hxxps://www[.]capcut[.]com/capcut_pc_web/fission_receive?code=7ykO4a58895609&lng=en

Resubmissions

21-08-2024 23:45

240821-3rsr6s1brq 8

21-08-2024 23:41

240821-3pwfaaxane 8

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.capcut.com/capcut_pc_web/fission_receive?code=7ykO4a58895609&lng=en

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
5576	capcut_capcutpc_invitefission_1.2.4_installer.exe
5768	capcut_capcutpc_invitefission_1.2.4_installer.exe
1860	app_package_245f698fc8.exe

Loads dropped DLL 7 IoCs

pid	Process
5576	capcut_capcutpc_invitefission_1.2.4_installer.exe
5576	capcut_capcutpc_invitefission_1.2.4_installer.exe
5576	capcut_capcutpc_invitefission_1.2.4_installer.exe
5576	capcut_capcutpc_invitefission_1.2.4_installer.exe
5768	capcut_capcutpc_invitefission_1.2.4_installer.exe
5576	capcut_capcutpc_invitefission_1.2.4_installer.exe
1860	app_package_245f698fc8.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	capcut_capcutpc_invitefission_1.2.4_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	app_package_245f698fc8.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	capcut_capcutpc_invitefission_1.2.4_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 833082.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
3852	msedge.exe
3852	msedge.exe
756	identity_helper.exe
756	identity_helper.exe
5456	msedge.exe
5456	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1860	app_package_245f698fc8.exe
1860	app_package_245f698fc8.exe
1860	app_package_245f698fc8.exe
1860	app_package_245f698fc8.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	5996	WMIC.exe
Token: SeSecurityPrivilege	5996	WMIC.exe
Token: SeTakeOwnershipPrivilege	5996	WMIC.exe
Token: SeLoadDriverPrivilege	5996	WMIC.exe
Token: SeSystemProfilePrivilege	5996	WMIC.exe
Token: SeSystemtimePrivilege	5996	WMIC.exe
Token: SeProfSingleProcessPrivilege	5996	WMIC.exe
Token: SeIncBasePriorityPrivilege	5996	WMIC.exe
Token: SeCreatePagefilePrivilege	5996	WMIC.exe
Token: SeBackupPrivilege	5996	WMIC.exe
Token: SeRestorePrivilege	5996	WMIC.exe
Token: SeShutdownPrivilege	5996	WMIC.exe
Token: SeDebugPrivilege	5996	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5996	WMIC.exe
Token: SeRemoteShutdownPrivilege	5996	WMIC.exe
Token: SeUndockPrivilege	5996	WMIC.exe
Token: SeManageVolumePrivilege	5996	WMIC.exe
Token: 33	5996	WMIC.exe
Token: 34	5996	WMIC.exe
Token: 35	5996	WMIC.exe
Token: 36	5996	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5996	WMIC.exe
Token: SeSecurityPrivilege	5996	WMIC.exe
Token: SeTakeOwnershipPrivilege	5996	WMIC.exe
Token: SeLoadDriverPrivilege	5996	WMIC.exe
Token: SeSystemProfilePrivilege	5996	WMIC.exe
Token: SeSystemtimePrivilege	5996	WMIC.exe
Token: SeProfSingleProcessPrivilege	5996	WMIC.exe
Token: SeIncBasePriorityPrivilege	5996	WMIC.exe
Token: SeCreatePagefilePrivilege	5996	WMIC.exe
Token: SeBackupPrivilege	5996	WMIC.exe
Token: SeRestorePrivilege	5996	WMIC.exe
Token: SeShutdownPrivilege	5996	WMIC.exe
Token: SeDebugPrivilege	5996	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5996	WMIC.exe
Token: SeRemoteShutdownPrivilege	5996	WMIC.exe
Token: SeUndockPrivilege	5996	WMIC.exe
Token: SeManageVolumePrivilege	5996	WMIC.exe
Token: 33	5996	WMIC.exe
Token: 34	5996	WMIC.exe
Token: 35	5996	WMIC.exe
Token: 36	5996	WMIC.exe
Token: SeIncreaseQuotaPrivilege	6080	WMIC.exe
Token: SeSecurityPrivilege	6080	WMIC.exe
Token: SeTakeOwnershipPrivilege	6080	WMIC.exe
Token: SeLoadDriverPrivilege	6080	WMIC.exe
Token: SeSystemProfilePrivilege	6080	WMIC.exe
Token: SeSystemtimePrivilege	6080	WMIC.exe
Token: SeProfSingleProcessPrivilege	6080	WMIC.exe
Token: SeIncBasePriorityPrivilege	6080	WMIC.exe
Token: SeCreatePagefilePrivilege	6080	WMIC.exe
Token: SeBackupPrivilege	6080	WMIC.exe
Token: SeRestorePrivilege	6080	WMIC.exe
Token: SeShutdownPrivilege	6080	WMIC.exe
Token: SeDebugPrivilege	6080	WMIC.exe
Token: SeSystemEnvironmentPrivilege	6080	WMIC.exe
Token: SeRemoteShutdownPrivilege	6080	WMIC.exe
Token: SeUndockPrivilege	6080	WMIC.exe
Token: SeManageVolumePrivilege	6080	WMIC.exe
Token: 33	6080	WMIC.exe
Token: 34	6080	WMIC.exe
Token: 35	6080	WMIC.exe
Token: 36	6080	WMIC.exe
Token: SeIncreaseQuotaPrivilege	6080	WMIC.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5576	capcut_capcutpc_invitefission_1.2.4_installer.exe
5768	capcut_capcutpc_invitefission_1.2.4_installer.exe
1860	app_package_245f698fc8.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 4876	3852	msedge.exe	84
PID 3852 wrote to memory of 4876	3852	msedge.exe	84
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 2296	3852	msedge.exe	85
PID 3852 wrote to memory of 540	3852	msedge.exe	86
PID 3852 wrote to memory of 540	3852	msedge.exe	86
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87
PID 3852 wrote to memory of 1040	3852	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.capcut.com/capcut_pc_web/fission_receive?code=7ykO4a58895609&lng=en
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9687b46f8,0x7ff9687b4708,0x7ff9687b4718
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5456
- C:\Users\Admin\Downloads\capcut_capcutpc_invitefission_1.2.4_installer.exe
  "C:\Users\Admin\Downloads\capcut_capcutpc_invitefission_1.2.4_installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5576
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\System32\cmd.exe /c wmic csproduct get Name,UUID /value
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5944
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic csproduct get Name,UUID /value
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:5996
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\System32\cmd.exe /c wmic os get SerialNumber,Caption,BuildNumber,Version /value
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6036
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic os get SerialNumber,Caption,BuildNumber,Version /value
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:6080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\System32\cmd.exe /c wmic path Win32_VideoController get CurrentVerticalResolution,CurrentHorizontalResolution /value
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6124
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic path Win32_VideoController get CurrentVerticalResolution,CurrentHorizontalResolution /value
      4⤵
      System Location Discovery: System Language Discovery
      PID:5148
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\System32\cmd.exe /c wmic nicconfig get DefaultIPGateway,macaddress
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4952
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic nicconfig get DefaultIPGateway,macaddress
      4⤵
      System Location Discovery: System Language Discovery
      PID:3876
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\System32\cmd.exe /c wmic diskdrive get SerialNumber /value
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4108
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic diskdrive get SerialNumber /value
      4⤵
      System Location Discovery: System Language Discovery
      PID:1176
- - C:\Users\Admin\AppData\Local\app_shell_cache_359289\app_package_245f698fc8.exe
    "C:\Users\Admin\AppData\Local\app_shell_cache_359289\app_package_245f698fc8.exe" /s /create_desktop=1 /install_path="C:\Users\Admin\AppData\Local\CapCut"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1860
- C:\Users\Admin\Downloads\capcut_capcutpc_invitefission_1.2.4_installer.exe
  "C:\Users\Admin\Downloads\capcut_capcutpc_invitefission_1.2.4_installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1453864276142768171,7508749507349145984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\QtQuick\Window\quickwindow.qmltypes

Filesize
215B

MD5
2006d4b7d0da455aa4c7414653c0018a

SHA1
6685b8360b97799aa4d6b18789bf84a343e9e891

SHA256
a96c7bf5832767bdc9d91e2290a3920aec3abfbf2e3814bce38b49483f16f84a

SHA512
703804e6fab0cf44317b7292c547a1348e2e7395e4b71367c32c3b097bcfb3344d3296179bf4ba33a4c752ae58a3873af57d8cdef35a34564205356bb4e6fd84

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\highlight\amazingfeature\scene.config

Filesize
284B

MD5
77e51012d23d27cd7dfb762fb2f22366

SHA1
faa1a6848a92f2eba5c6094659efee0eaf289e49

SHA256
5b405fa29439f5853937c9714c794f10a01ed033f81866ba52f7f8ea5312b41e

SHA512
efa87d35d3b2360809f5de98b7d681c3cdbee6144c1065e7144d098b56126f794b83a7aa692325d532271e7016556d1c9ac2f9eaf2fb480314bbedb951bda2d3

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\saturation\amazingfeature\Transform.lua

Filesize
743B

MD5
55f8219de11fd1bab55e136d97f34add

SHA1
d728bdc21b7c73165f7c767300c004afd02958e3

SHA256
f5ae7d270c41dc064723acb52c96339337d142f327ed98591ebb52c9518a2a78

SHA512
5ec44128343bc3cf4b0dffb318ec46e906e247ed4cb9a6839bb514f753b14fcda61070271b81538a9a67605641719119bdc2ad0d33eca614ee732eccdeccbf6c

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\saturation\amazingfeature\main.scene

Filesize
1KB

MD5
3717cb9f906065bafdf220f9db92858d

SHA1
b16293702cb36fec8f20befa221ae22e00196911

SHA256
b97663892b4a96ac2b5888965086c8e6e037e962a76f38529f8471d8b4e7dbad

SHA512
e576fdd14c25fe5a32c688e39885fb177b79f4fd7e25d466fee33a0f5879e4727d033080d340c26850248f8549d34d39db190070f44ff017be2d2f5ed8278044

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\saturation\amazingfeature\sticker.config

Filesize
243B

MD5
a6370133cd32ad029749c4c30bdb80c6

SHA1
4ae8d816fb891657589f35f1bddd617e721ac379

SHA256
6f8d212c18569ba0e1c3b1bc89c8c4b2a16377d94cc26d1d78df1bb920efe379

SHA512
b410873382913c3a16a64390b1bd12978c639568c4cac1efbbcecbdd0852926991a9fd00aac60bdc94a489531c656f59b64559976a88c67bf35ddaffa0a9861d

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\saturation\amazingfeature\xshader\gles2_filter.vert

Filesize
215B

MD5
a1e49a5f219476c5377ad0cd33c5c326

SHA1
13029ff75a9d8796bb52a40f8126fed9d6e57dce

SHA256
ff67b00d9d13e6ab219c94e61e36ad43f1e025d4e3f540f14a6ff26b1b7e8dbf

SHA512
7d48ddb5b56b80204be4103d4ac3014cd2f9ed7212f8055a3d3792fd8b06715f8a489401d936c829e1ae53780af4abe0b4e838ee85d052c5019b6e6e29789a1e

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\shadow_highlight_v2_gles2\AmazingFeature\xshader\guideFilter.vert

Filesize
245B

MD5
8b24bd873c1a8b3ad502e3f4a2ec2e96

SHA1
c8b663f74c81aa71edb346b15dea3563ea370026

SHA256
fb3e9e7a966147cc5cb48b1a087931bfbdea744a0d0e0def0f07070ba48a73cc

SHA512
58b485ac1a1e72951ddfea8cfe794ee2db5e55c128f9b398989ac15d9610adfea879c3bb3ea1eb3ac0b29ed1b4892cec70d68761a1711d30124ca7a391f29b44

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\sharpen_v1\AmazingFeature\prefabs\sharp\fshader.vert

Filesize
171B

MD5
c90a03b7ece36748ed019572f6a5a1ec

SHA1
4d10c9cad45707369777d69d94aa05546990ff34

SHA256
eaf495d1de3a920ca4f87e5bfe868a822d1ac05ae9f8d10651d60a382ecdd1b7

SHA512
8d68782086ee3839855c725e206c5f845179a06026df5acf10b77f9ea06bb9b11cb2768c6ccc3c06c030de5122a9f9bb9025952b24ecc9c03c03c52b110d360e

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\temperature_tone_v3\AmazingFeature\sticker.config

Filesize
276B

MD5
02b91a98d687f65158c5d30123166da6

SHA1
a9e91db1e43f923942cb58cd242af527a5d9b158

SHA256
c3de42b569951c70e76d4adb756b424c0ddaeaea6c1a0b61bf1935b7b7b1ee66

SHA512
fe9f10abf7275af089e4cfa8e7a9c83b8b0a2f2763d481f25cb746f5122dedb4250f4a3fe3c0aa4b361e6194233cf31c2e8045baff108489daf4c2e3def04d10

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\tone_v1\amazingfeature\sticker.config

Filesize
258B

MD5
6238b4cd638d16c1136c78c3d84b61ea

SHA1
03683ded62e4e602b25bdb6ee445dfe760e22b6c

SHA256
9c9ba3ebe0c06582ce05df7831d4754061d2ed7c7e3ad6acaaaa563f7bbf7d2f

SHA512
6339227384501243997f6f93d8da38ea673c86e6b39de2e2f8c8f46e1e388fc3d4ab4d916246bebb4238524af6d8323a86cb139467849148291551cd63514d1c

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\tone_v1\amazingfeature\xshader\gles2_filter.vert

Filesize
204B

MD5
95b57e27cb10a24e4acf91f3f00f0cc8

SHA1
62c259c7c1050e9de45ee3105983814dcd11f95d

SHA256
add8f8c4c8e970dcdbe6ca1ab7180f7124cafc4e5dd909d8b0d7cf1734b3409e

SHA512
a7ed5a37e5216b44f1a4451ffc2dafef2463ccbd8153a9d393d2b09da3dcd812e3cdec4975782c9484388698057c1994ef48b9371d26b83f56288a87acbe4b1c

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\vignetting\amazingfeature\Transform.lua

Filesize
716B

MD5
99b4753a045f720a4c6a1bcb875bd72c

SHA1
4afc8b19876ead7a7ad903f13521c2b443de1496

SHA256
4e4b7c19259ebab2fbe29d179122a20584b783f12632bfc2d214d82e522c303b

SHA512
15a857fa869f37dd777f261821947bbc27214d5993a6a7431fdecd88468cdd81c59a876534c0459c46f33cd7a6b03aa827160014ae729f16fbde19dfce3afb73

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\vignetting_v1\AmazingFeature\LuaRTTI.MarkGen.lua

Filesize
222B

MD5
5dac156aac6bffd08cb0f8c1637f5e5c

SHA1
40e6585e5de8648725243517781e4d3330caffcb

SHA256
cf4f8b5ff1a50eff88236aba7f9bb48e696d337b779d98e911d00f6876800503

SHA512
0999fd224c54882d28aa8067e20ee7877b509591901f801d400b613a4fd95af5948d6c512b01d1f7b3aad2203a80f8a3adfec1dd03b6dd3329de87e8583145a3

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\DefaultAdjustBundle\vignetting_v1\AmazingFeature\js-meta.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\LogWheel\log_wheel_v1\Wheel\scene.config

Filesize
363B

MD5
8d61b3b6f3944a129228b01ab04a3a86

SHA1
dd2a509da1175dd99095748b029c3b868d6f67c7

SHA256
468a132a03b8569130faf2c5d8e0f05f3f7602a336b0510534026c11a73ab460

SHA512
abd1ac6afff2b3ea5e8e454d4aa86dab711d8686ebaacfe66b141ec25755abc512b6252f8c786eff44ffc49f8483942a6c66c703bb2602f6f9b1a576b66f121f

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\MixMode\840ca85a1a33e6fc3ea78bbdb2db8f60\anim.prefab

Filesize
477B

MD5
9eaa91c4a6c3d873483059d0a1a76ab5

SHA1
b100bd90dc01b7409963a0b4e9ea3c19ce475140

SHA256
e9d87f8022efa9374e74d61c310d8bc11a98925b8d2e771ab75e1b865164c02e

SHA512
a656a600c2aede10ed708f7fcfcde22b59b06aef2034b5715dc6c60c12fee3e1fea2a964c21e91fe1c0956c160472b62e4ef67bcf992b750b8ba3e651721ed83

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\MixMode\840ca85a1a33e6fc3ea78bbdb2db8f60\blend.material

Filesize
552B

MD5
7cdae2b4822bcd006e9d2ffce3e84453

SHA1
720111dacf341b7ce908bd282058169a62239154

SHA256
e8986f58f72446435468272d8d4e7c95a4fce58b3ad4838ed634b999196d3736

SHA512
0ae64df166e18d7770a28c317565d5238b578202cb6c7bd2c9db55e185a61f79ae03f0530955f748dc387889c73f01479e23f7d21cb3dcbe44f2107905131a91

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\MixMode\840ca85a1a33e6fc3ea78bbdb2db8f60\config.json

Filesize
64B

MD5
c1b0a3e521b261389e09efaf5f6fa2d9

SHA1
976b181838ba45780eb4b2f9b629a1f7d1cf763d

SHA256
07232ba6befad39df9079b18e7c66235a11b2b375626c80cabd0b46f9b7d948f

SHA512
57d70636ebcbb3c0521da860d4cbbe9516a91e1b7b529e7e12781aa534c8c3a7c2d8f31c8c5fabb0acfbd6c81eedc292b3cbb8d0f01d306f12c249417a205a94

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\MixMode\840ca85a1a33e6fc3ea78bbdb2db8f60\content.json

Filesize
65B

MD5
77af16e6914627f13e1ffb90509cace4

SHA1
329bafa669c548a0b9cc2ed266de24b0ec8608df

SHA256
424c068d0f0e848d3b8f25ec1a55f1086df3c87ad95eca13fe6b265c46400fc0

SHA512
4e96216696d5f8e43fbb5ba951dfeb5e32ad1d48fe0737c3725c5c4d4f2531bba18afa1b82d694f2a0029a1a0f37dd24236eaac8ba0d296b6e0fddd70ec60790

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\MixMode\840ca85a1a33e6fc3ea78bbdb2db8f60\xshader\blend.vert

Filesize
283B

MD5
e3f125658d61f243d3b7b2ac1ed189c8

SHA1
cff0ff4f418c4bb98d0349f0872ca55e8b3ef384

SHA256
2719896bc6ff9ed2ff5532a937ac685668479e4bcd19ef11ed708cdbf52c2fd5

SHA512
f224b7828c9bd272114a9a75d73858bd36ecfefd042c2d8adcd07216a781f7eb57d5ea019e0107c974cad483b8930814cc8e9c23966491a468ab207612e4bfe3

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\MixMode\840ca85a1a33e6fc3ea78bbdb2db8f60\xshader\blend.xshader

Filesize
726B

MD5
5e0a7ae043616ffe49e0ca2dce2d6827

SHA1
c95e3ef200a811775c4b0c7517a1603f41a9605f

SHA256
a1a1915919f200668689f83694e4fb7b6bba2e3ff6cc2bacc7b84d36b7c48fc0

SHA512
547ed7454ac05a68de5458ab998daf2fe167bbe18c3aea00499b9209aa3adea489688359a3ac688e39250b4abe99cee79657a98eaa1ef4eed7d201619020584e

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\PrimaryWheel\primary_wheel_v0\algorithmConfig.json

Filesize
382B

MD5
2742644266425cbe36e1517602961e99

SHA1
9ac55196393e328a65f4cf6e5872822060f9ce5e

SHA256
28251cedc501cb7285fe4c06af3714af3ec068834cc15c1ddcd913f91572ace0

SHA512
e308c625a22b625631f81cfa4c9fc20e92efd082c5a6a0dc0aaf58b3b4924c21e40fe1da2faa0506e06f8c3e1bd4411b972dae5470b5424f77554ea48003f56c

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\PrimaryWheel\primary_wheel_v1\Wheel\sticker.config

Filesize
276B

MD5
ceeafc08b27c8bf1264a372e6572b243

SHA1
a2b1c88dab2b2fa57adc0ce4863edf269654dc70

SHA256
8695d8d1cd532f86c340a46ff20f6c96f25f842d6c6f2d3c67b29e3c8d706fb0

SHA512
e14ded5b310ffcf969f94f3248e7f95f1a078616a05b90f47918581bbc983951c54e8d6d61538817a2d9e5ed868bf53e9623c0a19586ea8cebfbfdb6f81d29c9

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\image_h5_material_publish\static\css\publish-video.efdeb61f.css

Filesize
10KB

MD5
348a4ed657cc7bb4484bf829f633bfc8

SHA1
5f5f0e3004ada5cb7456c4816e37e1b8573f9e8e

SHA256
f8a1929af639b5381308c1bbef8f76bc1b77132b56f4bca6b1bf7d5cbdfaeaf5

SHA512
e4e05331b72a3e975ca5cf880fd024d64f5df8c9015adca1f4d0c00846b0cf6a9b984060ec7cf7906c5767dc6af4444c06f207f417c09805c76aee3d175f4fdb

Download Submit
C:\Users\Admin\AppData\Local\CapCut\Apps\2024821234739879_1\JYPacket\3.3.0.1161\Resources\image_h5_material_publish\static\js\publish-video.b44e3ef4.js

Filesize
39KB

MD5
e62694090b717e30db3c52fb009fcb9f

SHA1
34248e23e125d1bce1569ec9c589a9742b0ebb3d

SHA256
08488558209a47221955af71831367b2ce99a80bdc4d63c839ad17775fb35b3f

SHA512
44f2fc964c2644c873febf1eabf95dfe50d3403950d7b3954b2d015db9811d5daf45ab11a92038a781fa9a9b85573954099966e49fc05c049d508e4e2955ab65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
963c0226bb358b28f9ce28f93c733991

SHA1
a552e32438fd8995ab2d8e0fd415a96b976f7116

SHA256
8bd41fa58dc9f1681d9c9a88345696c3adc25716dd071f40689e9f8668eeccd9

SHA512
54b2681025496d53f241748a8de9844d39151cf8c207c13fc6c4d707e2a17501697283b69a359e5c58eeea05646ff4463b3ba34f617920a2fd15dfae30c168dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
602B

MD5
bfb3f54dd1f0ce6ab58a0f9132e680c2

SHA1
30a733a75f7e79d079ee4acfc58be6a76b4169c2

SHA256
7cb2391497fd690ef6b19bb99dbd1a6b7c9aae76c177ebebf9b6f0dfa2410518

SHA512
f98e1b9cf82dcb1dfd3febf6e48b3c43425418144f62944d3d3b8a2734ef18e3615da1934ebfc7d61626abadcbfda223dce58bac46deb8058c19371e140e22cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
333d0e20d7651e8f1b6db2f4170f1200

SHA1
37acffe0c7650e60a84e5ccd2b0559c18ec8ba3d

SHA256
420afa5453ec3c0cc235de205bf5fac17e27307d303c7c8b9edf0f7e5260c7e7

SHA512
57a863b16062d8e7b800daf4face1cc344206e791c2508ce81ab2f2c47ab8820d67cac0197c0a7a528a54a8ebf7bc88b2a9985cdf558e8a79eeea6dc25fae8e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc27a93fc1fa4821ad3a43768308009f

SHA1
b056e9d94a18321eb080f14db27d03b3144ae8e6

SHA256
11858eaa8eb5f4d3a93471dde4a8a3c8cc5fa85fa548121d57f58d53bcb5dbfa

SHA512
d55ae469c40e12dc67ae79ac93a86fbe3f2aa556210ce52a89405bc3aa14ceac8668233f77aa5419998ec7345816ab16354f29520da605f60151eef05c429247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58b7eeab1b23f77498d9356430fc45cc

SHA1
dfbf826d3fbef196e28ad6da9783a4a836bece4b

SHA256
15d8601ad0deea43c8743d8665ddb7cd8b3a0d82d889f237cce8ca4cc3655a85

SHA512
71825d4ad7cada995c4cd5ddc96d3889f379d8cdd8d5756ba6539f786392f3e1ee31008160b3b22e521e5b86362d3915ac3c2f1751400caa17d7e649e37aaac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e725f6c0056fbdfb6a620405519311dc

SHA1
f05e798de058fc0c0dd7e3530166b5da84085757

SHA256
bd5877c10c18b0e60b20c5c05c136543985ab60232568a52abfe3513cf19d9ec

SHA512
f0f7e9fcf3933652593b820f1a379609809b7c30064eac58037c3064a267131c1d92d9c84b3279fb932b05abfddc3c39694db73510a17fe1de85cdd0ae5baea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
afc691cc0c0425e9822540bb254fae99

SHA1
e27c9702e141c06cce959875c164aadedb74cab6

SHA256
f25d8081412125139b67d011f6b39f69e396af7224ee7a8252299dbb582cb04c

SHA512
94c507ec58d645e1cdda0970d801fa4048570586a69f4c6f247c1fed91336c57dc69171aa1c92adad852b5d6107521bf6ecda8ecef4d61f17dba3294875b794f

Download Submit
C:\Users\Admin\AppData\Local\Temp\E9DDA433-AA83-40F3-BEA5-93BAD32DD698\7zip.dll

Filesize
751KB

MD5
2d97c2e0353cb0c63212ecacd326bb17

SHA1
53ac7d8a0f19314158a2e74f3d6f0d17103c1d37

SHA256
fe604c8747171a85f883b08fcaf32a64d59ff7c7ed89e862ad252d366ab66368

SHA512
392fce704b17aa367c6c8a09ccdf7505242aaed552a1772e14b828754d01ea3d1e7eef8936067fb87c7dec645783e80ace16aba8e342501ab09964d0363eefff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc9FF.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc9FF.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc9FF.tmp\deviceregister_shared.dll

Filesize
226KB

MD5
8baaaeacb97679fb495e1c4f902f0a68

SHA1
29185b00e4c56ff8cc22de64c1407809d60348f1

SHA256
7c2a74c4be8d524a121e78e763c05c7b5cb58b524119ac8897c493e717a1d42a

SHA512
49f864332165c0229f0588fa1fd56fdc04bb005be1b61a9367fac5f45c32783e2e633c8acb64c3a921d41d9b79ceb3315813aa409a8f725cc7193958bf4bb8e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc9FF.tmp\downloader_nsis_plugin.dll

Filesize
1.2MB

MD5
14930a06cbfb26d5ffffd354fa12d5f8

SHA1
1de289bab03eaad965e419d657c3531a3738c558

SHA256
3ef7a13886328dafba1c49ec096da122e63839ac6965bf4f3d4dcce3a35ccc6d

SHA512
385268602f050c060795312c9cb86e979030a21b8cecc20303b346bbc0800a468a84a291224592d9b0e43458e579660b8062f6b9cba3b2e79aab5015d1dcc67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc9FF.tmp\shell_downloader.dll

Filesize
2.2MB

MD5
30c4aa9356d60d2039ed6bfb7850c4c1

SHA1
ef23c32dab6ed871527151932bbfe8b917d507af

SHA256
0c4abb66d9a69c80cfaa0eb3c988d4dc40d989843a87e95ed3cc6e75dae31559

SHA512
f425c9fcefd2ed55160d173b8e441f7867307fd006b0f01a655120ba150d87568ddc6266d36163267ce508df8147a97c16982093808c766051ca1e02ba9cc62b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 833082.crdownload

Filesize
2.2MB

MD5
cafd508f953e2d28acf9b49e80bf2fc6

SHA1
0c739749978ef0b6077261e511ab10e9211f2c71

SHA256
aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142

SHA512
3ff026e849378691da40d406ce806c438c8a4f015217731bd132bfccdb58c4832306a3f92aa752af6d3ca71e2425f161155d767e56d23c15f0634424080caab3

Download Submit