536515ca1e57321c5de664441d3394c4cd63c603183e257275188b3a9e168477

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
10-07-2024 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nzbget-21.1-bin-windows-setup.exe
Size

5.4MB
MD5

4298f1eec6d7c8644844a28ceb92c0ed
SHA1

61723cec5870438763d21bb7259a76a631c8108f
SHA256

536515ca1e57321c5de664441d3394c4cd63c603183e257275188b3a9e168477
SHA512

87cc9ffcbb798f5fcb1338a106cba0867a36b7dd8c66b953df412a21a0afaf7a300c699f53d8f679ba64f3846111f92537f9821fe0128946503c9f631f2fd67c
SSDEEP

98304:jP9N0AuwizDGedVEpYE/s8NgJkjk4PbhpUuqibw96M8NYzI2iml5Zm2eOt:z9N/nizDGOEpbE8Qkx9pUM0kezI2iml9

Score

7^/10

defense_evasion discovery privilege_escalation

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2396	nzbget.exe

Loads dropped DLL 5 IoCs

pid	Process
3892	nzbget-21.1-bin-windows-setup.exe
3892	nzbget-21.1-bin-windows-setup.exe
3892	nzbget-21.1-bin-windows-setup.exe
3892	nzbget-21.1-bin-windows-setup.exe
3892	nzbget-21.1-bin-windows-setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 50 IoCs

description	ioc	Process
File created	C:\Program Files\NZBGet\7za.exe	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\img\favicon.ico	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\lib\bootstrap.css	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\cacert.pem	nzbget-21.1-bin-windows-setup.exe
File opened for modification	C:\Program Files\NZBGet\install.log	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\messages.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\img\favicon-256x256.png	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\lib\elycharts.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\feed.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\img\icons.png	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\lib\raphael.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\README	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\README-WINDOWS.txt	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\nzbget.exe	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\index.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\pubkey.pem	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\fasttable.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\index.html	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\ChangeLog	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\status.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\lib\bootstrap.min.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\COPYING	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\img\download-anim-green-2x.png	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\img\download-anim-orange-2x.png	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\img\transmit-reload-2x.gif	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\lib\bootstrap.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\lib\jquery.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\1cacert.pem	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\downloads.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\edit.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\7Zip-license.txt	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\upload.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\img\icons-2x.png	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\img\favicon-256x256-opaque.png	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\img\transmit.gif	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\install-update.bat	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\history.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\package-info.json	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\nzbget-command-shell.bat	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\lib\raphael.min.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\lib\jquery.min.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\Uninstall.exe	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\nzbget.conf.template	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\config.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\util.js	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\img\transmit-file.gif	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\UnRAR-license.txt	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\UnRAR.exe	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\style.css	nzbget-21.1-bin-windows-setup.exe
File created	C:\Program Files\NZBGet\webui\lib\elycharts.min.js	nzbget-21.1-bin-windows-setup.exe

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs

defense_evasion privilege_escalation

Create Process with Token

T1134.002

pid	Process
3408	runas.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1620	msedge.exe
1620	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2396	nzbget.exe
2396	nzbget.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
2396	nzbget.exe
2396	nzbget.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2396	nzbget.exe
2396	nzbget.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
2396	nzbget.exe
2396	nzbget.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3892 wrote to memory of 3408	3892	nzbget-21.1-bin-windows-setup.exe	78
PID 3892 wrote to memory of 3408	3892	nzbget-21.1-bin-windows-setup.exe	78
PID 3892 wrote to memory of 3408	3892	nzbget-21.1-bin-windows-setup.exe	78
PID 3408 wrote to memory of 2396	3408	runas.exe	80
PID 3408 wrote to memory of 2396	3408	runas.exe	80
PID 2396 wrote to memory of 1620	2396	nzbget.exe	82
PID 2396 wrote to memory of 1620	2396	nzbget.exe	82
PID 1620 wrote to memory of 596	1620	msedge.exe	83
PID 1620 wrote to memory of 596	1620	msedge.exe	83
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 2696	1620	msedge.exe	84
PID 1620 wrote to memory of 1148	1620	msedge.exe	85
PID 1620 wrote to memory of 1148	1620	msedge.exe	85
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86
PID 1620 wrote to memory of 3880	1620	msedge.exe	86

C:\Users\Admin\AppData\Local\Temp\nzbget-21.1-bin-windows-setup.exe
"C:\Users\Admin\AppData\Local\Temp\nzbget-21.1-bin-windows-setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3892
- C:\Windows\SysWOW64\runas.exe
  runas /trustlevel:0x20000 "C:\Program Files\NZBGet\nzbget.exe"
  2⤵
  - Access Token Manipulation: Create Process with Token
  - Suspicious use of WriteProcessMemory
  PID:3408
- - C:\Program Files\NZBGet\nzbget.exe
    "C:\Program Files\NZBGet\nzbget.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:6789/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd26b3cb8,0x7fffd26b3cc8,0x7fffd26b3cd8
        5⤵
        Checks processor information in registry
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        
        PID:596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,5387243757782660863,846129109868848820,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
        5⤵
        
        PID:2696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,5387243757782660863,846129109868848820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,5387243757782660863,846129109868848820,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
        5⤵
        
        PID:3880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,5387243757782660863,846129109868848820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        5⤵
        
        PID:1208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,5387243757782660863,846129109868848820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
        5⤵
        
        PID:1520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,5387243757782660863,846129109868848820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
        5⤵
        
        PID:4960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,5387243757782660863,846129109868848820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
        5⤵
        
        PID:4652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,5387243757782660863,846129109868848820,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4848 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:6789/
      4⤵
      PID:3812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd26b3cb8,0x7fffd26b3cc8,0x7fffd26b3cd8
        5⤵
        
        PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\NZBGet\nzbget.conf.template

Filesize
66KB

MD5
fe26d13f796e2ed4f3bd755690152d40

SHA1
ae49a031f135ff3390e19d3a78e43d86bf10218d

SHA256
38184bee6a05973755bc93429a23dc37b74e0ad972c19d8b801b6becc1adfc67

SHA512
54271e7750a88abfeb7b2b57fedd26c0bdafe792bc722304dbf20a06cf220c38707b5d4fd261d392a5ec424936172a6c79eb0d49afcb6f77cebdfd7144837369

Download Submit
C:\Program Files\NZBGet\nzbget.exe

Filesize
3.8MB

MD5
33173bfe811ff42f36f8ceb6baaa56e9

SHA1
6d8e46a9898c311a2c976d705ad2615035495672

SHA256
5509e8f270a358c40928df864334d311a29bd8bc0807abbf667d65c0ae87564b

SHA512
da37938f0e771609efb3020a8e09ab43b6c0ae2076b8803ec96ef32c46ce43bbe0a409376893c76b25f5c47a4694b717a67976432e0055ee3b3e7042d04c7209

Download Submit
C:\Program Files\NZBGet\webui\config.js

Filesize
86KB

MD5
beaa44fa761edc0032a2450fb3be4fd5

SHA1
3283025f03465ca87c28065b83a3eb6122438901

SHA256
8dac9130d46b623d9cb09904f559aa1b113908084fb3628d0166c82a9d744b37

SHA512
0495032fa471899061e657aa6f6461b769694b283b22fe89ff2dbdd632a6d90696fc05490288d900afdfb1908e93b4c6ab0f3046cbcc66efddb3f07f167aa189

Download Submit
C:\Program Files\NZBGet\webui\downloads.js

Filesize
33KB

MD5
bf5fb5c9840656abf17c92445864f010

SHA1
dd2a31b89b26d351d6e44af8d4657cf029e41964

SHA256
fd90fabf1cb7b345858be8524239af7f542b9a43f23c5af6e17ab010d07487e0

SHA512
285e686a4d64c5d36a54cb0b8a15941c31786e1c7f2e64af96ae5f62457d016dd747ef35019028e643bb20f2d6c90ce2be142e59c5d87ff47e561ad90c346e74

Download Submit
C:\Program Files\NZBGet\webui\edit.js

Filesize
53KB

MD5
6848819bc83e5f0eb4a85b58c52038b5

SHA1
6f7aace4573d7be73be26a450c73bd124c98d6e8

SHA256
6af7f1785553974a371a05389f546d3234bc5457b79787d8446b58989c2c260d

SHA512
eb38e3fdbf84c90fbec1f7dea909bcbe712eecf795c438a4b4d2d018deab1df3856178b3e29a89d02182be8e8701f9fa6d9f63c2221dcae70461d14945277ac3

Download Submit
C:\Program Files\NZBGet\webui\fasttable.js

Filesize
33KB

MD5
f28d562c25d877070ed1b1e0a5d06685

SHA1
18310905a8cf64493d35e1f4d251cf607706ee84

SHA256
090e7e378c16ef0a1ecb1c42e25e3d74397d0f738a45196e65893b4008f59a33

SHA512
12bf2a97ab1ca08b05b9ec07637652e7b279400abc82d0ade45b15d216dc017efb73cee54b35593fe9c4f3bc57501a647016717d5b20f7e4d5e262ca7a242373

Download Submit
C:\Program Files\NZBGet\webui\feed.js

Filesize
24KB

MD5
12d72571fa4f5615c2f57d2eb78d75f7

SHA1
4a334f6878cf52edd7d86f94657de17762fa210a

SHA256
ab32cf3a715af9e640fc286159ee3f69d5533191f3062ab6a7b3e399819e74a5

SHA512
edeccef6fe3460ef3234ba3a4a71bfe62da232bced5fa39a24cce7dce0f51c7bf8f166f79a358487bf04f088053f5e1f4379050b58f80bec8134153a1b74beeb

Download Submit
C:\Program Files\NZBGet\webui\history.js

Filesize
22KB

MD5
c5542130dc2e887c5299306ecdaf06db

SHA1
e54dc7aae2789022f6748898315f2322c5006af5

SHA256
88fe8f6b6e88ad28d53b740f50d60690ead2665f0a5fa92eab7e5122d9e8f1a2

SHA512
bda86bd679c4d95fcfe55aa37d7eabb54f98b1adb59ff794348327432a70d6c8f5c6321bcfe09050dbe7cbb1ca1815cf1391814fdafc222405dc87b16938fb54

Download Submit
C:\Program Files\NZBGet\webui\img\transmit-file.gif

Filesize
4KB

MD5
ebdfc31f9fbc9848ab637c12d0119a9a

SHA1
4d4ddded1f429530e8205d1950d781fa4f32e1ff

SHA256
b289a5cd7b222df6393c94884f37a22e4ee8cc2df1bab9a70c5996596e903667

SHA512
bc7df314fb5162d5fd16284780efc387abe29d3b2b7dbc7b9a92787575192063a4e87b3e1c16459a142aad4c58960bd9ed9e3f3101c1e3e035bd2b3015fdc2b0

Download Submit
C:\Program Files\NZBGet\webui\img\transmit-reload-2x.gif

Filesize
4KB

MD5
4750e10933acb8291be29f72e5dfc40e

SHA1
cb98ef0f027969efa45770b8a01309f0a214d714

SHA256
29aed399e8200ccc03876b02c9d3a655dffc29dc04923a901fdf3e0b8ac5b005

SHA512
9fe9d35074b74701c28f96203f55eac5a1f7ee34943e0711efd3b2de12dfc3d3e02c10a8cde096c1f209a6d9e9fd6c68d4f3f2746558a430989798a9fa3de58f

Download Submit
C:\Program Files\NZBGet\webui\img\transmit.gif

Filesize
2KB

MD5
faa74e8c61fc64d5edb11613c7eead2c

SHA1
e043879d3ee94a3edf10260f21f44bfa4a6fc66e

SHA256
483c4a0396691993a641ec409c44b8b7e1daab0ae7e2b2944c4bc59520bb7655

SHA512
451db4141333fe6561e6259352b6259f80a2b080380d48117b693cc1ea1d6f3cecb5f4a4493af11c734989e4096b01bad2b31e47d2e13718628ac254c4deb70e

Download Submit
C:\Program Files\NZBGet\webui\index.html

Filesize
141KB

MD5
2825ffdbdd063f6f6b95154731a61a7a

SHA1
8ef2bbe55494121fa473bd8a7076666d51c422d6

SHA256
99958c64ad8fd506298fd7cbc696877490cf319d10fb2d020b1f040ad9de082e

SHA512
4fe8bfcab1999516c4c8326691870d769a14a540b1a2e0585c0133b1dd651526b9e960f9af33c5c00055570821d91f2986b91bd3898dca40e99b4152126ff0b5

Download Submit
C:\Program Files\NZBGet\webui\index.js

Filesize
27KB

MD5
9538b586f7fded981f94d67b2aadb1a3

SHA1
ed081408c77b907b00f347ae82b02a5de8ecd768

SHA256
999ab5e0fbbb8a4c505d7a1f83730f2b167103b3fa685fc7920819580c876bc8

SHA512
9f3e4800a0e6964922c8cd013fbcb13c965a0fd8bfad872261113fb9fead0406aef88590887aea54d46ca74dd506a695baa9b42f310c7d74bbf2c53b318ba84d

Download Submit
C:\Program Files\NZBGet\webui\lib\bootstrap.css

Filesize
96KB

MD5
d67bbb600dd54bc3e89d25d36d279544

SHA1
7ad8e2c8dd4ec2e5b0efee7362f55f9c49ecb81c

SHA256
7c77daf3055146e65e00d5a9d327f4f4f84d59e8c7826bff8ee35eadb7101cd0

SHA512
c8529639d5434690d75a8e8bf6567c5529994d941bc06e6e4ce60390625d102bbd1a91ea4ba88f714eb32da48f5bd51037e1abd3e6f48635314a8a762b37ab53

Download Submit
C:\Program Files\NZBGet\webui\lib\bootstrap.min.js

Filesize
21KB

MD5
920589bf94def8af6540d95adfb7b310

SHA1
0106f442207797b08f423f29930a6b96e266f269

SHA256
86df6abaf5cd5373cb27255d042eca4f804c550186c9b3a6503253a65786a1b9

SHA512
d1914d7dcfd06fdbf0be03c8ddcc730069d2e554fe4509a97620ea0f33551886a5c865c9fc25e29bbd7018c447216e9eeaa4b08a0a454620e39e65e8cb7f07b5

Download Submit
C:\Program Files\NZBGet\webui\lib\elycharts.min.js

Filesize
67KB

MD5
866b0a6699974c4d2f17f2162c8e76d0

SHA1
6002c1d448b61cb7b3a2c9412ef97918362c2ea5

SHA256
bab7b1d0e686a348f1d492e8e99b9b231ea2c9a93d8c8429b1c43aee78d9d6c3

SHA512
614716e93c565d995b669d1fb2752c93f81d3674c98a7de9c841d059cb62ae8e9f380bc000e65773c9bad3c0a22b6c51ef90526240fede9bcf62461dbc0facc3

Download Submit
C:\Program Files\NZBGet\webui\lib\jquery.min.js

Filesize
92KB

MD5
b8d64d0bc142b3f670cc0611b0aebcae

SHA1
abcd2ba13348f178b17141b445bc99f1917d47af

SHA256
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

SHA512
a684abbe37e8047c55c394366b012cc9ae5d682d29d340bc48a37be1a549aeced72de6408bedfed776a14611e6f3374015b236fbf49422b2982ef18125ff47dc

Download Submit
C:\Program Files\NZBGet\webui\lib\raphael.min.js

Filesize
88KB

MD5
3af49700d08ae8f43d613218eec1f754

SHA1
4b4f1dad04b4ae7aeddf8665d4c73981d52e02db

SHA256
10106f7cddd4c33b9b9c7c2013e6d35d6a9c12f417697271d99d8d97f1a45ce6

SHA512
0b36a4a55a660f92ab407c0647c1466069b3a7aa5eb0f453b86ab7eb9836f9b1aee0168711b4d31c765d0da7b96065e818add2f124b5973e48beb663377b458c

Download Submit
C:\Program Files\NZBGet\webui\messages.js

Filesize
8KB

MD5
5a822b35162533614fe6660af3bcbe85

SHA1
9dcab9a6bd84f1efae5a1bc8c9adab2e6515bcb9

SHA256
fea18d97f83a1fe334ae9a5039a2fe1c495fb427db32bf8136b1c765f5f2f157

SHA512
d66736a3f2c65ce153deb933c7f03293d98c2715d2b1322b15139c39d81a0c5f464ec5792818d7f8c74f04e0a2cbe550eadcb9d645aaf1afb010914d9f4549de

Download Submit
C:\Program Files\NZBGet\webui\status.js

Filesize
41KB

MD5
c33dcc9019cbe4d1dcc73c39198ff0bb

SHA1
c132a085b9609b0d84bd20a93558017fad96e825

SHA256
f701c13d0250c3d5b0329ac54a4ae36c4a8335b33bd943edd67c81af3126eba9

SHA512
a5de1736bb8770889c22563c9aabe1ef0d6ed3b26e389693a3541582fcf8cba4849bdd0a6374db130adb20fd48d5b102f626e73056530dc55b9e3cae1aef8463

Download Submit
C:\Program Files\NZBGet\webui\style.css

Filesize
46KB

MD5
30aa03d850144a623c4fb65a10830740

SHA1
b496836fb7d18d55a8a1f3208f2e983068d8e147

SHA256
bdc4a304f3c7075c1b075981c6791b064d61b2f2cb0238806bcce6e9383e213b

SHA512
f6e571d2c6e4424a8f45d2307877be340b5376db3b33747d60b8026a2b8c8ea3cb8b912bdf19508072616e326cde240149b46059697ce5debfe162e75a5bcee6

Download Submit
C:\Program Files\NZBGet\webui\upload.js

Filesize
13KB

MD5
2e355d0ec2d80c0cd03433e4bb01a03c

SHA1
f98e1ac9aeb24b631655a79f247a245b664c82f8

SHA256
2c0774d17eb98dc1dff6e686491339b662126a70b62071f388dfec054d5bc39b

SHA512
75116820531aae840f94aaaa0bcdc7a865b04adf71d40b14e276c3784b2e47c0a25619c8ab517064af8bd7f6645fd7043be81fe7538b6f62171ae63cf2c32dc0

Download Submit
C:\Program Files\NZBGet\webui\util.js

Filesize
16KB

MD5
aaf6997e623b10394f83e705abc45b15

SHA1
9e857982049c8ae01562436a866167dc83f64331

SHA256
35ef3faf256ab4e58d627640e2e4251238f41c819423f6adc13e87008d201576

SHA512
4a9ea3a0da562cdbe7f4dea0145fba31bb20767ee6b265833852b2462347bfb8945aca406fa0a195962ca5a07899a7b6ed91c769157b319c4b35572d40923016

Download Submit
C:\ProgramData\NZBGet\scripts\EMail.py

Filesize
10KB

MD5
1ee8c6a5641c5ec49a88e88b9464376c

SHA1
a8265d8e661e898b0fd7e466b79163516fac19ef

SHA256
14b9192cfb4b13d715866c3ae31cbc55052da2ea0272ebd6aeb8d741ca58ca5b

SHA512
79e890372c1ee9fee84b5a43ec4b7720b10f97de020b4998e21fa6c394eedf1c044444255c1cde3a5d4a0613f7aa333a2f9c83f24c28e71e5e4236095948ca6f

Download Submit
C:\ProgramData\NZBGet\scripts\Logger.py

Filesize
3KB

MD5
83adeb3524fd6742a131aa534262271e

SHA1
07e832012a17e77988b7c78e145bb4b6d4870f2b

SHA256
565aa7e270f8139f34fec00d8c888164a9b2874d231064c807854e7220f9e6b6

SHA512
91db851ad28609f05536f654533196381c5bb626d05c0b17653f95336609753180d982d7dd9bd239186b8dd75054a4f898b45902437f65996cd1e0b22683e5f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

Filesize
150B

MD5
e5f29f92462bca404ad9be310d38c88b

SHA1
6fbfdfaeb49dffddc7df48c5df9528315b9c53da

SHA256
d53b8ef150b05b05e3a34d607f51d0b0edb005f9b4d2091e5617dd4c0ff9d611

SHA512
3de63e6bda1880dd9f2ddc0ee437433e7df9ee4272fcf71e7ae7e5b5805293d4f21c5082e29584d1b875872e28f1f8c73715d0662c160306714d28ce5d34dd96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\446c1a79-238a-4880-be82-b7e488c041e1.dmp

Filesize
3.7MB

MD5
a9b03ac5a06274d02a795f81852f2472

SHA1
c7d951afacb4254e592389b913e44f09aff81245

SHA256
b9b420ba54c044e8d753568a7a3e9dce49a0912978d6dac40abf8a9387e3abc8

SHA512
b319382f3786ee2e9d55c821bdc4810eca4f4f49111b9f20a7318564a013636a37ce9939106cdc02f06f00e06f590f9d5e3125b5500ae26977dd73c37950c42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e42b848b-e172-441a-a0f0-afdb15a81b0f.dmp

Filesize
3.8MB

MD5
25ca40c4920ed3a1d815428388100ead

SHA1
78382af5c1c247a4f1c20cb3fbe4baa36da1ffb8

SHA256
7efc433689295beeb7c8ad731a51ca4e776e6e3439e5b7ed9a5148f9ae9ca8d7

SHA512
dbbe9b1db9b146e014c648f732dec97c8612439c432132619ec1752f9bff8a0ad99335b28e197085b6767e2b6ffba08d612924a81f45a688074a816ab1c365b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e44d2bf3-0c1f-4417-a59c-7a97bf9dad8e.dmp

Filesize
3.8MB

MD5
4801db2ff9a7b8936299ecfbedea40d7

SHA1
255b09587581eb0025833ce7615dfed608713bf6

SHA256
4414dd4986f26994318f2880b3fd7c3d1ee7faf1f43e853d7e739d2b7cdb5b76

SHA512
d789f9b7974812fb442754bef75167b714c9b450a8067784711aa463d5d210271d8a9e299d5761e95edce949bc78169a74305fd76fa26f4d0de580abce53765d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce971e4ab1f7a51b5b9def5887018d15

SHA1
2f280b61a4c3297a3129d59b84ae971e90fdf9d9

SHA256
12e7606eaa7e67b697c8b098266fcb8cb066cd9f8f60ce43ba8405102a63af1b

SHA512
5358fb373e7ef29ac278c33161fbd06b4ac59b24be16e4c34f37ae88383655a182e30fa71cb7881cffc3af5ab055aad25d57f53f3114e6d79b946dbfaa228594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc52695a78aa4e8734d73b7446ba59d1

SHA1
15dfb5759ff566206ebd6b8a864e9e43182d7f44

SHA256
fc18d4b0cbcbb89e7f9cbe630c18c94ddecf8b59e74718cc5ad1f66fe638cf9e

SHA512
dbddeb1e9678141910933db917260164cfd07d5f2fcf3c7e82fc2c6db486be7dc47fb193a676e7a23d4ad6936c946ede8def1c555332e41a829d94c207cbfd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9ba75df0c9d261bf877d75337036f75

SHA1
26cd9d7bd5669f42670e44b4ef8661de70d4c4d4

SHA256
de2ab638ead3c26dee307088e4f6d082b4b6705248877f96f4815a319612f19f

SHA512
bc91a8737a18c7c2b44c7afdb472261c5ac7ad2699076f3b9fb751eef8a5f115788a3fa896827b16607247ece3683a289b11a04399aa092fcd6cb60a74f25ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
25KB

MD5
96d66ac82f6d78dfdcc669d468ce5a3d

SHA1
b6358c892489f59acd6df1bcc8a0251b444b370d

SHA256
773d04d628896691a90debb8a0d5f183795621d2cbd7313b1caff8d90c33eef2

SHA512
448d601dbe88097f1b089d662ab1e9bb2590e8491c384a06292491e95479bc0e339a4c8235215a1a0b900273468991e99ca6c55b088d4cc68a98240f3c7ac9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
23KB

MD5
864a9948656806c8f2605e048ac3a912

SHA1
7e3411a24e2b565786946626e6cb712d71a86489

SHA256
8d767a2269ba63fb355a95a0067cc933acd024bce107cd16c60e78ee1860f0bb

SHA512
3ff8781affb10e92c85c74ea72b33e6f48bdbe99d90c5a1992012190a90321211f9d6e382301ad953a20dbb5307d0946a70d407e40a4f6c153682c612ec43056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
167KB

MD5
be97515ae3aa2698356f44f73a252051

SHA1
681d3f8ecf039bf04750024f97b8c5fb1426ddd5

SHA256
b10fdcd9a0a6132a6a41f84e4676aeece2542caaa5f5f42325267fd862ffe571

SHA512
51f6a1ca9f52b2456cd15770aa74162feba4c803658a91185e74e8448537f3fab66e0e63c2e90520475c174c99e73560259bc466bf20682c37f6650457bcdecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b0adfbd59b3a4cbf10b5220a14e8123d

SHA1
fb481cff8ef744d26b00a8a27e991109f750f723

SHA256
b8a9c23623de55e815fd85f2427ea9c7ff282bad5b069a276190402f5ab6a580

SHA512
93adae3e69f20fe1151a2e16974944667068d745665e45025f271ae7b851c0634b7a2c63ca5b80dcf5f3c50d916e525fd6a872c46bc43c3c69c5f251a5c137b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b8dece9b1c205297fbca25e8c6b6f774

SHA1
182626c2d936c74c2b8eb531b895cbbcfb0b148f

SHA256
0089c88a91d7440d6c25d3093af57ce1aef09aaeeeee54c3bc53c6e85318bc53

SHA512
2862900b2faf4bb47bf1fb7c555681266699a1190aac5dcfcf4f69025bb1ed352ec16460c99944e9efee5b368f8f1f1f186677451e5560559deddb4328cb0194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93753f9a8c85a02626c463fc198bd26c

SHA1
ea1de598c69930a014668facfe1a6e23afd55324

SHA256
55e15fe56744d219e5be967b3d816c9b34c100ce5211550e72b2d9547c032825

SHA512
b4306fc5c412d7615eb5ec50cdab7dfa66b35294955f252819853c7326db0c98e86aa95b5be7b5fdc73314e33ebf99f76169c8f6c34c070031c0ce19ddd7d264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5991d120e16bc92f23ddc2949e35d06

SHA1
54784eadb5dc6ec7fc1b6470aada596e371f352f

SHA256
6d3e692d60e929d4f151eb30bda9180d28f5858b0a8fbb1a2c632f120acebdd3

SHA512
77d75c05a702307401c709a5e45f319c1cd4a8f701c7dbd908873ad8444f2a30228b93376eb1e9c77a102f31f13bfdbb8e1d97a85ff5f443adb6694d25d5ea60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4f7e44843c3af2015b9782f3ce7cf70e

SHA1
3eeb6787ba7b34fe723fe43dfb506e0c0716ae18

SHA256
33a12cfc551d60bef2736808120a2ad5809548651257909acdca62f2a9bee2af

SHA512
748413cb8c64357646ffaffd50e6b7663eb24fa3ef1e17e9baf6f775ca950a8992f99a947712853ea24c16fe2dda80ffae2531bf72b1900c76f87b16558ceee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f8e94991454b86fb169b5e5093c93de

SHA1
597088bb1af5c5213715bcafcc2e30ef13363e24

SHA256
133e0a117507680240631d50b5343ce2281d5577351d0c929c2249bdb0fe7780

SHA512
44f1798e64a4b64576dd18635b8dc5e5e14223be80463b4d1c45cb74adda1973f3d1021112184ab5a8615eeb3a9f24fc468b1ebb87c25c35a45fb59923164643

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7BF7.tmp\AccessControl.dll

Filesize
13KB

MD5
9e7d36edcc188e166dee9552017ac94f

SHA1
0378843fe1e7fb2ad97b8432fbdcb44faa6fc48a

SHA256
d52a83c2a8551cebf48ff7a8d5930be1873bce990f855ccab4d7479cfeb22e3d

SHA512
92c31355cd124ba28c0ff9aa8fa34d5db9db0b093edb8978bc3cf94e1f72d526603d5d5c1e221dcb2ac6648bc420f4df9847c2b1e71046384d827814a77d1783

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7BF7.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7BF7.tmp\modern-wizard.bmp

Filesize
50KB

MD5
4cd784c8807511689a644dc603a84e1b

SHA1
443ab443152664dfd4ec0a96a8ddc5a06a00da9c

SHA256
9986408f8e6817c8df37de0fa3126bc0ec3741f281a0db40eaefdc22261427ee

SHA512
16c5b166ec966fe3e16f9635b0c575f95d53883239b81335cf1870e0e826dd5ae8f6c46e84bd3f123c57ece32b5e05c99c36f7dc25e819c29ea8337fe9bcbc44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7BF7.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit