Analysis Overview
Threat Level: Likely malicious
The file https://cdn.discordapp.com/attachments/1239648177007624202/1242214561080410272/DiscordGiftCodeBruteForcer.exe?ex=6673ea36&is=667298b6&hm=d55c63c88970cfcfd5a735244186b2092697930472b18d830c8f4baa0adfa9d3& was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Detects Pyinstaller
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Opens file in notepad (likely ransom note)
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 14:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 14:20
Reported
2024-06-19 14:50
Platform
win10v2004-20240611-en
Max time kernel
1680s
Max time network
1685s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
Loads dropped DLL
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 488287.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 35 | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
| Token: 35 | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: 35 | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
| Token: 35 | N/A | C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1239648177007624202/1242214561080410272/DiscordGiftCodeBruteForcer.exe?ex=6673ea36&is=667298b6&hm=d55c63c88970cfcfd5a735244186b2092697930472b18d830c8f4baa0adfa9d3&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbf60746f8,0x7ffbf6074708,0x7ffbf6074718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8
C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe
"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"
C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe
"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pause
C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe
"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"
C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe
"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pause
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\proxies.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\hits.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,653485151118221077,1373149800118466476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe
"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"
C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe
"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"
C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe
"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"
C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe
"C:\Users\Admin\Downloads\DiscordGiftCodeBruteForcer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_1012_NRGKKAXKUVVNCQCW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28a8e9abaca2a3b29ededabfad6267b3 |
| SHA1 | 510ee7e30b51b32f345bee03dcd85e4b806fafe4 |
| SHA256 | 1b15959a8f1c84c928d8ba262af5a738ba1c4250573d7ac9c1ddc369279744a8 |
| SHA512 | bee4760118b483e09cfa9d0acf0f2fc19016af2aca8c60b4d3cdf59b4c60c3b184c2ca632e5021b742f6589e4c3d4f2aaba0572fad2b4a978b9ecc82a546d83b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 488287.crdownload
| MD5 | 1dd5d71552b8ec78b9056be86119e9c4 |
| SHA1 | b54998ef726b9840eb71227f68896ef52a3d1a09 |
| SHA256 | d44023ff21143bdb829f1098fba8371d2b41098b7a0277f7103e4f77540f9c34 |
| SHA512 | 3b996fbf0412e2792ddf6d37e39078351e9451529e37f7cc9be1a0d9c53c6435557cb0a5255ebea592ffe604bdb30ffc108aa2e1e90b9452043d3921f67a4a23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\139be4aa-8477-402e-8b16-cc8975559901.tmp
| MD5 | 32ad7669f64df152349e05fc84414cbc |
| SHA1 | f6f8057ca66abd2ea23b282d8bd6b25328152810 |
| SHA256 | 306aade45b64b6f6480a960b9b18dcd6da2388431ffc6b00d59d5351d10d04df |
| SHA512 | d06b02428b66bca3449db232a789f95d55ff970819f3d42860b0afcd911221c8f5304e94fbd9381a2408e6f4bcbde74e73f138d084e101b3cea2555f2396f4e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0b7db5fe61ee106820eca8d0f6a2b11 |
| SHA1 | 925a4943fd69e0f828fd2e0497e5ac6166d6ac39 |
| SHA256 | f5c69bd686db1f681cf153b3df95a820d8a5cfe29508537ba7fe6a6b75df8042 |
| SHA512 | c953b9a714fdb1d392d3440699fa60f274b2deaeb32520f04db2b9f147e934e3d5bbf2c5758f034778bd152d208c835fa78757f2662874a41d8eece5cb889c6d |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\python36.dll
| MD5 | 5ad92cd8ea4f899ad63d2cb442099737 |
| SHA1 | 7889e4ff08389053e3d434742df023ebd2767cf1 |
| SHA256 | 5d76cd4d993b02c8cb8bba34d03ad9be1698e26b3cdb51a4c13a637558b4a68c |
| SHA512 | aa90b57c066a6b15276b7a1842a168d7ce471b08c71756a1a9fafba3e1c2ecfd007d8ce996ac611e2822ee614029a975ff5ad3126b9fad2ce321fbced563dbbb |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\DiscordGiftCodeBruteForcer.exe.manifest
| MD5 | b4f99cb5db04feee991937c3d0561de2 |
| SHA1 | 55e5e7982a4f3a4596a132001bee409e5f42a4b2 |
| SHA256 | 0ce2b4dec822694d469c40d331829083ab1f9203e09db329cda2de7c01a68469 |
| SHA512 | b80e5b317ff54269d61eb43dd45e645f1271f49f58b9347e32edc5f0905f5eba84818fdb3648127b5e650f46e5b97fd287cc11337a2b0d7dde5feeab4fc0748c |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\VCRUNTIME140.dll
| MD5 | edf9d5c18111d82cf10ec99f6afa6b47 |
| SHA1 | d247f5b9d4d3061e3d421e0e623595aa40d9493c |
| SHA256 | d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb |
| SHA512 | bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_ctypes.pyd
| MD5 | f5d2650f9226d17671ca10c453b0fb9b |
| SHA1 | e47e33a740e65ac29e7f779128967fe25be19869 |
| SHA256 | 9e79b96f69cd2fb0da753359699431e922d6f3d68a073b7e86b7d57dce221617 |
| SHA512 | d90c6ff9cda0a9e25c8512ac62db044e63730591de334f14422b7ec543882675bcc51092992f44304c55fd5a7433d75426fb21845ee061b7053f7bfc3317a073 |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\select.pyd
| MD5 | b35525165a7d2d4340a583de73719571 |
| SHA1 | b5ae07d461e91ccbc2ecbd3ce74c90f6d3757f3c |
| SHA256 | f407806704d6fac51554d581e078344b089013e7c2fa3dbf4440246a498a82c3 |
| SHA512 | 40af07025de6f3569c2466c3d146e14443e3f00f1c21ac302e8f685b6b73abdaad0d1178a8d867230e3635337136e0f7b2bdb04fa50224b21aceccb5e1bb0a2f |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_ssl.pyd
| MD5 | 1f20676f86cafd39263fb36e77175833 |
| SHA1 | 757dad47b44b270d51f32f619f0362a7e5fe3b51 |
| SHA256 | 7f7b7f4ed7eefd2cd2db15a5c36042bcb95f76af8c29d834d49d36b12a4beb60 |
| SHA512 | e30373c5924e9c8ec8f418bf871251fbdc34cabcf7a33aa0b5f721f7923f4144e0febf9a9b3c83684f2899dd7fe7dae077bfc44bf96db53d083845d2ca20d970 |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_hashlib.pyd
| MD5 | 571f6da010e273428c3b20cd98e4f3f2 |
| SHA1 | 8b7df1c7f150c44a32c38c9497d9b0d86576d17d |
| SHA256 | b3937480942b42b591453826fe5600e4af08a60c56e5c960ee91c05e3c10a770 |
| SHA512 | c4b30709a4ada16df89f4b4e6504b38f7d8de1da6bd64f4728bdc4627f447eca311e82c1fe826c39001fe799259975ac2e41b05847681cc37a2346d78080e88e |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\unicodedata.pyd
| MD5 | 3a6da8ace7fe6c708b58fffce1d4e93c |
| SHA1 | 7ddb16a5988485d5e8eca20f1890827895937a83 |
| SHA256 | 1c421c15e69508d1036ce5a670360b988cea16abc4f2a8e069ba877fa917aef7 |
| SHA512 | da163f5daf9e0faea1ca0c428a8f902afde341ce5793c83cc0a10086170b21b3385fc570c0fabf2c0dec7cb929b7b465872c9db33f149a75cf4ab80bde69dba3 |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_lzma.pyd
| MD5 | 083b382d8f5b11ba384965349787a661 |
| SHA1 | b1f16395d9eadb0921530edee7dcf279ff6db3a2 |
| SHA256 | 792c63be95ffa45d699403399ff0bbae87fbf1699103978cf7f2e93e9f91784a |
| SHA512 | 2df67d680fa529c85636d164b0a401fb3ae0afbec8a263c6db71f68050aea033d2a4ca1cb1f3eb003b06497a9b4d6de8f9400c4cd3bec6308718b4db8e5a1fad |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\cryptography\hazmat\bindings\_openssl.cp36-win_amd64.pyd
| MD5 | 6ed5a5101b7e4c0ec64786f1506915c7 |
| SHA1 | c9df61f2d46d8cb4be237c5092fc6cdfe950853d |
| SHA256 | 1e89f6a6925e97a91cf3c1b3e4721cc1289fe145824ade042acfce94e5f3f1ec |
| SHA512 | 6f9deeb2639da24272a9218ba6b4ced6f8dd8234b5fa68c1eec34225e7f3138239fa1406af3bc97dd5b8470aa0d45b569fcf1a352a4ffa291254d5b0b1213a75 |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_cffi_backend.cp36-win_amd64.pyd
| MD5 | 67906bd5a2a22579d94e60d671b978ac |
| SHA1 | 03d8833f41d5d6ab5c7846ce04cbf93eff17e751 |
| SHA256 | 7c6c476147e5c48645aab10afd4474a153b37d9ca243f456f84e9ef215b490c0 |
| SHA512 | 47242101219573a0470bac9fa35765be89ffedfe4ba0fc3cbe13ee6fcc231e6a92c7ab7204ec82fe9ac25e9325b361bbe4df9a0f58ce6d0b2641ffe3684f774e |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\cryptography\hazmat\bindings\_constant_time.cp36-win_amd64.pyd
| MD5 | eaaebf3d22e1dd483d6e8b7009f0fb13 |
| SHA1 | b4c1ed0bdd683e03849312822c626489ca0d3ccc |
| SHA256 | 97f9f16a2b799288c51a698620ebd39a5a4d65509bc3a12784f80763623c822b |
| SHA512 | 247dd56112cc5789a5a391d037b81c128adec27618d53902a040efdc68869fccf31440ba0b7e69b0c305e82880fd630aae2c895dc0afe5425e48ac51972bea46 |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_bz2.pyd
| MD5 | 6e22d22c5edb0327d58a62a16d2633e8 |
| SHA1 | 8564b7bed2e1b4f256dd96d26e7415d778285c54 |
| SHA256 | 319b0a8417f2d95a96b23ef6746ac02865059072214a1b3b9e3ef8c4096e38b7 |
| SHA512 | 1efbf211c3af3e6a2eab9e1799f82138d1dc6518044a49fbf9e296bab92c4c4b69948d8834e7c68422bf4982abcda8fddb2de9cdc50bb66b90e0a58a1bc2519e |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_socket.pyd
| MD5 | 066722e8118f2b864b92826eea77d6c9 |
| SHA1 | f9da490850ff04882863ca20f745e7f1f8e3ba39 |
| SHA256 | 573854cd21c2514c138a167aec4d4334c6e1658c37ca779d8b907f596f127c24 |
| SHA512 | 3719644b243cdfd4fe568e1d1f6494a2db8de963da2075e47d86102e4ecc180256e030bc39abe5ba120990d6b04151655200d7d21cb42ccf891e7f72a2f8d9c0 |
C:\Users\Admin\AppData\Local\Temp\_MEI50242\base_library.zip
| MD5 | 45c2980781a10d22d5212d9a942311a0 |
| SHA1 | 7d4121369cf859ea4394ebefea4a888fc8264b27 |
| SHA256 | bf61051bb15c99f8bedb99b107a870e7caf0848452868a633e8b3812dc1ad390 |
| SHA512 | 808e35766f605439eaa1944dbbafddcbe707b93cc824b480c2719b3aff52bb2abd445b10f944a79641cc847bc6182a3d9188d2c18c9feb898979924b60375fe4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7e44a97d1e4d061cc91d3a5e14917d32 |
| SHA1 | 63d1af472dd64302685abf744e324fd336f92a1b |
| SHA256 | cfb9837f5a6336fc78a83079176338a29b758f322598beb067c0dc5a4b0bb3de |
| SHA512 | eb96805d186f3bd47b47451929bd2f3728bfe49ce43ef9617cbd20903c53058cb0f0b87b398e394bdddf7a83d5ffc137c9504f35417e4c340b53f601ff6e94fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4698c5cbd02778ad9af9896ce3c7c33e |
| SHA1 | 2449a68bf739eba59b55082cfe1955ba75d7483a |
| SHA256 | 8b9b5a2adba8ed29fc16cbd826ed38d3ea709a1700a6c11e56aa67c477a15126 |
| SHA512 | d4e81cf3351e3d2fd7efef3a793078c8900bb0e9ff10803d669918b5848194675b4fc18fa47cc9c3ebb778605029855b876624d2621edf3592f43190b30db8c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 094ab275342c45551894b7940ae9ad0d |
| SHA1 | 2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e |
| SHA256 | ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3 |
| SHA512 | 19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a0d6f2d0c7949487619ead737e11b0ad |
| SHA1 | 59daa32611af3d234082e30a9e1bda50dfd44b4b |
| SHA256 | 7cbeb327ee267c994672b280dfed0868680177e49f8f29a1b6f26f061abfc856 |
| SHA512 | 316205a4c011e9f6265698397bab0d8b80754d5bf2291611beb2f9b7ccea76b307e85890596371c1e635618581666c0c9ef8fef41a1b695a64cdd85d42d5ad73 |