hxxps://drive[.]google[.]com/drive/folders/1CIZirTcelNfM-wZQ7Xejx2z0wyHgfLRo

Analysis

max time kernel
609s
max time network
560s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1CIZirTcelNfM-wZQ7Xejx2z0wyHgfLRo

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com
140	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DeSmuME_X432R_x86.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{B388F576-EF38-4F09-B9FE-B05825C046BF}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{54448EA3-535C-48F3-90B5-73A995551DDF}	svchost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
4788	msedge.exe
4788	msedge.exe
3636	identity_helper.exe
3636	identity_helper.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
3928	OpenWith.exe
3520	OpenWith.exe
2196	DeSmuME_X432R_x64.exe
1844	DeSmuME_X432R_x86.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	400	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	400	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2196	DeSmuME_X432R_x64.exe
4656	OpenWith.exe
4612	OpenWith.exe
3928	OpenWith.exe
3520	OpenWith.exe
1844	DeSmuME_X432R_x86.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 1532	4788	msedge.exe	84
PID 4788 wrote to memory of 1532	4788	msedge.exe	84
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 2180	4788	msedge.exe	85
PID 4788 wrote to memory of 928	4788	msedge.exe	86
PID 4788 wrote to memory of 928	4788	msedge.exe	86
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87
PID 4788 wrote to memory of 5036	4788	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1CIZirTcelNfM-wZQ7Xejx2z0wyHgfLRo
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28ee46f8,0x7ffc28ee4708,0x7ffc28ee4718
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,6837568755453376293,12694759225328297902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3520

C:\Users\Admin\Downloads\DS HD VIDEO-20240805T134207Z-001\DS HD VIDEO\DeSmuME_X432R_x64.exe
"C:\Users\Admin\Downloads\DS HD VIDEO-20240805T134207Z-001\DS HD VIDEO\DeSmuME_X432R_x64.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:1180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:220

C:\Users\Admin\Downloads\DS HD VIDEO-20240805T134207Z-001\DS HD VIDEO\DeSmuME_X432R_x86.exe
"C:\Users\Admin\Downloads\DS HD VIDEO-20240805T134207Z-001\DS HD VIDEO\DeSmuME_X432R_x86.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x454 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\04bd608f-f273-46bd-8646-4c4cc66993b9.tmp

Filesize
1KB

MD5
15a267d40501e367174bb644637147f4

SHA1
922cab0618114cfcefe36b6fac6af15e3de612dd

SHA256
0359a43f65e0e4cd286b16f081e871a71dd06900a01a78801df377235eeff64b

SHA512
d008b81e685b138b26ed554b38eaf9624396e1905e3ed358c609806f2d336b71b5daa47022829321cf5c45db0653e67d7e4bcd27a3e3417f44fd1f9647a333aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\89eb5175-2aae-4bd0-adf8-d3fe0b48be87.tmp

Filesize
4KB

MD5
48b92a34d72e0f0c433af761d5fb58c6

SHA1
af6cbb981155e0c7b4475f86941a5d2c5649a471

SHA256
e3f6681a295ee7dce864d1b9bcc89ed08c5ba9dc5941040e6cc9c791d70f155d

SHA512
b4b1735794a54a34980a260a528bda3c2768c77fa618bf92cd201387ef2809caaf2487e8dcaa5784132a005875548323401cb529b3a0935f9f4a00d9afea1e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
6e6cbe2e9a46298f45904187d606e623

SHA1
8eb483ba0ca4920e1b8f2b8d2ec04f02722240fe

SHA256
9493585cde75091f0586bd7e3e5c048d2965fa305faf13a25dc51f9951e78a45

SHA512
4423477f547dc6eea292d2eda0714e8060835420b80f41ced38c8404637383cec4cab23ff50a1f4ab981005a2690c4dbbab02c64f66d9ed43ece0d5e7b7c7be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
02b4770d6835745b9152b2c4ed174da6

SHA1
d1184ab4c49e7f12b37649969697a8276a8cc7df

SHA256
9fec22a1e4cc16c03708a2eb1e0797c6fc0d486ec5600911bbb7f80f46232273

SHA512
63544b40fa09de35c55247cf79fc04b5ba38b561f1c7145d20af19c4eede785e890434bd085860140d2207e1ee7d84e2cad7f09b1b60bcf95851205e890f675b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5b66e813ba132a401a6c135e8329e321

SHA1
d4fac56caf4440cadadb705023a3ade576c14eaf

SHA256
467ba819b6d316dbcbaea30c399aada0ec43f24433c643a4514c580e6846f88d

SHA512
8d44381b5f8b4348ff829fed20c24c3b18a7ed314746991aec21e3fb13b6f0e11f4eedff404a1184a0940d329eea731e3fbf78786ee004cf6bdb5adfa7b01888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
258dc063e623656c5f1573ebf3822492

SHA1
12b002aafa6e5b252238dc349b135e2df9420c00

SHA256
f0d461072c678bd373ebe6e5890bc532535537a5b3d9dc29bebd1009c849c6e0

SHA512
158cac9e6616ea3606e7bdbb2fc6a003c0046e081b851cad3a908b4e2654058a04bf83f635e2f1c95f8fb02983cb131f2c889cc7f482cb434c3759ec5a9d9f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3b94e845b44982b64a8d8840252753ca

SHA1
8d51cb4a1337090f0634109a5388c121e1e4a1ab

SHA256
192ae6dfd1439d790b985ba41ce9bde29c06f5b811cbdf718581ede9c329b1e7

SHA512
16275dd19695b79a39d82ebc32c3e3c002697e586a35c2180c6e7e612a6fb2aac8d23d0b382e0aeadda08953dc1102d7b6f39fa9c2bab7c3120f361c32b62de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d4e4dc5ba5b8c3238708f3f3c062b587

SHA1
ae7291578842b783e0d5de3b5e06f0160cf73b09

SHA256
cdbd9b96b3a86dec7bd0a9b73befa4e244598479fc07c0359f6fb105dde785fc

SHA512
f204a45faf58f953d48ca46126f27448172837bf94c84a586624a385c2f3c2538d480196242da9f5a16014c0fb1bb4852c1e45b0cc025b25053a6ab4685445f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7ad5e6271c630f4d50e06aa82d277e59

SHA1
b3935a5937bc2dea4331a7a3778be96b4a50b4a0

SHA256
a29427015325da1244adef4af32810eb764f9351e234707cafdbc5a7dd4bc8bf

SHA512
f4067b0072705e229b95fb925fa91698500e7dd5a747c749b50daaa23b68e0ed8e6652e0be38db91bd20dd05f30c77bb8d665945c01f3ab142b5e53f4dd97aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e7af368bafe0a25ace3fb0e2a3d35003

SHA1
2cdec10f9681d6d6f14987891fc2df94fe5689f8

SHA256
6bb7241e0fe2a9faaa0afe555b8d11b06770c4a987f853b533d11adea90d6ec9

SHA512
56700686b630b17dc6420c0dc289dcce7f2dc5c79f0909a5c89b5cb24991a0c1e66590b1c93062c714d16895b6dcc9bcad87a4105fcfa51fd9c5291c4de1c478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fa2469e6e8dc0564f9a720424513d7c0

SHA1
11e21dce26e82f14d472d6cc21d4ec67a6a369c4

SHA256
24675028d919dc24771a0c702633ebad8a3233d00a74ed4a82ae2ac080c99114

SHA512
1410c53f82b2e5b9956565bba5281ea5505a3ae9f3ef0b97f96e5bcc15bff02f40f59917252e31a50d7fc0d7bb4a886c57f3ec1b5064ca0b196a7c57775a923a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cef131abed148b87e6c33dfeea2799d0

SHA1
40df7797be156dfdb844d59cca70413facb2c972

SHA256
4b873445657970c6669e5750e69ed17a4f02bf89caf33b13fe192d3690880d0f

SHA512
131441f83199e1bae2db515e4f87db6d0b8a0507908d49ded278da2591328416fb7608be9f90283a7b69318fd89f5a40ebb285669f4641ec71851a8456f2c43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1d8ea455db2fe43d7b640afcf707bc37

SHA1
98081471e50e73e02ae7676e01bc1cd1edf3edbe

SHA256
08db32675923c65ba7588e050f9c0c096cd54882f0ec237f0552142788d2f463

SHA512
902076eb38eda0fa65d793ee9717a664ed6dc1b7ff14f1765a1cff14c78822a30cd37f89dd0f2eaf8a46aa56d5417c789fa0e71997c0240076693834cf6a6691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
069d7ab95703b5123ce6a847ced6ed26

SHA1
4d7bc0862e5b4886d8a14cba3bfd0668074422d0

SHA256
fab21c17069b3bf2a2254e5065a006cfa458c644f4a6590c0387c645b30e3545

SHA512
8c5cc79d8f4a473aa436b1d0aa81325e6b897165de2acf60d5ffdb3bbee434b7a7917f2ad65ca399d9178d6c81dfd9c88a4008aa00ed9624fa46d8f5e6136026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
93f28d038fcb3de692c88775df25a2de

SHA1
49788aa31c2bcceb65af586013f342d41126a789

SHA256
83226a1f325a7bd3a733fe818e587478306098df625aa7193225f674f44bda9e

SHA512
af6e20aea0cc88f17d490ee9071961ac1a3e1759af7d1183ed366d2f86e2b523d89c2f225fff88151b8cd8dbd2e2287e78e5a877b155f1658e4ee06e1cfabf04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ee25938380d7785d19ba15113d9ab4f

SHA1
486348d71bc3e627744506d1e4f55eedea9508bd

SHA256
745c591655878a067d5e7115c69088d1133827573de77b5010ba3d184845c204

SHA512
8b62021853d3bf8480433c99204aae7e63e5b82b3d5685472e9755c51d6df04ea8c5921737715878890113feffd83f10b7ee978458494a4c310e9270d31d1740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
821c02099966cfc36519b95682bd5268

SHA1
42aa8c6cc2fe68ac843ea720e4497b5f30d1e3fc

SHA256
eaf27685ea284f804b987ea3e2578c8977b0cc21df4a3ea76b7cb4863979fd89

SHA512
6af5f7f7afb8109ea842db8588cf99bb37c4d3c7d7b296f8ad0769176d16c582baf9cc7ca784c2f46a6cbf49a284beefe5d4c7b4c6108ac6de010d2afbc21e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c1de786c91a477ea88c7af48d5935a3

SHA1
2f79df1459f1d684b3b71a853fd835616d2ba9a5

SHA256
8f457cd8155a1fd870d4d5b7697a44d9f288f9378aa8c391cb194910ae010837

SHA512
593e038ae74e73636726f3218378df6390b3217c0b7b008e8708bf5afd606c5a8e430c69296a09a494284e2049c93fc8c2abac945fd263d318cb595dd7cca27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ceec65955f290158570423971f83b0d

SHA1
1db6a0efdaaf3b28d55f9e3bad2df55dfc1d4d0f

SHA256
84188a068a8b23ed51dc09d4f1b6f781ff8ce52f5895fb6908b9f3181545395a

SHA512
387ce7986a4f6fc1897cb88d05ef9313a6b6a7ce627558dc62b942c5155e9c07413a2d13654c50d7ed3c5d1700b81398cddb6a81be0699307a11b66fb6ef93fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e2286a1ad535d6352ab7d43d94d2826

SHA1
566a94c5710290f207b0332d8619918585f250cc

SHA256
5a502c68563c54589049209b70347aed3b428e88076aa08658eb20c41ab4b5b7

SHA512
7e65e10814a9d8cef70c8f323e254d620f517e85c22d34aa21dff8a707b57d3380bc86621cf9e6f523437864d6cbf0f61b498c5873df2c4ccb6353809db1789c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
adc1068f29ed25b5f9f938669f7f6b55

SHA1
d16198f5b8705752e2031e68fa894eb476f2d1b4

SHA256
d7449eb775603fa8c175964452bc82dc988989a31ffe916774f6b3debed87223

SHA512
c6180e8f80227835c4f132a9555a648555f7458277a6dbc30e9fdcee723bc504803f8013fa06d93fb0a8f39f6a3340c7e491b192d628d35d4c8616311d8c37f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e52b340922df71fda8f0d79cd3c6c83

SHA1
724e7f3feb25fb3de7518da59ed1f920e971007c

SHA256
3083b8e0aae5ee3e5fa028b6e6bab741a389b5aa2bc58a5284d03d1f97a54aa0

SHA512
3a96445536c265158d7d9de1b8c9d796d0023f3e3c1a7c672c7f002aa74ecd0d2ebb047ec1c406ca177cafaa39e1232041bd5ad64aa4c2635384e77bc3870361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22651c5d73e150fccd885547b1a17205

SHA1
eb142f14f686d00921ee4899c2d6c991392b7e8a

SHA256
aaf9a8818fdae7043b5be1613014f6fcf9d8c48918be5bdc68e2879a882d6701

SHA512
c2844e63ba8f6b31ec7a387cf1274a18fc8eda4f0fe8c1fa476f56f6200d013f4d7e13bec562f7ec0d5a7b588d3726dd6e3dc5b9d2c65e196350393287953c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
751838e19f327f6922c1dd9757f7128e

SHA1
7e76e4f51458e011020b6a69904d8e4f853021a0

SHA256
8bf6194aa575ab8d28c23c36e59f932c718a0e11f1e518b72fa3f9406cffa3d4

SHA512
51814eb30b866927020696ee7512be20ccb59ebe533fa89dd587ed05f5512f5c07b696d4481be9f024ffa9213bbea20abba67240f0be2698461330868554b786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a35173405ec497334e9571effa362846

SHA1
7207684c0ab8aa310d3b183fe84df783c60733a4

SHA256
fb2e75610e73810b82b5ba51b2d8f771783f558eb70110379966381003cbe0ac

SHA512
391e17acabe48bdbbe9e656bfd2d711a1c5fe31e4a25f6093faae4a533e716471a51343c5e3f949b50f187e3a2992ee84e3377df863fb352157acd060769025c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
abb4a29a53b3649cf60474af79ab6605

SHA1
283fece9e9208be28ea74fe9944b23462d8dd105

SHA256
bb2c9b46d22d2a31d7ba009aa2c02fb185abc38baeffdbffd0df472c9e254d29

SHA512
d21c0449228921acb7810c127f09465a312622a65a2d151a571e0e3e6c3a19b7aca0386f726893594aae076d4918432f335a7c545700f151363d3bce7d7fa526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
409b83eca988a101d583366520412df0

SHA1
f2d8dcd5d1166711c01cee6ab753ac07e9bf1999

SHA256
a6c9c2efc50418ff2cd65953df5ebd36ca7b5e74cacc8844008d8e6bd0d03a2e

SHA512
a6e01075e655ecbc2440f4e7d57c97e00099c369f3030c782db8f27a520ed84379a43d2d8a9b95377d64a6b8fb2311150d0bfe46dc4a08cbfd804ba2e40dc9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bf5ad2d81daa5875e0c54561ece68528

SHA1
75b8e19df64387a0a2e803a313a48c64576bf94a

SHA256
6fa80accfe04da56a6ae0cc9739a3695ea450d821d95d2b62da7649571c72339

SHA512
c0d4396857755e98b71afbeb1f509df84cc32af192fe9e0ea227bcdba9038320bafd383d06dd7b1c13ef71e449e04f8552cabcfe04dc3a464b623625f4fdd071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22877d7c1214aeaaca5f4fd1174ce9a5

SHA1
63790de45c87bf5f48967b5843ae27af15fe7b83

SHA256
c4f98f15188986f6be7cdd6f7dfb7091e57727c62a7d050dba3da6321b6f71d7

SHA512
e866b7fe3a54214fdbc9dfc9c42573345d4eaf7a96fa10958287244811c01ed98d4e15a47735135df36c9ab57ebc28291bfc303de11212b3972f92a3050763bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f64c0a320b14e8b7e21ce8aeaeb7abc0

SHA1
7cf60a755aec6dedf02c85af43eae6b12f49a103

SHA256
bb11a95e7026fe7527d7870999cf6d61329c204896b978aed9a36eb513c14366

SHA512
4c700ea171a7f0401a70d3e7b50ca2346793fdd2946a1910a5dd4fdf20b1cb909af7a288804465e5c18aa54f70fbd88dc6b93a85a21b790fed1715d2e950078e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8bfa5c22b8ed4fd73bffba9eed9e96e1

SHA1
605f2f02c722eaa1275f1e334d438c31e9dd599b

SHA256
cb54f3fa8706a8f613c31f97e496c4353ca467d3eaf8224c6c755e4db6b631b9

SHA512
eefd4cf3dcb645928d1259d519ef8d977436c81113e17cd50b978e30d0c05fc3b162347d1141e69750f9546dfa4d988cc313fe23b72574a14a3b80cc65b452fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31be6d3ac09c1d46886d49ae0c771b23

SHA1
ec65150e72d0272e4af7ac4ed2fa4165f64491b9

SHA256
e26592c38b7b5ca82a965550d973de0fc2f30024d17c95c736d11ff9469a11fe

SHA512
374a7bf1935a9510fa0c0af45ec1e487500c93c9abb7c3d62910179514740bc841997ec142b4a549d38933d7759992929e2995d1ff3652c0cfd5274da3f384a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2a24da1765a40c5b24057909fe905a76

SHA1
ff3e28b0aad7639951926fc8016788e8f0c942cf

SHA256
0ebf399eda8713db33bd88d9d9c13be2e186a418efe353a5092ecc04e027d655

SHA512
75beb83ed05b7542be56e8d241cb4976e1ba750e04085f3c32fa86916a671e010e1d26d86bc135212a6c39752d589053af9c5a925c40f482e5b9364b3246e26f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ddd725dbbfcfe72de8c1cc501a83eab4

SHA1
8e4667345796f3b382336a1e716b2ee67021b63c

SHA256
ebd9017fe016f57dc29de0fe7fd0e2c037d99671ec466c820e813c22b084b1d4

SHA512
a3c3c9ec2e71bd43967677ca89e0b43e147d0a7321b78d8c3d878fbe2384e9b9920257424a3e83ab5f8ac223ca2918f843ac532cf971910c842f604545b7f23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6c6778720ea9b9ebf2f6c13f3aa413c

SHA1
423015232367fd48e0f6a8c488296ead00f8dbc4

SHA256
b63980293bd59d7699f5ace41bff0b209f889c6b2361034c159ec914f67597ee

SHA512
c98ab0f4c26118030eae0456a61946a68ddd9af22691e55dfa80d0bd5a68acb87c563cc49ca1d0c13617469cc17afeac09e91b7a2e09826fca46f526d01f6a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9553908334a6e61cdebff4aef32bd2ee

SHA1
bc96a946bf94c222e8eb5c06a39d1e6244f37bec

SHA256
c21489f4d5a1832776920d70082ff7737e90cb90fe927d9965ad497cb69d0069

SHA512
971daf964efacc02dcceef20b764f072db39f2927ca94aca657fd00b5fe311ed70896d80134bdb31fb80018a703271b925909ff923e0a47c6c64648585ee45ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e7227900e63500004a823813428dc93

SHA1
e0d6f7dbc768d517eda4e5a9314eca448d7d55e7

SHA256
1ae35c9f67e251b99a1d3e3e0d960e4ca6d135f34930c57e0ff7aa97a1f74579

SHA512
ef2a82cb3f7de5bcd194f587b234536e2a86f982bab0b1a7ba021920e0ac17bc22bda74d71593a99a1aa61be5005eb6fd4c59ab6d017e93bafe6dd4115f24671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5e01b99b17f51b3fca816755ad3e841

SHA1
31c77d73a19f34829a34c27a8383645b09d016ac

SHA256
32c6352c201ef6e0d98c2ebe3ab7e9d8dda28380774785de50df29dc54491b97

SHA512
9f76badd1f92cce1fb1e68f751c1d24d0047586c3ab64ebbd1494c6779a0fe76d5188a9314577dc8ba5bccc3404fdf5e9dea675aa8c83e50f821139e2f1f2209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eb79.TMP

Filesize
1KB

MD5
884e5eb5b4e35aa83831ed22e766c224

SHA1
3f3b906a36a7e94690b0d1cd45e0f7a07d2ad1d4

SHA256
622c119fb9dbeb76d47b32f02beeb5107e53b58e50584a2cc87b78957c9eb752

SHA512
684741a9a6897cbdd7106a7317129fe7ff325bc782ce38f5245f661609a6748f3fcf2a99827195765e0322a37205a4ae42edd293d6ec08d07c2c2b77c7159361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e70e80e2-84ce-4c70-a3ec-4c72c4b42af6.tmp

Filesize
1KB

MD5
0d986ac4d1b77074d70b4c2a2ca18b8f

SHA1
cb0a8cfc5a7c849a60b113abfb4bc7b50abd8d5c

SHA256
c0c4396696c6b4cd5f668d1d37bcc954b65114d86c1f3220685b61d43b9871ea

SHA512
c1c4ad4860321b63804d61767145e5a1e36a54c65809ce7030c26ff2e57f96f01aab519a707110b143d3833a6387534b963172c1745a88a259de466921734cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bb08ad92b125964990aa5e87763ba422

SHA1
675a42833104fa897637f26b2688abbe75776146

SHA256
8925342d74cc39a047ff766d683535accc2eff4e4e3419d4c2565356aa934e52

SHA512
d8171d30bf46e5185aeda0e19e3125aef92dc00bc9039b897f0ae4237892035f2b7aba79395546361c3270b4da096fa80b4f0b03ddd716a9d5f7e49674f34938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0b6ac18eaf76a1464c33cc15e1dbaf88

SHA1
6a36108bbb5892d0223b297a56d159d9f956384c

SHA256
e53740b00615d69cd3ad418f1b72569d1ae0c1b38a7e45ee225458a41a421f7a

SHA512
95afb2d04202e75677fd50a26239452b624888492383d5c4dff0856c1d903b08d3ca8f285f414fef30346fbabb32e8a26f8285efbf67c007d2fd886fb9fb7a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5154240e5c01ad70df8c6b8169440c9e

SHA1
7a3c8f2a492558097f5a6591eaf7c4954d7621d5

SHA256
a71586a0b1b30ee2415c92c53ce50a30bd00e6e4eb2b4a20a5c50f1ffca33225

SHA512
a0cfa88bb1db0de936cae42eed79f1bab735ef691fa8fb19a37662d9ac7032074b57c61326a3b247228511b0bc647f25cb3bf1a65a98883063c9cdac9256eec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
88662ada52f040e32b4aae2fee8cd145

SHA1
a237954b72d17c2bce6c2ba16c9ecb10428ad65f

SHA256
f82b4a093c58103d32b658f758ab19d70b790b106628a2de6e1940fca283238a

SHA512
a1c4cf9260a13db51c019839af163967bf7440d425a287088d9b126fa6d4813a524680de89a9d88c72b13745e62defb9f62b7f3790ea7691730e3cd6cfa0e773

Download Submit
C:\Users\Admin\Downloads\DS HD VIDEO-20240805T134207Z-001\DS HD VIDEO\DeSmuME_X432R_x64.ini

Filesize
7KB

MD5
d7646435ff815b588e7a9e8e70ec0885

SHA1
4db2771ff66baa47fd06e641399142ab2b9306d2

SHA256
6dbacdf86bfc4fe5a7289a2614383b36fe5d55d2770eaac1b4c4df27c698f85d

SHA512
772df9fe45e81da365905e71ff207bb356ffbc5fd3b3bf997c0a952e6abaedd73c0f3cd70d25dd408c1d3aae26660beb9554a635847e14dd70436fa01f05e7d3

Download Submit
C:\Users\Admin\Downloads\DS HD VIDEO-20240805T134207Z-001\DS HD VIDEO\DeSmuME_X432R_x64.ini

Filesize
7KB

MD5
aac0ffdc5725fb1692e771892d134c14

SHA1
70319a99755d5544ce7c467c9d5f218eaa3fde68

SHA256
47f0b3ce6e9e6d8e40850005a3d66c4e2dd39c094b3175643d3cc51cbaaa810f

SHA512
d23a318c4f7931c1c9c8444bf40bcfa1d9a855bcdfadf6903acf0576c1c5a28c5a7793a994830d9500b4e30bae58b1cf08a98ae3807f70258207fb74e5befe46

Download Submit
C:\Users\Admin\Downloads\DS HD VIDEO-20240805T134207Z-001\DS HD VIDEO\DeSmuME_X432R_x86.ini

Filesize
80B

MD5
c47a1e12a4211f7c74df48163c7a27d5

SHA1
eae72fde5234ac2c6a49825ccc7858822716d60e

SHA256
618dbb5a7e94af4a78b7f02e7e086890978f19b3a9358ae044e9718e202a23e1

SHA512
8a0a88934afd2562407f9947e0a61fc2ce2ab0ea3a3169116543d0479650bf8e95179761ae1d4f0a63db8ef4424e2ee10bcdf141c037eec6875993ade28260bf

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit