Analysis

  • max time kernel
    62s
  • max time network
    64s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/05/2025, 11:01

General

  • Target

    https://github.com/NebulaExplorer1/Discord-Token-Joiner

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1364510583419965530/DgB3uiidc5xSb85ebblakrcNqhIf6IBOQ5toLGbjTtdBz99vyyD5Slh7dc7CVahfXqJT

Signatures

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

  • Mercurialgrabber family
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 2 IoCs
  • Looks for VMWare Tools registry key 2 TTPs 2 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 4 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks SCSI registry key(s) 3 TTPs 2 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 11 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NebulaExplorer1/Discord-Token-Joiner
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5208
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x348,0x7ff8630ff208,0x7ff8630ff214,0x7ff8630ff220
      2⤵
        PID:5648
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:11
        2⤵
          PID:4896
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
          2⤵
            PID:4320
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1984,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:13
            2⤵
              PID:4272
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
              2⤵
                PID:588
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3456,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
                2⤵
                  PID:3052
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4672,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:14
                  2⤵
                    PID:3824
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:14
                    2⤵
                      PID:6092
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:14
                      2⤵
                        PID:4504
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                          cookie_exporter.exe --cookie-json=1140
                          3⤵
                            PID:2168
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5920,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:14
                          2⤵
                            PID:1388
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:14
                            2⤵
                              PID:2528
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:14
                              2⤵
                                PID:1088
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6164,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:1
                                2⤵
                                  PID:2412
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:14
                                  2⤵
                                    PID:5768
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6500,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:14
                                    2⤵
                                    • NTFS ADS
                                    PID:1728
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6736,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:1
                                    2⤵
                                      PID:5320
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6896,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:14
                                      2⤵
                                        PID:5212
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6508,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:1
                                        2⤵
                                          PID:2172
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7320,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=7328 /prefetch:1
                                          2⤵
                                            PID:812
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7488,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=7188 /prefetch:14
                                            2⤵
                                              PID:2176
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7140,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=7284 /prefetch:14
                                              2⤵
                                                PID:356
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7192,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:14
                                                2⤵
                                                  PID:4084
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6184,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1
                                                  2⤵
                                                    PID:4696
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6596,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:14
                                                    2⤵
                                                      PID:3728
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                    1⤵
                                                      PID:796
                                                    • C:\Windows\system32\cmd.exe
                                                      C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                      1⤵
                                                        PID:4992
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                          2⤵
                                                            PID:768
                                                        • C:\Windows\System32\rundll32.exe
                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                          1⤵
                                                            PID:4000
                                                          • C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe
                                                            "C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe"
                                                            1⤵
                                                            • Looks for VirtualBox Guest Additions in registry
                                                            • Looks for VMWare Tools registry key
                                                            • Checks BIOS information in registry
                                                            • Maps connected drives based on registry
                                                            • Checks SCSI registry key(s)
                                                            • Enumerates system info in registry
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:6104
                                                          • C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe
                                                            "C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe"
                                                            1⤵
                                                            • Looks for VirtualBox Guest Additions in registry
                                                            • Looks for VMWare Tools registry key
                                                            • Checks BIOS information in registry
                                                            • Maps connected drives based on registry
                                                            • Checks SCSI registry key(s)
                                                            • Enumerates system info in registry
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:3436

                                                          Network

                                                                MITRE ATT&CK Enterprise v16

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                  Filesize

                                                                  280B

                                                                  MD5

                                                                  abed9e3e2618edc08b0b4a9bf347482b

                                                                  SHA1

                                                                  4b8e21f266a1b3861e89185599ab6b265e0c308b

                                                                  SHA256

                                                                  c1db9209bc374a2f86cd95b7346b358838349df213bbf2e5a06533baaa399d8b

                                                                  SHA512

                                                                  11ac46f03cb60b91cc665ca07d95cef83b62e58ef3e2c0e57aad330a2f44ddffcc94b6bc031f690502171ae756869ec4b1c8cfd689529ed13915f42ea2cc1bc5

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d

                                                                  Filesize

                                                                  29KB

                                                                  MD5

                                                                  2428c363ad3ee3460afa681a8a830b3f

                                                                  SHA1

                                                                  146b483b4ef4b471cb4cadd8988049f5920d8f09

                                                                  SHA256

                                                                  214df30aec64c20ce7d6b1ad37902b1c1029ac41b63439de98140ccba78d3a09

                                                                  SHA512

                                                                  5150521c5b1934c4e9086d687e2c016b1c7be7096f52f0d1e10b83ce0d0d6ec0a4d2a101382e63a9ec9db0b2d9557f35e3523ad15e2db28472ab1deee654f69e

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  7KB

                                                                  MD5

                                                                  011f9d7c8d15b2f9c7d8ab7ac636ab86

                                                                  SHA1

                                                                  a7b815d6cd9b4f6cc6ff140c90319949f4db07a4

                                                                  SHA256

                                                                  642efa92e602b66e2a37078f7eea35984b2c1e09a838c761e00803ba32a28aae

                                                                  SHA512

                                                                  035dbba074a94c3b86f5773dffb319d29ad6be5f9a122d07fad81016108ef28b972822e61690a815d75265bc82c43e8c9c11fa0aaacf54b3c0b7d79ab0cfd055

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe583285.TMP

                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  f5fe2635bfa3259b75be3e10769ecce3

                                                                  SHA1

                                                                  93863c0e45541a1f4142de86473b7de4e8d8c415

                                                                  SHA256

                                                                  955f71b8adedb09706c02f36219584e69485e3757cb470b215cec88e9eabc7f2

                                                                  SHA512

                                                                  53e633e3e7cd2c3e46b1f5e77cf00f15bbe68622370f2e2210294e4982621b496feb1e3038a2805b730fb55370a1cb49b891a50aaa860fb7cf53a16344c0ce86

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                  SHA1

                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                  SHA256

                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                  SHA512

                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                  Filesize

                                                                  108KB

                                                                  MD5

                                                                  06d55006c2dec078a94558b85ae01aef

                                                                  SHA1

                                                                  6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                  SHA256

                                                                  088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                  SHA512

                                                                  ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  46295cac801e5d4857d09837238a6394

                                                                  SHA1

                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                  SHA256

                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                  SHA512

                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  d751713988987e9331980363e24189ce

                                                                  SHA1

                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                  SHA256

                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                  SHA512

                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                                  Filesize

                                                                  40B

                                                                  MD5

                                                                  20d4b8fa017a12a108c87f540836e250

                                                                  SHA1

                                                                  1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                  SHA256

                                                                  6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                  SHA512

                                                                  507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  19KB

                                                                  MD5

                                                                  545edb1abe5f4d13a47a2ab2eb2f9ee6

                                                                  SHA1

                                                                  24d857c70ac53ca440f3941a119ea10c7d9fa7f0

                                                                  SHA256

                                                                  25b904d07cf379b7f89f2b687fb1dac231bc7c3c660f0e2b4fc2f0bbba7d70fb

                                                                  SHA512

                                                                  5b1a1e28894cdbdcefa43677ed7e21111f0eb4da4d684aa6fc05cd48dad32964d10d1929d48ae9215993466242b49566f9bda1e5e8e9fc1ab982174871e90d38

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  17KB

                                                                  MD5

                                                                  90c96561588a20be2f7d06d64e1b7be5

                                                                  SHA1

                                                                  717bb4e6e5b3b067da5bc146d7ac9415459522e3

                                                                  SHA256

                                                                  fa0798047a8926dfd63455805e97b67e5d6c9bd00106a98a52b6089628270ad5

                                                                  SHA512

                                                                  e3d054b3c6cea82e18f2da9b0f8423a5bc122c723b9bf4313b3a6ec7dea6a69a76b234b8e75d36fd0eca13244c331c9a937aadcced3c963a391d90ec589cfdcd

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                  Filesize

                                                                  37KB

                                                                  MD5

                                                                  f0fd4fa2dc178d4b11b5cd3f74999982

                                                                  SHA1

                                                                  8350835bc2928d8a1b2d21823ed303f49b7cb9be

                                                                  SHA256

                                                                  49eb2a91aa2456b600a596f5806ebd75c3d2edbdf042a3f5637c010e5e9386d0

                                                                  SHA512

                                                                  3dd4e21a82f6b1d0f3dc6c237a5930c7a62f1c0d4ffde9f93c04df48c55e4a54cdbc15f1d10be16497e2c084c334bdc677fb236af972853316a4ebf50b3f4173

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37432495-bf01-4d2e-8f20-5346491b28d5\index-dir\the-real-index

                                                                  Filesize

                                                                  72B

                                                                  MD5

                                                                  447c7fa19922558d8e6559eb556840f9

                                                                  SHA1

                                                                  9bd096c3f86a417776ba286e39d3112ab086203d

                                                                  SHA256

                                                                  774c8a4ce08b7e456e8fd0a2346b3e8d875e82f32df91098fc612a2bcc224db5

                                                                  SHA512

                                                                  1854753669e76e4b1bc6cd5a81d1c2674de1390b431f429c55fc9fd6bd4e2e2ca94621c76b666e39b19c981e2af31cca2347f0eb8a22fb6b261f6e42f11a2997

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37432495-bf01-4d2e-8f20-5346491b28d5\index-dir\the-real-index~RFe581cab.TMP

                                                                  Filesize

                                                                  48B

                                                                  MD5

                                                                  ebc7a89228693a7b2abddd0c4cce74d0

                                                                  SHA1

                                                                  8832fae92765b028cc4e09db74c3d3b3622de898

                                                                  SHA256

                                                                  24138fda8a437bfb51f7a042e7c09190ffa2ecf17f7ca3a47347fe9f3339de55

                                                                  SHA512

                                                                  ebffb58dc78f7224f458cb4c1477cb09762a7428a73d840dfbfb4ae590514441bf6940de9d88b30a556dd6b2bc48b6303f479aa9fd5f33a6fb412592ddba58d8

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b69b8602-856b-4bf3-bf8a-d58b434d1f77\index-dir\the-real-index

                                                                  Filesize

                                                                  72B

                                                                  MD5

                                                                  0cb92e1fa3774b377aa5df066063b5a1

                                                                  SHA1

                                                                  3a1dce3a1a70167c2a7683dd23938f78865cd2c3

                                                                  SHA256

                                                                  6f4b04721cf1f8ca1846494a085b15d4720201c9354f0acab80318f18b510612

                                                                  SHA512

                                                                  88ae0fe07e1e29853961807350d9650867ecb315d3c922e9bde6658aa427be8d23585f0ad8335968a31c48f942e4e871fee28739da6b68314b67e64aec03685a

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b69b8602-856b-4bf3-bf8a-d58b434d1f77\index-dir\the-real-index~RFe5820a2.TMP

                                                                  Filesize

                                                                  72B

                                                                  MD5

                                                                  7243a30e898ce4a0603f019cd7db5ffe

                                                                  SHA1

                                                                  6383c493aed8ef63f156b8aaefb5e0e67a621665

                                                                  SHA256

                                                                  f8d86587d283b73f68ee28993768cbcc36a4a98694415a059be6055cf6f0b6c8

                                                                  SHA512

                                                                  154e44ecb2bd255b18ebbc7df9d39c3a705531f1662e85b7af267c897b8f90d6a1aa725d1e6d9b47d660978ee802ccb6d3987ba43bb6d490e37279152ea81461

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e819d3d5-3d8b-4ca1-9eb8-9b0a32b9b2c6\index-dir\the-real-index

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  48dcdbf7dd7175dedbccef215098b1d7

                                                                  SHA1

                                                                  3567ec03cfff28193093407af06136243d671d45

                                                                  SHA256

                                                                  46a96f1ddc49c95b98edf7566621761614cc41d42f3a6607399e0fb5f2d51256

                                                                  SHA512

                                                                  cc1f92eb5083a3915ba57cf432cd7ea6d631a3055632e9aeb38f89103e9b2b06863efb52d5c833276f18f7cada16892708c7aae80cccdbcec2919ea3ee5d4c01

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e819d3d5-3d8b-4ca1-9eb8-9b0a32b9b2c6\index-dir\the-real-index~RFe583822.TMP

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  3b944bb2b58f2f4c3015b3b4a68d5d38

                                                                  SHA1

                                                                  929f341968a09119d456b45c7371e724fb59a894

                                                                  SHA256

                                                                  34dda2aa7fda6bcc7e65846cdd2403a090283ba892ecfc146e4a55da0cc6aea3

                                                                  SHA512

                                                                  e66cac91464aa3521f09698659c3e9f1c4f0993d02a04673aea7eb08e3b85a03af218d5b10b3f530865f35517c9f15dd6f25bdecaa069fde5ea13bede9c24acc

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

                                                                  Filesize

                                                                  320B

                                                                  MD5

                                                                  5477b69bb3137baea9aa0eb5e19722b9

                                                                  SHA1

                                                                  f1b44177da6a3a270be8dbcd72648aa65a661d5f

                                                                  SHA256

                                                                  524eac81bab35c71ad69273795d5736a2d037af34df1cdf66fe62491889bedb3

                                                                  SHA512

                                                                  3835d6e5915fba8e0a50e19df402bde401b4585f629f426eb1c446b55cc3647616e2135c9166a7a0e1f35e5e30f7eefb4064f603e369a57ab30cfd0fdded3b2b

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

                                                                  Filesize

                                                                  325B

                                                                  MD5

                                                                  b433eeb2d746272cd117d76362f98111

                                                                  SHA1

                                                                  b719791d8bdfd4674979c78b31800f435d8408a5

                                                                  SHA256

                                                                  de63dc1479d16e70d3a97847c18be3e5bab7c50fd17070c620d556ce94c493ab

                                                                  SHA512

                                                                  d1f9e666af7a3401485a7ef96d537ed1353a46f6535d569de08a678dd8a6dc126d49851409152a8c7b4f430f9f6fedc2d659f34fceb6950019373e97bccce0c6

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                  Filesize

                                                                  72B

                                                                  MD5

                                                                  108a6796721069be385b8c377826c843

                                                                  SHA1

                                                                  5357fc734338f62eb62ef48ee0a52c9da2fdecb9

                                                                  SHA256

                                                                  7202c4ae8cfe63bcc000c6f424b172aa11d647a026f4bc42b4d2aa0e426ce27c

                                                                  SHA512

                                                                  19aa77b628f63119d0070e7af62ace583f60aec0e3277202fd69a3abb8edc1d733cd7f567821cf102c30317a7f48c83a6244543f1ea073c724ce4d4e169e4541

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58338e.TMP

                                                                  Filesize

                                                                  72B

                                                                  MD5

                                                                  bf25c13715750d2854f80611d02ff000

                                                                  SHA1

                                                                  a1040af254194d8838a5efce000bb1af47477f23

                                                                  SHA256

                                                                  0b386c8e5f1de5bdc36f3b00e4ed4da87ee6623c7ced88257fad22e8071499e6

                                                                  SHA512

                                                                  f06e702d4960774ba836e8a9dad6ecc7d6bb6ea94ff7882a97fb75713cf731e2d61c7907ada08c5032ba9cbe03d9fb253f6cd1b52839f7dbf42fe25806033201

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                  Filesize

                                                                  22KB

                                                                  MD5

                                                                  b4d66b46e37f7b05bdd9655ef874773f

                                                                  SHA1

                                                                  3b650d494957ac668f942519f9c8898091458708

                                                                  SHA256

                                                                  e1673dd677343d194d245ff14943441fed9b13bd3836b134fa99bc8ab2aeb985

                                                                  SHA512

                                                                  d2567cd3561e979bfcb7e7e26a7219eed7d438522710c9e937926b6073691d98d8b9d4e51ba692e8ea20fb349dc599d21916bc58b0e01780391d7aff1d8bc8a8

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                  Filesize

                                                                  460B

                                                                  MD5

                                                                  3d7c92f2525a883671a5ce91c78895bc

                                                                  SHA1

                                                                  e1d4d8bbb3b156b0021948862467c28594b8537a

                                                                  SHA256

                                                                  79b7ce7519f66758e6214942834bc48a34f907d77a1e7c0d97ca50de3cbec76d

                                                                  SHA512

                                                                  18b01d64350375cc5f67eab4ca758eac9d36284782b7fafd6590d9389d749c8349fd0cc987c0f4d11194fdb80c1d45734f9404049b2d2af4dd7bc009939e5964

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  49KB

                                                                  MD5

                                                                  99a77ca523d741640fc587737f60f700

                                                                  SHA1

                                                                  bea373d339f1e40482460ed0e969153943d97826

                                                                  SHA256

                                                                  7e0d1248056d639332bfd37097bfb9d34d6cbdf4266cfbc0d6244bede533e0df

                                                                  SHA512

                                                                  7c2e701bacb6f1f9d49ffa02d50b6af5175b998848d340939c23d0da6789fe5f83ef081bb557bb5b3fe64d2fa4751231cf07dcd2c151e329461d995dc1b657ef

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  40KB

                                                                  MD5

                                                                  ee8be804b9f3b98e43598e5d0b0fd5aa

                                                                  SHA1

                                                                  bbe74ea2e3a1905484d2ff0d46a27bcf60589169

                                                                  SHA256

                                                                  6a44e4432af4d9dc996776cdcb5b0d12cbee78fbba7e72fea9f3af3386519a36

                                                                  SHA512

                                                                  68ddf3030a8d6196eab993c2da6d8b1f16d17bb5a087ba53d8cf3c476bb5a61afecfc2b28c87c850b54cb0d14369ef734e60ffbc33dc983e0ab29d733ee0e191

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  40KB

                                                                  MD5

                                                                  13447756d7707118cd3e40454b039e36

                                                                  SHA1

                                                                  a82f9ab994ad0297eeb840bc993e3a051c0a445a

                                                                  SHA256

                                                                  f9961e441ddd30712be94dde057c3d0f7857a04fc7c36a6ca677823f087eb34f

                                                                  SHA512

                                                                  6147e78eb865f0a56dc21c18040110af21a18d8caf22eb211bcc5afe476b443d538eb27d91c788f0b24bf9cf438795a47a1a817cda3ceff61f274f653772d30a

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  48KB

                                                                  MD5

                                                                  ec7d80fcfd0fa5b695a79d168efebf16

                                                                  SHA1

                                                                  b0f88a72905cf683ae4ce7e24dde8c7d955e2ad5

                                                                  SHA256

                                                                  7667694ef1c6872d7b5b7f21d440d049bc13ade5964db98f1330c92f34a969e4

                                                                  SHA512

                                                                  85dbb4ba730da3a30f56aa0af14661aad35eac19af4defc0e2c04060e48ef813abcfb24c78826c0274698b5402d36a4dc19b6ba43693a49f78ba5e6cff256a2b

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                                  Filesize

                                                                  392B

                                                                  MD5

                                                                  3321f9d4c290462d69304b72b57b9a8c

                                                                  SHA1

                                                                  aac457cf5ce9dd5a4014ac36c3a87cb43c7418be

                                                                  SHA256

                                                                  0bbdeab5e430142bc987488390c846cc6dd4fe67009a863554b95aaf446761b0

                                                                  SHA512

                                                                  1269bffc1929ab3d1cacec90c8b678e532d2f9a1a68ac024386d07679d364b50f0a7b9e2c9e98e5d1023c2dc330ac8f0cf5c1fce01969e446ab840e813e41bc8

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57ef71.TMP

                                                                  Filesize

                                                                  392B

                                                                  MD5

                                                                  08efc73d5aa9a9728e9f709e2992093e

                                                                  SHA1

                                                                  2ba99ae10364245d01b2d2808989cbfcb411a5eb

                                                                  SHA256

                                                                  e3c7f8abb8a145c32cd675295afc4ed8d21930deb05e51c9c991e374205eb26f

                                                                  SHA512

                                                                  661f175763a7610b9d3c8687725e31899d15d4d8ec9a1150ba5205affc70e3de2ffc6c0abaa059b8a58c8ae79fd050ce5eccfd52f36799aa5761382a50951f00

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f788ae43-40d6-47d3-a7f8-7c0253410008.tmp

                                                                  Filesize

                                                                  49KB

                                                                  MD5

                                                                  ef453447fff54a7f1f5c6de7096f50d5

                                                                  SHA1

                                                                  2c8ab99bd2eae835ebde618921602ac0545cf53d

                                                                  SHA256

                                                                  46f5a7bba652de1b52b2acb879a3480ed422138db615d76d37fbf9d587c27988

                                                                  SHA512

                                                                  edc22648296c40a7c2fc9a0419de5c6d2c59b3781438217388f62d9650ae030841066d5b03f981b256c1c79e82efdfda517862cb2131ca2e35b4f98e2dbfcbc7

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fc765862-da04-4aa9-8c8e-9923a6be0c94.tmp

                                                                  Filesize

                                                                  392B

                                                                  MD5

                                                                  648b82c6efdf2fd7a769f38cac71facf

                                                                  SHA1

                                                                  f183def5d810a4ceb90b645bc870e16611ec50cd

                                                                  SHA256

                                                                  54c29f0e1ed7c6700e9fd990f87d416ee5a51ca734218dd25a41c8ee5854c75b

                                                                  SHA512

                                                                  9c7a45171ce075ef6e979032b0fd3bf231355c09376d0386b7b84470f6afcecf8da142c6100635db0e1a7f7578f0779ac54c69b7e3ebbd370e44abb14a74cc1a

                                                                • C:\Users\Admin\Downloads\Discord-Token-Joiner-main.zip.crdownload

                                                                  Filesize

                                                                  20KB

                                                                  MD5

                                                                  47dc005b37cef0c8bc773f16243b9416

                                                                  SHA1

                                                                  5c0c791e37d57d78cdad67cf85e34d6396eace50

                                                                  SHA256

                                                                  fe3a812d32a1611690f53dbb642e720b314ff8793dc026a092b34c7e8eb58098

                                                                  SHA512

                                                                  ba92852c7a2b5791eb1718d161b84dde864bc63e6b8da8cb49c67842dc84f5f37fa1e64459160e0000cc050733fc80aa29f120dbd678b5aed89ee449d2e28729

                                                                • C:\Users\Admin\Downloads\Discord-Token-Joiner-main.zip:Zone.Identifier

                                                                  Filesize

                                                                  189B

                                                                  MD5

                                                                  1eecb73f8da5d905bde995dedddc6360

                                                                  SHA1

                                                                  b50d07ca7f0062da503f15061543df5efa13de0e

                                                                  SHA256

                                                                  2d150d5140f00057476e98c6e2470580f538d97a493fe6556fa00f483da33dab

                                                                  SHA512

                                                                  d3739fd52b64e0e54127ac4501043678779bfdce8bcf5b1e2380b031225ef52db05cbe275e20c04691dbe329070a76335c523961d0a11f3943a5068e6c6e852c

                                                                • memory/6104-1406-0x0000000000F00000-0x0000000000F10000-memory.dmp

                                                                  Filesize

                                                                  64KB