Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-1703-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    135s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13-06-2024 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/RVPzaO

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1MDMzODQzOTQwMDc4MzkxMw.GfV_yu.HzWF6ZcJaz7Yw87TGxUFSwuo14lozuMNlgXOaA

  • server_id

    1243114572278141000

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Drops file in Windows directory 6 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 47 IoCs
  • Suspicious use of SendNotifyMessage 46 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://gofile.io/d/RVPzaO"
    1⤵
      PID:4572
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2584
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:4780
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4116
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1616
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:5096
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:1700
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1012
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:5100
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4588
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.0.497840594\1799414579" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4aae818-107b-4741-8410-7a368c58adf3} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 1828 14fd5ef4558 gpu
          3⤵
            PID:60
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.1.358750845\222648262" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2164 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b50a149a-3211-4ead-a6ec-8dfb2874d87f} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 2180 14fd5e03e58 socket
            3⤵
            • Checks processor information in registry
            PID:3620
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.2.1409832301\1582235655" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2896 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d8d2ee-5c24-4389-9f68-f0b57b890b23} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 2868 14fd5e5e158 tab
            3⤵
              PID:428
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.3.1975653109\1216459858" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4051857-eab3-4fff-a6cc-cd07aa09d5bc} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 3528 14fd86f2a58 tab
              3⤵
                PID:4404
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.4.1760189678\1819340115" -childID 3 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08141ed2-eae6-4a39-8059-50cfc127c591} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 3892 14fdb3af758 tab
                3⤵
                  PID:5180
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.5.1663639183\1103121469" -childID 4 -isForBrowser -prefsHandle 4852 -prefMapHandle 4904 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfc6a7b2-edf6-4dbf-819e-3d270f7c26fa} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 4844 14fdc885958 tab
                  3⤵
                    PID:5948
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.6.1144153019\1641060523" -childID 5 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a74eccec-bae7-4095-8b50-d10ba2d3b06d} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 5144 14fdc976158 tab
                    3⤵
                      PID:5956
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.7.1737797071\1653838769" -childID 6 -isForBrowser -prefsHandle 5348 -prefMapHandle 4880 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {377566f8-1078-4ead-baab-db66fb4d8d96} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 5336 14fdc977358 tab
                      3⤵
                        PID:5964
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.8.2021948642\650235736" -childID 7 -isForBrowser -prefsHandle 5684 -prefMapHandle 5692 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db7c9ba6-1432-48b9-9e51-166b6de491ed} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 5436 14fddd66358 tab
                        3⤵
                          PID:5720
                        • C:\Users\Admin\Downloads\skcrypt.exe
                          "C:\Users\Admin\Downloads\skcrypt.exe"
                          3⤵
                          • Executes dropped EXE
                          • Suspicious use of AdjustPrivilegeToken
                          PID:392
                    • C:\Windows\system32\taskmgr.exe
                      "C:\Windows\system32\taskmgr.exe" /4
                      1⤵
                      • Drops file in Windows directory
                      • Checks SCSI registry key(s)
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:5776

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
                      Filesize

                      4KB

                      MD5

                      1bfe591a4fe3d91b03cdf26eaacd8f89

                      SHA1

                      719c37c320f518ac168c86723724891950911cea

                      SHA256

                      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

                      SHA512

                      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml
                      Filesize

                      74KB

                      MD5

                      d4fc49dc14f63895d997fa4940f24378

                      SHA1

                      3efb1437a7c5e46034147cbbc8db017c69d02c31

                      SHA256

                      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                      SHA512

                      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\bootstrap-icons[1].css
                      Filesize

                      93KB

                      MD5

                      06cb502613f99040e534fec65fa725c7

                      SHA1

                      03006f32792e033497e9ca68373b6c3386305933

                      SHA256

                      e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f

                      SHA512

                      734faf4aff6d9c64b87f3c1320114f71d099d10c0ff9a4de3ef65e009918a5b8faecabd0e7e56b2630e1de58a5e3c2c82c9c6120241feba750f2dfc12723a8fe

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\bootstrap.min[1].css
                      Filesize

                      190KB

                      MD5

                      16b20908101acc6624cb9446fcac64a1

                      SHA1

                      b7cd57a4fd6a1fae6126150f427ef217397293e4

                      SHA256

                      2933c96348a4eae7cbbf8f280ca0981586a9b5c097ef952b996cad7d28f2fad0

                      SHA512

                      b22c1efe85cc8528c60b02e7fac72b68f396ac9c4795480c04c65774f7b64e7937234c771120a82f3ed66793531fa499af2c0c63e3c1d5c8f2a89e63025b823a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\warmup[2].gif
                      Filesize

                      43B

                      MD5

                      325472601571f31e1bf00674c368d335

                      SHA1

                      2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

                      SHA256

                      b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

                      SHA512

                      717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\RVPzaO[1].htm
                      Filesize

                      9KB

                      MD5

                      ffb61b4ca45ab3d92871c042cdddff35

                      SHA1

                      1af12b370063bcb21f01aed46d4868fbcdc8acbf

                      SHA256

                      1fb3591a803c615833528204afae0024ab6446adb6b661c395a60289eff524f7

                      SHA512

                      85731e41e94dbe5e8ba71d124f6320ad6ed7930b4b2552669ccec971f1ee8da65b07d3036a8aef6efa3cf857517fe591d8acc051e52d0589dd90a02baf82d462

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\alljs[1].js
                      Filesize

                      222KB

                      MD5

                      cf3055f0a76de9b153d08b149f0ec5d0

                      SHA1

                      8d5da97d6c62532c6871f52c8731d4f17074e985

                      SHA256

                      9352feaf87550220dee9bca539cc054439b7b4c213d13c3244cb9b659dbbff8a

                      SHA512

                      e8fe847f7095033e9eb7d51168a12b09c3d4d3ce736edd985b03a735fd49b43ccb776046eaee4ebce0281a565200c875dee5491f62e9d6a92d0a74111c659075

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\bootstrap.bundle.min[1].js
                      Filesize

                      78KB

                      MD5

                      9afc1e0eba9521f29775ad2f6ace3f1f

                      SHA1

                      77bcf0c882fa4be8fbead35052c39a944f9035e3

                      SHA256

                      a85b2fe307777c8eb47f06a1eec399fcbddfe83d252fd202d3e1358051fcf27d

                      SHA512

                      d532b8863098e7e13d1f7af9fb4e5b1066ca1b22b9d3a59a0cf7cf7b5b3f8a1c118ebe8eb4be37cc92f338543eff372238d11dfaca7b2f0adf3829f2ba43d2b2

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\chart.umd.min[1].js
                      Filesize

                      194KB

                      MD5

                      0956511163142649b6cf52a819ca8641

                      SHA1

                      177174c1e7b5650cf3cf0c184077420f6b67abc7

                      SHA256

                      8706c07750059d4f474353cc469150fd09a539df6f8830ccf418c47709f25b36

                      SHA512

                      1828b09b30346cd195b29d68b734c9e0b5904f68e318910d2c6c8b95eae5cdc90d237d26a22d84413d007d123b7cb618603291fbb867ba1df9af7cb5b89cee83

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\customParseFormat[1].js
                      Filesize

                      3KB

                      MD5

                      17f04d7e2386c3ceeca2758bd27321fe

                      SHA1

                      8ecc81c22b1fb7af251ae237f84b76ce5892662a

                      SHA256

                      cb72289f70690b272267a0741402cdc3f4099ae40c834a13cb60a59f99fdc091

                      SHA512

                      9e4a524f47fafe0bc4a5e61e96dcbdaae13deef24dbbe96dbe04ad714b13fcaced790ae6f6b5e6c5033ccece4042f712be153143be5d333d780cb765eee633f8

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\dayjs.min[1].js
                      Filesize

                      6KB

                      MD5

                      fc50c4b32f73acd0ca4a31e0b94418b6

                      SHA1

                      4cd4b7159ca9e1de084a7d1ede12ad51a5d4651f

                      SHA256

                      11f24ea8272c8454bfd93c6102b511bb75a7f1bfd70c0e1f6cf58a4b067ed41f

                      SHA512

                      85c57a0d7df904a8224e2598ac980f6eedc5c52e82b028ca826aec3d1a543e45d66ef3e22b1bd2552761597d325dc3dcb4e236149e163fa375cc7fb5ec1fec00

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\marked.min[1].js
                      Filesize

                      43KB

                      MD5

                      a50d303b83ec6ced6c105da710623629

                      SHA1

                      04f3659d853b57d6e608909960d4f1f4c0f01c04

                      SHA256

                      d10fcd57fbc3eb87320fe1469bcb522ded6c480f48ed51c511ef6da20f165760

                      SHA512

                      84f825fdf56aa5b9b3dbd5af65d74609c3c34bcad4778193d837d1188437fbbac660540df01629dc1977f4e831f7731160854dfae617e088310cfe39a3d79c4d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\plyr[1].js
                      Filesize

                      108KB

                      MD5

                      49ae56a37a5b8dca563256fb605f6260

                      SHA1

                      24a8c5bf85c8d1bc7a9586d998308c462e28cb71

                      SHA256

                      6729042fecd6e011c0ba45f807dc93fa750169d7ac57c14daa01069f14430f73

                      SHA512

                      508eaa76781046d439eb85c706c9c7307827efc23a5b7ebe085c173b9a38a32ed343d8916d14df105203922dee0fbe123d74ec185e4ca12fe7cec6d679a2a9b2

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\qrcode.min[1].js
                      Filesize

                      19KB

                      MD5

                      b33682b5a531b8617d4ee248926fba84

                      SHA1

                      be527be38f28d55217b02f818ca67987f433cada

                      SHA256

                      85bd0e28180f06b7f944d35dd07ef1ce75d6d9b63c2d70cb8e65f8b566c43db4

                      SHA512

                      5eda51cdcceea9ec42c8f3a6e462decc5847e74aac8dce4c0c190c0434c2abead936b7c836c5f1c8c76aaa25050169381a01effba7cf7d7f8f8be304b439adc8

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\sha256.min[1].js
                      Filesize

                      8KB

                      MD5

                      e5a5b331cf54c474203628eb9398470e

                      SHA1

                      6d2e5b6a22edb7d95e0ac7523d74f5f7013cb344

                      SHA256

                      7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a

                      SHA512

                      b33279152a3d8449975deedbe40515b67fd69cbf1ae55a1f9c57980b68b6cf4dee4b62e101c87b7b034b6e5e5f96c1264d38a630dd1e9c1660ff7b10f98392cd

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WJ79JOJ6\allcss[1].css
                      Filesize

                      1KB

                      MD5

                      3a6bf9ca7770a5ad5d8f3e95617fd15a

                      SHA1

                      dbe7076f2bf5f2baf9926d38a7f68c34d32959e2

                      SHA256

                      6cdae1b50efe90bd846a6f76213cfbe0f0e212a95dd60c31612b8baa2dbac931

                      SHA512

                      633c5eceaa2777cc414be3826eec3f67dfe8a1e2c0b11190d0166d111d3be9424e265216c59dfb6b7d334fa56e40cf2e9cfb5e4b089fc797901f20b04b797308

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WJ79JOJ6\plyr[1].css
                      Filesize

                      33KB

                      MD5

                      e039a23ea465d2de0388937695a7e724

                      SHA1

                      68e95d5b4060761fc2b0b58a593ebe7d661c52f9

                      SHA256

                      bc3b9c09bf69ce51b930e86a23c6f249f9cc6dc98a84fd278d4131c9ddd78f43

                      SHA512

                      5fedf2fbff555599108ae7bdaa86cb9d22537e46ecda50cbd7a25199338fba4bef35bfa813eba76b1b367fb8b93e2c1ee9952a55deff9f49daa189f22b5e0336

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WWQI7LX5\bootstrap-icons[1].woff2
                      Filesize

                      118KB

                      MD5

                      7f477633ddd12f84284654f2a2e89b8a

                      SHA1

                      17dad0776899ad1beadabd061c34e2a22b2cde74

                      SHA256

                      966620f9e3bec428663687f9e8d67a6b8e35d79adebf6fb204e9b139eada7599

                      SHA512

                      b46baa2a3ea38512f8b539774c751004cc866d085a9739f4c25f2ade9d97c10d6f4b20cf87dcbb6a003e0df0ca2df200f9036a4c76a013f24c57d365981f6e00

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WWQI7LX5\bootstrap-nightfall[1].css
                      Filesize

                      50KB

                      MD5

                      84952f98cccb079b3f36f29c0f2f7d8d

                      SHA1

                      92a207064b6cb9cb6104bd8b3dd1e1e3e789b26c

                      SHA256

                      d9a98b67c7edffef7138d578788a1c25310cd3561b94d8bce6999f40b0073186

                      SHA512

                      a052abb5bfeb8ece88ce62b46ecc920db7db71467f1433d96fdc13072ec4dc4a67f13853f4d14e8f5794d9fbc58cbe1bf94e9f3a2afb7dfbdcecc2af2046bc37

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\FR9BN32Y\www.bing[1].xml
                      Filesize

                      6KB

                      MD5

                      1d683aeb7730fac4246324290b2c8c11

                      SHA1

                      a6c4c2503021f6104eadf28ac6a685c8891adca6

                      SHA256

                      02a5448cb5983549f5c0739a68b92ddb7d1ec3486d1415ba0216c717221bf3b6

                      SHA512

                      db59178803cbe0ae890b92bc8d174fedc3a6621d0ecb168ea21eee773169e4cea6c2de70b668edc04b9233c47cf81238ec0b3bddf1fded5afc06a31d0cd87345

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HHFC1QXP\favicon16[1].png
                      Filesize

                      503B

                      MD5

                      ad98355e85075a8ebc15a01f875e1aab

                      SHA1

                      de8398fdfeb3bbd48a58a8b12453e1fee61e5f2d

                      SHA256

                      6a437098dcbb8a0354ae28a5f7825685f471c13cecb83186cc950844df7c76c4

                      SHA512

                      1b5d5402256ec3ccc20f1b1b635a9ea16131c2aec49c94105c8b7d3e32c9bfd45e937bde8af35ced6b22f39526de2672ba145ec43f49aba4d7a66da79e13819a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q8Z4HTQM\suggestions[1].en-US
                      Filesize

                      17KB

                      MD5

                      5a34cb996293fde2cb7a4ac89587393a

                      SHA1

                      3c96c993500690d1a77873cd62bc639b3a10653f

                      SHA256

                      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                      SHA512

                      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      180d3cb344bf932c86207a843c5c0fb8

                      SHA1

                      f30615dc38c4ff94769515523243c07e550de088

                      SHA256

                      e23705a1a01b97d63ae0ab344ab5dc8bb2cc473299171e6e5de0e8052dafb9b6

                      SHA512

                      d0a7d0335c58f2b0b9511fd15118cc09cddb26b9e386486316f88f8183ccd28a20c842ca133192ce9f7095731922b33a90eec71258729c97a94c917ffdef6324

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\18d55033-4e70-4828-bd36-f6998a3f8f12
                      Filesize

                      10KB

                      MD5

                      f4b41c8ce060956e00612913a43063af

                      SHA1

                      671e8f59d39f1603b0b76c64cb3f01db44f40abe

                      SHA256

                      c04dd2fc5d82e9e653beaac14d518d8009d2545465f150429dcd900a31d8bd99

                      SHA512

                      de1da99961ddd9827052d3d00b79cc2e4a5046759cc4ad27fce4c9496e285a7485e2a7a484dba1e15ee82fe27429da1dff863a8b2b4949404887d9e4aa8ea8df

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\90281f60-2055-4f97-a200-28734f39c546
                      Filesize

                      746B

                      MD5

                      626526a6285196d54dc32c713dcb428a

                      SHA1

                      8c488884213994e02a471ae0e5649a83583df00e

                      SHA256

                      26bf28cf79db50b3fa737fe10e2819d48d8b10fda5890117ad12c4b7a0fe6c60

                      SHA512

                      9d79173caab7216dfb9e647ac4372cbebe8048f9e92db36ff2d55676345fb629deaf9bee9f51b3ebed1f5989398560529ad0aa7b6d69573a9fd834f2ffb76d48

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      5d58092a5872b07799390ef3410ff124

                      SHA1

                      ef57ffbde6798dc98983f97c506340feec2a8728

                      SHA256

                      ddc04b294a38653f1ae3e9c3f7fd4d1f5d34a4eb5d72325c5a3b6303ce84ba20

                      SHA512

                      775a8383cc3c40906482ae721eebdda77d536ef636354150e28e59a03c669c5a1e3f6154bdfbf796666814d905190fe8284b6c6f13bcc1a0ab4e49d351434a37

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      e122861b18adf899d2f317113f668e5e

                      SHA1

                      66938eac1e1f175634cc484f7800801af0100437

                      SHA256

                      891729013a34f34aeb54223b0e9b6c6454f9ffa554b273280f03a939adb59dce

                      SHA512

                      0c87519bf61f331fbb1eadd3b4a2787d5d466b2d5ea5e176cd3129005066e9174a27f4881a132eee6d04557a9a0c0699d795a330b97e90f160d05c7ce3c673cd

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      3af08589606e507a98367ed84ed30b56

                      SHA1

                      e61d0bdf8f3bfdd08a59f8c45e5c074f002fee9c

                      SHA256

                      395b4b85072dfd65c0129e30f7c476cc4a53fca3320e7bf043d13abdc3bf1787

                      SHA512

                      d5781f778f74aa9b15667fa366efef9999af75bfe8cd0a8ffe75df873f5bdebcb59da1e2c30e8b0c1d3426df985342805551aea201236715d4cbcc63bfde0b6a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      5KB

                      MD5

                      b37c3fe3b5027c7287b97e35a7628778

                      SHA1

                      94aa59b3bdaef7c751b222a1d1e33d1158f4e448

                      SHA256

                      48ab33ae18cff5cc966649866a4f7a7c285d02ee14a9086fa7a1d408c397e579

                      SHA512

                      61031ef29f9f2e0cdc43a5a678814cd6078a75d28fc7a64af7b0d0c37faec04132995ba522c4dac7ba7b54e4ea6c9bca1d2bc1800efa7d709245010126dcaaca

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      5KB

                      MD5

                      997f99f90ca3c6fc3e73bbe50088c12c

                      SHA1

                      03cccbbd7591bc34562351882c0c95ace00a8e5d

                      SHA256

                      c5bbc30ae67e3e7334cc95d60eadfe07c553b24453cfe9f2d79083d5ad84c6fe

                      SHA512

                      1fa0e1af868779c04dd99b35bf13ce96606437022ef515d118959bbc3ab519050aafa3c1089e740174be8e74c0767a3a6b9e794ea3d36bc0b4d59df471cd864c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4
                      Filesize

                      4KB

                      MD5

                      7d325cfc5ac13ac77e88cd4d74c35124

                      SHA1

                      188cea972eedc17b4ffa90c6f1a481a800934be7

                      SHA256

                      ab32d83d1cb9b591dadfa52f05466e9f1363bf31d2572984d3bd2624b0799736

                      SHA512

                      facfe4058cab4de7e501896945e4a96ec9be60ed6fedbe0804f369c0bec2923443317cc1082775e34c7a2e8ff167d867cb9624ed514c1249a19525c550303a32

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      184KB

                      MD5

                      0d0013d9708d9fef539adc917f5b87f6

                      SHA1

                      5e071e6b4d8abf007c8bb78ee948caf5bb0439e1

                      SHA256

                      f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b

                      SHA512

                      851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

                      Download Submit

                    • C:\Users\Admin\Downloads\skcrypt.exe
                      Filesize

                      78KB

                      MD5

                      c1e35d14d5a86e9c2fa58365a739bb31

                      SHA1

                      772ac314ebc067f88286adb5714e4fec45beaa1a

                      SHA256

                      ef69dfb3dff0ee231d311679f7c9d20ee125c466268b01a23ecb6764808898b9

                      SHA512

                      118594c7ac7c8ac7e7c871759a5fa1d2dbb8dcc421de437eb16ff869bf6a2eeccc12c4d76160bef3ab6f13c511c78092066879207a4d07c5618b6af28646573a

                      Download Submit

                    • C:\Users\Admin\Downloads\skcrypt.rQGoQNfd.exe.part
                      Filesize

                      4KB

                      MD5

                      4de28cef69cafd0798cdbb7761a5729d

                      SHA1

                      e64370649c47224c6b24831868d88223e691b8cc

                      SHA256

                      9cda46e983f63dc69213424d81c043280d0fab1c6fc8557e73325e0dfa8dba2f

                      SHA512

                      8829b03c6b5ed4656b3c23fb27c66e54221f3d4e16f324596e549774bdcd80b475eba6cdae760f7f527d18b4237b40bc4588588c720ce04281976516fc36b280

                      Download Submit

                    • memory/392-617-0x000002EE6CDB0000-0x000002EE6D2D6000-memory.dmp

                      Filesize

                      5.1MB

                      Download

                    • memory/392-616-0x000002EE6C5B0000-0x000002EE6C772000-memory.dmp

                      Filesize

                      1.8MB

                      Download

                    • memory/392-615-0x000002EE51F80000-0x000002EE51F98000-memory.dmp

                      Filesize

                      96KB

                      Download

                    • memory/1012-291-0x000001FA27CC0000-0x000001FA27CE0000-memory.dmp

                      Filesize

                      128KB

                      Download

                    • memory/1012-240-0x000001FA17510000-0x000001FA17610000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/1012-286-0x000001FA27C20000-0x000001FA27C40000-memory.dmp

                      Filesize

                      128KB

                      Download

                    • memory/1616-45-0x00000222C8C20000-0x00000222C8D20000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/2584-35-0x0000018E8FC90000-0x0000018E8FC92000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/2584-728-0x0000018E8FCE0000-0x0000018E8FCE1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2584-732-0x0000018E8FAF0000-0x0000018E8FAF1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2584-725-0x0000018E91900000-0x0000018E91902000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/2584-136-0x0000018E995D0000-0x0000018E995D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2584-137-0x0000018E995E0000-0x0000018E995E1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2584-16-0x0000018E92920000-0x0000018E92930000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/2584-0-0x0000018E92820000-0x0000018E92830000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/5096-60-0x0000026C49900000-0x0000026C49A00000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/5096-327-0x0000026C49900000-0x0000026C49A00000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/5096-67-0x0000026C497B0000-0x0000026C497B2000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5096-115-0x0000026C5C310000-0x0000026C5C312000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5096-62-0x0000026C49760000-0x0000026C49762000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5096-119-0x0000026C5C340000-0x0000026C5C342000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5096-65-0x0000026C49790000-0x0000026C49792000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5096-121-0x0000026C5C360000-0x0000026C5C362000-memory.dmp

                      Filesize

                      8KB

                      Download