Analysis Overview
Threat Level: Known bad
The file https://gofile.io/d/dh1exz was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Subvert Trust Controls: Mark-of-the-Web Bypass
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-30 13:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-30 13:36
Reported
2024-08-30 13:39
Platform
win11-20240802-en
Max time kernel
145s
Max time network
152s
Command Line
Signatures
Discord RAT
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\free-vbucks.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 241125.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\free-vbucks.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\free-vbucks.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/dh1exz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda48f3cb8,0x7ffda48f3cc8,0x7ffda48f3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\free-vbucks.exe
"C:\Users\Admin\Downloads\free-vbucks.exe"
C:\Users\Admin\Downloads\free-vbucks.exe
"C:\Users\Admin\Downloads\free-vbucks.exe"
C:\Users\Admin\Downloads\free-vbucks.exe
"C:\Users\Admin\Downloads\free-vbucks.exe"
C:\Users\Admin\Downloads\free-vbucks.exe
"C:\Users\Admin\Downloads\free-vbucks.exe"
C:\Users\Admin\Downloads\free-vbucks.exe
"C:\Users\Admin\Downloads\free-vbucks.exe"
C:\Users\Admin\Downloads\free-vbucks.exe
"C:\Users\Admin\Downloads\free-vbucks.exe"
C:\Users\Admin\Downloads\free-vbucks.exe
"C:\Users\Admin\Downloads\free-vbucks.exe"
C:\Users\Admin\Downloads\free-vbucks.exe
"C:\Users\Admin\Downloads\free-vbucks.exe"
C:\Users\Admin\Downloads\free-vbucks.exe
"C:\Users\Admin\Downloads\free-vbucks.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18375898341781544843,6528930467984892033,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4596 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 03a56f81ee69dd9727832df26709a1c9 |
| SHA1 | ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b |
| SHA256 | 65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53 |
| SHA512 | e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781 |
\??\pipe\LOCAL\crashpad_2944_BPVNZSZZUMJJXHMK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d30a5618854b9da7bcfc03aeb0a594c4 |
| SHA1 | 7f37105d7e5b1ecb270726915956c2271116eab7 |
| SHA256 | 3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8 |
| SHA512 | efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38d6897a3fa792185065a73c7d44e2d4 |
| SHA1 | 006324cced89ba4985e87de6109303bd0baf99bb |
| SHA256 | a2d2ae125c3b43068831a2e3d46bc59cea58cd99c80afa18ae09d6a1a00521be |
| SHA512 | 1cf157bd0a1f1c04fc987dd67d87f79fbd66de78ae91c64ec7e7e876a6811adc5ab6a5ed960fe5a8e5244f20b1aa40439349ac7a53fe4dc6580e40d11746fe2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ec905dfcdd935965779c1e81db236350 |
| SHA1 | f01c9f9334a0b9e268b2c0e52ee6455eb487f6e2 |
| SHA256 | 093ff111b302d2b325fa966ec507d7b9fa287fe35b45ba3b438df17c42ffeb3b |
| SHA512 | 20f9cd59c2f7da5e2bb7785f38356f747666cdb6f1600e1dcceab14a42176e46708db033ce20b256161c8da083a71937e177ae23eac232383ed004743e5a30e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ec105d5619311ef88b93f5f23fe2642 |
| SHA1 | 780fc575483feab55db011e654fad6ebc477e672 |
| SHA256 | 904e2b1d156a6342c76f464f1707e0f20d24bf7e409804053a7f8706e330199c |
| SHA512 | 78362582f836c43c1583b0d809b2fd8dd034882821ee948caaefb69402db8f3bab79335414b04a5cfd3404034cca79a56ff0ee0f0645cf8ee3057b19e9d0f5a4 |
C:\Users\Admin\Downloads\Unconfirmed 241125.crdownload
| MD5 | 45a296c3a40a6ed1decc8a7b15ddf12a |
| SHA1 | 20c177c6fff8c27c26b02f4417f8ca50e2397970 |
| SHA256 | 518e0c07ac16d9f4dc42f8d16173b005026b1f2e36d10645d7eae76d2483500f |
| SHA512 | 1ad1d0614509feea8fa70dd27881876fa8a362739a6ccb2521723587159e88eb5eb87fb997db5b6e71a5ba970c031efec692204175c6df9a364995462a8a7d71 |
C:\Users\Admin\Downloads\free-vbucks.exe:Zone.Identifier
| MD5 | 652804d6ba7c90e2280bf39fbd26051e |
| SHA1 | d99cdf43de8a048d39d65da477e437f1c2e01cd5 |
| SHA256 | 6753b0b25afb3a29302077e4abfc4d5b525a708a17ef6528848e43fef85c354c |
| SHA512 | aee47da3625b06b804d6802099c23878bebae5f9b16c1f7c746d3b4807913f2519da0a34496ac7bc9a76ecb64a11dff2ee79a10069d85d3a1d565a7a851a6e09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 59f9bd01b952f61471daafb5f4e9c793 |
| SHA1 | 54d7bd754a83629e723e4bc55f84b31a6e84e5cd |
| SHA256 | 7e92b40ca9ca42a5f474ca8b7c2a4e93a3a3f817eb5845a05e706874a880a771 |
| SHA512 | 60a5992424ffe8a23bcdb13381c13b757850508a9b8a0542934289167e5e3926b1eaffe32a87b83d66e5e9e8d61a324c6f54dfcb7cf42a10483a1bda9188150d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | efc929f3d1e8095b148c08a52af440dc |
| SHA1 | b65004e1fbcf140fc8494fc88b79772340ef239e |
| SHA256 | f74b1527e219267b689a805d42d28d1b4ed8d43dc8757003484b1a6c7a673064 |
| SHA512 | 4cfb39038d5c8696a1c427135376e4da15251475c14833a881cbb7bf5bcdb21dfb4bcef6a128010271ffac72b1d7c7c6d7db20b4e97946a63e240298b5261bf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ec7182ad9c11fa91885c1afffd844a4 |
| SHA1 | e209e2a8818a505ee212cd9ada3a55d039839ed6 |
| SHA256 | 9dd7c2905fa496dd7244989c61b310c72d805152cfac6a333c8c2a725be9ca09 |
| SHA512 | 3fa77b487e54dea19b21a82d9ca063ea7455b46c676bf816db074b59ec4bdea6dd86382e01825d4f80c47790596b6ca75467709c3cc32ffa218203e6ff17f93d |
memory/3548-150-0x000001E9766C0000-0x000001E9766D8000-memory.dmp
memory/3548-151-0x000001E978EE0000-0x000001E9790A2000-memory.dmp
memory/3548-152-0x000001E9795E0000-0x000001E979B08000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 045c02cb18c60815439bfa6c2c855e93 |
| SHA1 | 289688cae5bb143eb2b4be02190ddb887130f60b |
| SHA256 | 458ad91fb088ec06d629ab1db73e2994109192374a6b8b4cbdfab1851550e169 |
| SHA512 | 8ce7c892ae3e2b1e0edada8a2b96d6f1e93c73697f2aa1dfae37cda5f6a8c1c9dc47f706f76c44dae398ab0b38d009f85c4845a46a55a962066fc2e104ee22b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a0eb2ea9f256535ddde6c960e96f8872 |
| SHA1 | e6f13449ffce0834281c80d688c3ee873c86f8b7 |
| SHA256 | 296abe3c4bb1cd799453d0780b3f995ca271f6e5a10d7531607e2f78acfcf997 |
| SHA512 | 9333690f5d8c446266bb52bcbaffce2334656a55f8424726944162a0f123808cc2ad185e094b9c32122ef762663366b77128579468c2d4e26d68147b109d75ca |