Malware Analysis Report

2024-11-15 07:47

Sample ID 240619-rnns9swgkm
Target https://cdn.discordapp.com/attachments/1239648177007624202/1242214561080410272/DiscordGiftCodeBruteForcer.exe?ex=6673ea36&is=667298b6&hm=d55c63c88970cfcfd5a735244186b2092697930472b18d830c8f4baa0adfa9d3&
Tags
pyinstaller
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://cdn.discordapp.com/attachments/1239648177007624202/1242214561080410272/DiscordGiftCodeBruteForcer.exe?ex=6673ea36&is=667298b6&hm=d55c63c88970cfcfd5a735244186b2092697930472b18d830c8f4baa0adfa9d3& was found to be: Likely malicious.

Malicious Activity Summary

pyinstaller

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Detects Pyinstaller

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Opens file in notepad (likely ransom note)

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-19 14:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 14:20

Reported

2024-06-19 14:50

Platform

win10v2004-20240611-en

Max time kernel

1680s

Max time network

1685s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1239648177007624202/1242214561080410272/DiscordGiftCodeBruteForcer.exe?ex=6673ea36&is=667298b6&hm=d55c63c88970cfcfd5a735244186b2092697930472b18d830c8f4baa0adfa9d3&

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 488287.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 35 N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
Token: 35 N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: 35 N/A C:\Windows\system32\svchost.exe N/A
Token: 35 N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A
Token: 35 N/A C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1012 wrote to memory of 2116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 2116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1012 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1239648177007624202/1242214561080410272/DiscordGiftCodeBruteForcer.exe?ex=6673ea36&is=667298b6&hm=d55c63c88970cfcfd5a735244186b2092697930472b18d830c8f4baa0adfa9d3&

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbf60746f8,0x7ffbf6074708,0x7ffbf6074718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8

C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe

"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"

C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe

"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pause

C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe

"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"

C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe

"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pause

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\proxies.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\hits.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe

"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"

C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe

"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"

C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe

"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"

C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe

"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

\??\pipe\LOCAL\crashpad_1012_NRGKKAXKUVVNCQCW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 28a8e9abaca2a3b29ededabfad6267b3
SHA1 510ee7e30b51b32f345bee03dcd85e4b806fafe4
SHA256 1b15959a8f1c84c928d8ba262af5a738ba1c4250573d7ac9c1ddc369279744a8
SHA512 bee4760118b483e09cfa9d0acf0f2fc19016af2aca8c60b4d3cdf59b4c60c3b184c2ca632e5021b742f6589e4c3d4f2aaba0572fad2b4a978b9ecc82a546d83b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\Unconfirmed 488287.crdownload

MD5 1dd5d71552b8ec78b9056be86119e9c4
SHA1 b54998ef726b9840eb71227f68896ef52a3d1a09
SHA256 d44023ff21143bdb829f1098fba8371d2b41098b7a0277f7103e4f77540f9c34
SHA512 3b996fbf0412e2792ddf6d37e39078351e9451529e37f7cc9be1a0d9c53c6435557cb0a5255ebea592ffe604bdb30ffc108aa2e1e90b9452043d3921f67a4a23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\139be4aa-8477-402e-8b16-cc8975559901.tmp

MD5 32ad7669f64df152349e05fc84414cbc
SHA1 f6f8057ca66abd2ea23b282d8bd6b25328152810
SHA256 306aade45b64b6f6480a960b9b18dcd6da2388431ffc6b00d59d5351d10d04df
SHA512 d06b02428b66bca3449db232a789f95d55ff970819f3d42860b0afcd911221c8f5304e94fbd9381a2408e6f4bcbde74e73f138d084e101b3cea2555f2396f4e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0b7db5fe61ee106820eca8d0f6a2b11
SHA1 925a4943fd69e0f828fd2e0497e5ac6166d6ac39
SHA256 f5c69bd686db1f681cf153b3df95a820d8a5cfe29508537ba7fe6a6b75df8042
SHA512 c953b9a714fdb1d392d3440699fa60f274b2deaeb32520f04db2b9f147e934e3d5bbf2c5758f034778bd152d208c835fa78757f2662874a41d8eece5cb889c6d

C:\Users\Admin\AppData\Local\Temp\_MEI50242\python36.dll

MD5 5ad92cd8ea4f899ad63d2cb442099737
SHA1 7889e4ff08389053e3d434742df023ebd2767cf1
SHA256 5d76cd4d993b02c8cb8bba34d03ad9be1698e26b3cdb51a4c13a637558b4a68c
SHA512 aa90b57c066a6b15276b7a1842a168d7ce471b08c71756a1a9fafba3e1c2ecfd007d8ce996ac611e2822ee614029a975ff5ad3126b9fad2ce321fbced563dbbb

C:\Users\Admin\AppData\Local\Temp\_MEI50242\DiscordGiftCodeBruteForcer.exe.manifest

MD5 b4f99cb5db04feee991937c3d0561de2
SHA1 55e5e7982a4f3a4596a132001bee409e5f42a4b2
SHA256 0ce2b4dec822694d469c40d331829083ab1f9203e09db329cda2de7c01a68469
SHA512 b80e5b317ff54269d61eb43dd45e645f1271f49f58b9347e32edc5f0905f5eba84818fdb3648127b5e650f46e5b97fd287cc11337a2b0d7dde5feeab4fc0748c

C:\Users\Admin\AppData\Local\Temp\_MEI50242\VCRUNTIME140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Users\Admin\AppData\Local\Temp\_MEI50242\_ctypes.pyd

MD5 f5d2650f9226d17671ca10c453b0fb9b
SHA1 e47e33a740e65ac29e7f779128967fe25be19869
SHA256 9e79b96f69cd2fb0da753359699431e922d6f3d68a073b7e86b7d57dce221617
SHA512 d90c6ff9cda0a9e25c8512ac62db044e63730591de334f14422b7ec543882675bcc51092992f44304c55fd5a7433d75426fb21845ee061b7053f7bfc3317a073

C:\Users\Admin\AppData\Local\Temp\_MEI50242\select.pyd

MD5 b35525165a7d2d4340a583de73719571
SHA1 b5ae07d461e91ccbc2ecbd3ce74c90f6d3757f3c
SHA256 f407806704d6fac51554d581e078344b089013e7c2fa3dbf4440246a498a82c3
SHA512 40af07025de6f3569c2466c3d146e14443e3f00f1c21ac302e8f685b6b73abdaad0d1178a8d867230e3635337136e0f7b2bdb04fa50224b21aceccb5e1bb0a2f

C:\Users\Admin\AppData\Local\Temp\_MEI50242\_ssl.pyd

MD5 1f20676f86cafd39263fb36e77175833
SHA1 757dad47b44b270d51f32f619f0362a7e5fe3b51
SHA256 7f7b7f4ed7eefd2cd2db15a5c36042bcb95f76af8c29d834d49d36b12a4beb60
SHA512 e30373c5924e9c8ec8f418bf871251fbdc34cabcf7a33aa0b5f721f7923f4144e0febf9a9b3c83684f2899dd7fe7dae077bfc44bf96db53d083845d2ca20d970

C:\Users\Admin\AppData\Local\Temp\_MEI50242\_hashlib.pyd

MD5 571f6da010e273428c3b20cd98e4f3f2
SHA1 8b7df1c7f150c44a32c38c9497d9b0d86576d17d
SHA256 b3937480942b42b591453826fe5600e4af08a60c56e5c960ee91c05e3c10a770
SHA512 c4b30709a4ada16df89f4b4e6504b38f7d8de1da6bd64f4728bdc4627f447eca311e82c1fe826c39001fe799259975ac2e41b05847681cc37a2346d78080e88e

C:\Users\Admin\AppData\Local\Temp\_MEI50242\unicodedata.pyd

MD5 3a6da8ace7fe6c708b58fffce1d4e93c
SHA1 7ddb16a5988485d5e8eca20f1890827895937a83
SHA256 1c421c15e69508d1036ce5a670360b988cea16abc4f2a8e069ba877fa917aef7
SHA512 da163f5daf9e0faea1ca0c428a8f902afde341ce5793c83cc0a10086170b21b3385fc570c0fabf2c0dec7cb929b7b465872c9db33f149a75cf4ab80bde69dba3

C:\Users\Admin\AppData\Local\Temp\_MEI50242\_lzma.pyd

MD5 083b382d8f5b11ba384965349787a661
SHA1 b1f16395d9eadb0921530edee7dcf279ff6db3a2
SHA256 792c63be95ffa45d699403399ff0bbae87fbf1699103978cf7f2e93e9f91784a
SHA512 2df67d680fa529c85636d164b0a401fb3ae0afbec8a263c6db71f68050aea033d2a4ca1cb1f3eb003b06497a9b4d6de8f9400c4cd3bec6308718b4db8e5a1fad

C:\Users\Admin\AppData\Local\Temp\_MEI50242\cryptography\hazmat\bindings\_openssl.cp36-win_amd64.pyd

MD5 6ed5a5101b7e4c0ec64786f1506915c7
SHA1 c9df61f2d46d8cb4be237c5092fc6cdfe950853d
SHA256 1e89f6a6925e97a91cf3c1b3e4721cc1289fe145824ade042acfce94e5f3f1ec
SHA512 6f9deeb2639da24272a9218ba6b4ced6f8dd8234b5fa68c1eec34225e7f3138239fa1406af3bc97dd5b8470aa0d45b569fcf1a352a4ffa291254d5b0b1213a75

C:\Users\Admin\AppData\Local\Temp\_MEI50242\_cffi_backend.cp36-win_amd64.pyd

MD5 67906bd5a2a22579d94e60d671b978ac
SHA1 03d8833f41d5d6ab5c7846ce04cbf93eff17e751
SHA256 7c6c476147e5c48645aab10afd4474a153b37d9ca243f456f84e9ef215b490c0
SHA512 47242101219573a0470bac9fa35765be89ffedfe4ba0fc3cbe13ee6fcc231e6a92c7ab7204ec82fe9ac25e9325b361bbe4df9a0f58ce6d0b2641ffe3684f774e

C:\Users\Admin\AppData\Local\Temp\_MEI50242\cryptography\hazmat\bindings\_constant_time.cp36-win_amd64.pyd

MD5 eaaebf3d22e1dd483d6e8b7009f0fb13
SHA1 b4c1ed0bdd683e03849312822c626489ca0d3ccc
SHA256 97f9f16a2b799288c51a698620ebd39a5a4d65509bc3a12784f80763623c822b
SHA512 247dd56112cc5789a5a391d037b81c128adec27618d53902a040efdc68869fccf31440ba0b7e69b0c305e82880fd630aae2c895dc0afe5425e48ac51972bea46

C:\Users\Admin\AppData\Local\Temp\_MEI50242\_bz2.pyd

MD5 6e22d22c5edb0327d58a62a16d2633e8
SHA1 8564b7bed2e1b4f256dd96d26e7415d778285c54
SHA256 319b0a8417f2d95a96b23ef6746ac02865059072214a1b3b9e3ef8c4096e38b7
SHA512 1efbf211c3af3e6a2eab9e1799f82138d1dc6518044a49fbf9e296bab92c4c4b69948d8834e7c68422bf4982abcda8fddb2de9cdc50bb66b90e0a58a1bc2519e

C:\Users\Admin\AppData\Local\Temp\_MEI50242\_socket.pyd

MD5 066722e8118f2b864b92826eea77d6c9
SHA1 f9da490850ff04882863ca20f745e7f1f8e3ba39
SHA256 573854cd21c2514c138a167aec4d4334c6e1658c37ca779d8b907f596f127c24
SHA512 3719644b243cdfd4fe568e1d1f6494a2db8de963da2075e47d86102e4ecc180256e030bc39abe5ba120990d6b04151655200d7d21cb42ccf891e7f72a2f8d9c0

C:\Users\Admin\AppData\Local\Temp\_MEI50242\base_library.zip

MD5 45c2980781a10d22d5212d9a942311a0
SHA1 7d4121369cf859ea4394ebefea4a888fc8264b27
SHA256 bf61051bb15c99f8bedb99b107a870e7caf0848452868a633e8b3812dc1ad390
SHA512 808e35766f605439eaa1944dbbafddcbe707b93cc824b480c2719b3aff52bb2abd445b10f944a79641cc847bc6182a3d9188d2c18c9feb898979924b60375fe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7e44a97d1e4d061cc91d3a5e14917d32
SHA1 63d1af472dd64302685abf744e324fd336f92a1b
SHA256 cfb9837f5a6336fc78a83079176338a29b758f322598beb067c0dc5a4b0bb3de
SHA512 eb96805d186f3bd47b47451929bd2f3728bfe49ce43ef9617cbd20903c53058cb0f0b87b398e394bdddf7a83d5ffc137c9504f35417e4c340b53f601ff6e94fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4698c5cbd02778ad9af9896ce3c7c33e
SHA1 2449a68bf739eba59b55082cfe1955ba75d7483a
SHA256 8b9b5a2adba8ed29fc16cbd826ed38d3ea709a1700a6c11e56aa67c477a15126
SHA512 d4e81cf3351e3d2fd7efef3a793078c8900bb0e9ff10803d669918b5848194675b4fc18fa47cc9c3ebb778605029855b876624d2621edf3592f43190b30db8c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 094ab275342c45551894b7940ae9ad0d
SHA1 2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e
SHA256 ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3
SHA512 19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a0d6f2d0c7949487619ead737e11b0ad
SHA1 59daa32611af3d234082e30a9e1bda50dfd44b4b
SHA256 7cbeb327ee267c994672b280dfed0868680177e49f8f29a1b6f26f061abfc856
SHA512 316205a4c011e9f6265698397bab0d8b80754d5bf2291611beb2f9b7ccea76b307e85890596371c1e635618581666c0c9ef8fef41a1b695a64cdd85d42d5ad73