527d18b4237b40bc4588588c720ce04281976516fc36b280
-
memory/392-617-0x000002EE6CDB0000-0x000002EE6D2D6000-memory.dmpFilesize
5.1MB
-
memory/392-616-0x000002EE6C5B0000-0x000002EE6C772000-memory.dmpFilesize
1.8MB
-
memory/392-615-0x000002EE51F80000-0x000002EE51F98000-memory.dmpFilesize
96KB
-
memory/1012-291-0x000001FA27CC0000-0x000001FA27CE0000-memory.dmpFilesize
128KB
-
memory/1012-240-0x000001FA17510000-0x000001FA17610000-memory.dmpFilesize
1024KB
-
memory/1012-286-0x000001FA27C20000-0x000001FA27C40000-memory.dmpFilesize
128KB
-
memory/1616-45-0x00000222C8C20000-0x00000222C8D20000-memory.dmpFilesize
1024KB
-
memory/2584-35-0x0000018E8FC90000-0x0000018E8FC92000-memory.dmpFilesize
8KB
-
memory/2584-728-0x0000018E8FCE0000-0x0000018E8FCE1000-memory.dmpFilesize
4KB
-
memory/2584-732-0x0000018E8FAF0000-0x0000018E8FAF1000-memory.dmpFilesize
4KB
-
memory/2584-725-0x0000018E91900000-0x0000018E91902000-memory.dmpFilesize
8KB
-
memory/2584-136-0x0000018E995D0000-0x0000018E995D1000-memory.dmpFilesize
4KB
-
memory/2584-137-0x0000018E995E0000-0x0000018E995E1000-memory.dmpFilesize
4KB
-
memory/2584-16-0x0000018E92920000-0x0000018E92930000-memory.dmpFilesize
64KB
-
memory/2584-0-0x0000018E92820000-0x0000018E92830000-memory.dmpFilesize
64KB
-
memory/5096-60-0x0000026C49900000-0x0000026C49A00000-memory.dmpFilesize
1024KB
-
memory/5096-327-0x0000026C49900000-0x0000026C49A00000-memory.dmpFilesize
1024KB
-
memory/5096-67-0x0000026C497B0000-0x0000026C497B2000-memory.dmpFilesize
8KB
-
memory/5096-115-0x0000026C5C310000-0x0000026C5C312000-memory.dmpFilesize
8KB
-
memory/5096-62-0x0000026C49760000-0x0000026C49762000-memory.dmpFilesize
8KB
-
memory/5096-119-0x0000026C5C340000-0x0000026C5C342000-memory.dmpFilesize
8KB
-
memory/5096-65-0x0000026C49790000-0x0000026C49792000-memory.dmpFilesize
8KB
-
memory/5096-121-0x0000026C5C360000-0x0000026C5C362000-memory.dmpFilesize
8KB
