hxxps://mega[.]nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM

max time kernel
1728s
max time network
2102s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29/08/2024, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM

Score

9^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NexusFN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NexusFN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NexusFN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NexusFN.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\socks5 (5).txt:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\NOWEPICGAMES.txt:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\hotm_uhq.txt:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\nexus.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\1M_UHQ_MIX_COUNTRY_COMBOLIST_HIGH_QUALITY_GOOD.txt:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\125K_HQ_GAMING_COMBOLIST_TARGET__EPICGAMES__COD_VALORANT__ROBLOX__ETC_.txt:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 12 IoCs

ransomware

pid	Process
9880	NOTEPAD.EXE
7512	NOTEPAD.EXE
7492	NOTEPAD.EXE
7480	NOTEPAD.EXE
5484	NOTEPAD.EXE
5844	NOTEPAD.EXE
4656	NOTEPAD.EXE
5064	NOTEPAD.EXE
3564	NOTEPAD.EXE
1900	NOTEPAD.EXE
9076	NOTEPAD.EXE
4652	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 51 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2980	msedge.exe
2980	msedge.exe
1884	msedge.exe
1884	msedge.exe
2700	identity_helper.exe
2700	identity_helper.exe
4704	msedge.exe
4704	msedge.exe
1564	msedge.exe
1564	msedge.exe
4872	msedge.exe
4872	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4728	msedge.exe
4728	msedge.exe
4520	msedge.exe
4520	msedge.exe
8020	msedge.exe
8000	msedge.exe
8000	msedge.exe
8020	msedge.exe
7992	msedge.exe
7992	msedge.exe
8604	identity_helper.exe
8604	identity_helper.exe
9024	msedge.exe
9024	msedge.exe
8372	msedge.exe
8372	msedge.exe
8092	chrome.exe
8092	chrome.exe
2264	msedge.exe
2264	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
9932	msedge.exe
9932	msedge.exe
10104	identity_helper.exe
10104	identity_helper.exe
6992	msedge.exe
6992	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: 33	4720	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4720	AUDIODG.EXE
Token: SeDebugPrivilege	3588	NexusFN.exe
Token: SeDebugPrivilege	1840	NexusFN.exe
Token: 33	7460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	7460	AUDIODG.EXE
Token: SeDebugPrivilege	8908	NexusFN.exe
Token: SeDebugPrivilege	7108	NexusFN.exe
Token: SeShutdownPrivilege	8092	chrome.exe
Token: SeCreatePagefilePrivilege	8092	chrome.exe
Token: SeShutdownPrivilege	8092	chrome.exe
Token: SeCreatePagefilePrivilege	8092	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8000	msedge.exe
8092	chrome.exe
8092	chrome.exe
8092	chrome.exe
8092	chrome.exe
8092	chrome.exe
8092	chrome.exe
8092	chrome.exe
8092	chrome.exe
8092	chrome.exe
8092	chrome.exe
8092	chrome.exe
8092	chrome.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
5064	NOTEPAD.EXE
1900	NOTEPAD.EXE
1900	NOTEPAD.EXE
1900	NOTEPAD.EXE
7512	NOTEPAD.EXE
9076	NOTEPAD.EXE
7492	NOTEPAD.EXE
4652	NOTEPAD.EXE
5484	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1444	2980	msedge.exe	80
PID 2980 wrote to memory of 1444	2980	msedge.exe	80
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 1244	2980	msedge.exe	81
PID 2980 wrote to memory of 2844	2980	msedge.exe	82
PID 2980 wrote to memory of 2844	2980	msedge.exe	82
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83
PID 2980 wrote to memory of 3608	2980	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff909d73cb8,0x7ff909d73cc8,0x7ff909d73cd8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7992 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,13357240212953868115,2617287153867685496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7636 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4772

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\nexus\combo.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:5064

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\125K_HQ_GAMING_COMBOLIST_TARGET__EPICGAMES__COD_VALORANT__ROBLOX__ETC_.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3564

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\socks5 (5).txt
1⤵
PID:4924

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\nexus\proxies.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\Desktop\nexus\nexus\NexusFN.exe
"C:\Users\Admin\Desktop\nexus\nexus\NexusFN.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3588

C:\Users\Admin\Desktop\nexus\nexus\NexusFN.exe
"C:\Users\Admin\Desktop\nexus\nexus\NexusFN.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:8000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff909d73cb8,0x7ff909d73cc8,0x7ff909d73cd8
  2⤵
  PID:7912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:7852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:8012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:7408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:7736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:7788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:7680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:8112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3812 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:8392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:8400
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:8672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:8680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:8516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:8892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:8908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:9048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:8304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:7364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:8992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:9024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:8448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:8336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:8356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:8660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:8372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:8520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:8500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:7992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2076 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3084513975309854215,10928207733322025790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:8324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7452

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7460

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\NOWEPICGAMES.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:7512

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\nexus\combo.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:9076

C:\Users\Admin\Desktop\nexus\nexus\NexusFN.exe
"C:\Users\Admin\Desktop\nexus\nexus\NexusFN.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:8908

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\hotm_uhq.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:7492

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\nexus\combo.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:4652

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\hotm_uhq.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:7480

C:\Users\Admin\Desktop\nexus\nexus\NexusFN.exe
"C:\Users\Admin\Desktop\nexus\nexus\NexusFN.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:7108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:8092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f7f2cc40,0x7ff8f7f2cc4c,0x7ff8f7f2cc58
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,9360137979556064713,7559465401507055420,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  PID:7200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,9360137979556064713,7559465401507055420,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,9360137979556064713,7559465401507055420,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:6668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,9360137979556064713,7559465401507055420,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:8324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,9360137979556064713,7559465401507055420,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,9360137979556064713,7559465401507055420,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:8956

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff909d73cb8,0x7ff909d73cc8,0x7ff909d73cd8
  2⤵
  PID:8960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:8088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:9584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:9592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:9932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:10008
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:10104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  PID:8496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:9748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:9824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:9820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:9980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:9240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:10064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:9764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:9504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:10032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:9480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,12466365035581853105,10236178100891658704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:3340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8
1⤵
PID:6428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5672

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\1M_UHQ_MIX_COUNTRY_COMBOLIST_HIGH_QUALITY_GOOD.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:5484

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\nexus\combo.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5844

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\125K_HQ_GAMING_COMBOLIST_TARGET__EPICGAMES__COD_VALORANT__ROBLOX__ETC_.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:9880

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\1M_UHQ_MIX_COUNTRY_COMBOLIST_HIGH_QUALITY_GOOD.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
65717ebcfa988207dfdaa2611f203b8b

SHA1
6f26163e5021263b12f294e54867ee31e2f92570

SHA256
777373899a75a957d29a7c02f85680bae8ec8933e8b6cf8ba92ddad816a8075e

SHA512
f0bed394f8535186652c705f6d54684bb498971735ca178664091af600ec8f96195553c67953aff63e4265cb6665574dd0d5e5e31b6cee392cc4f48c05dffcaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4d83fc22f2ec67c44181f37aeb54c389

SHA1
5f6e9c7414fe270a8c2452c7d6c4a03dad428b56

SHA256
84b7014c6ad0f549a1f6d1b352977c7d40940f294a80e65255516f5cd37c8859

SHA512
292042b01b36c5586cc667fc8068e3bfea3dbabc887eb2a157844616d3d5229cfbacb68d461a0ac17f87d4bdd79dc56ca3544da7d5c924ba70c3fdef04b46290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
38b55445cafd7eace410a4d94c128448

SHA1
d60329c97be260cd478f1b58e95a500c32ad32f6

SHA256
05e0f816693780f4ff6e9163296019bc7e6c514fcd45f262d9f3f445686f0548

SHA512
03b8f98433451769412844e61c166f51f7fe07a3d648d5ca194371fc2feb633f74ba32dc8d4b1dab803a66075c9d95dc914588afe7d69cff15ddd3dc84bb1e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fcfed1c4-0558-41ae-840d-fe5a5c9dd3cb.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
82fc224696d7360a8cf4af63b607dbfa

SHA1
586f626a0ab305e22fe6801814e9bce6872fed40

SHA256
eb76a13f963eb9ea3accfd10049dc37daece9bceff5ecbcc9e7dae82128d18e2

SHA512
6d2f1a01504c13ce7793c4f57483122a4b57650969693b8dc3795d5d5a0b9c5cf24b3b59a9010245e3d9d280327a3532eead8a6e3e8e5ac6dd2a75c04d02da0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
28f63b492fef7648e4776fd5dec14c1e

SHA1
0efe6d9759b7c9fdf4061f5f632f6d41112c8583

SHA256
cef85b93f6e8987e25dde1a654582dd9bc6c66731072d7c02230e05668c0d0db

SHA512
9b6eacfb77010cd79861fc9a367286688329c46d90e9b6d3c16634a1117bb4a46e0d7b99f0df6e68a911f56db10264c1969925211aa33e90e10b3f8bd6d044c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7429e1887ca41d445b3f9cdd0292cbd0

SHA1
053c769e93276aa08977736ec3b82fcf92dad36b

SHA256
6f14b9afd6a9b10612650f694d1fdc6365ae03b3646045bd5eef520a69ac8f1a

SHA512
46c62a9df52e145d235b0aa57a6b49ea838943c2d1d03cc47cb50b7fb86bce99b30f7d28f985203b1bb8bffc3e0d3b937c42c1893ccbeb239ac36a7ba4d08f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
42d199219c33b6418837ad359c4c7778

SHA1
76c88f35d2a60fef557627c874c10dd4fc8d6ae6

SHA256
86a5814a20075fd75b155fdc01e24cab8b108a4b6caef9f93066318825ed3296

SHA512
0a7c5b9ef9519e84c021fd055aa683500a6f0fcf8f94caa8569d5060ab8b793437d118dcd9f0d205bd4aa8e9bf5016dd39ad9c5b0136f089b66d7f1c5b5ef971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
24KB

MD5
59dc5456c732ae84ee5e0c4a553438b3

SHA1
56d63e5489ea27f36babd294e54da4c1bb92e621

SHA256
877d1be7ab726f2e93b8857d834ac084177d65325b66c29ac516cbb5dee906cd

SHA512
6b319eb7c909d851d25079e477063a9fbec9837a8e5bbda0866cec622bcee479f12238ac97450fc7062b77b29eeaa0bf75b65b877920cbe23b8845f0088b3139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
27KB

MD5
4b354e670be70d8e6f4be6822c614f7e

SHA1
f0c61a81f793fc471cff7c1d374185fd32f85b37

SHA256
5bc667587dee79e80abf70820f31c32d05fb7768909e305985464a1ef4028376

SHA512
a1810a78896ddf69884fc2c0e76bf714039ce7a6ca1eb6bf9cc3663f8225f81ca219190c203b020cba368e7b517faaaa214c24d2953af5c3d228824449a8ae6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
fd76305e90f5608d79f48fbd5bce8fbd

SHA1
4d86e2877516ee88baf02678f00fd4da73030109

SHA256
7e27bdcfb00c31f599d325e573831f532d74db2f01e60663b5c4ebd6e492858a

SHA512
97f56ff08fd63b9477b2b74a631cd120497762ad6bb1abdb563a9079be7760176880316c4e92948eabe26de5157b4c22692a780f0d3b58522d0fb10e5362c5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
bf64eece0fac97eefc4cb86038c8b217

SHA1
3a09ab3b64c248e6dd5e9a61dbf8e1db8759b559

SHA256
45cb87f42405edd0754dc358b45cc67d5c6daa7a6597bd297cd39be1c4c39935

SHA512
e7feaeaadef0cdaf4d776d36bf6cc69c88cec188f944fe6a5f556e235c9f74db246c686ceb9993c532eeacb1e7ce9c559a1b1b493e647c980f9baa7d824e733d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0b2135ac4e2bcb2363f8956508ce6255

SHA1
a16441a657452be9544050334c1a95d20320dad8

SHA256
faa2350a2bfe14701acae17fbfa96f649bdcbbfe2ce3d950d319cb5e1350a70f

SHA512
a07b000ef27ca8990636034292fcb0cc542a0e2b84342bb45c2c51f5aa12a5457aafe11aadb67bd515fbc7ac8dc0d32990d119727c373dd9bbed29cd743b6d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
8850257e8d002a29c3bdc45d59e10058

SHA1
b13f70795c1471b457bb8a9e21b92d561afc3e0b

SHA256
78b143fd7bbebfdd7802581ec71b9696d6a6203716aee6c5fc2111b78c04dca0

SHA512
03bb2df9a2a52c45c93b63cbe70d7c48325df9576a3d6696ae88cedfdd4a0f45aa72ac7bc7bdd8ed76a5d0892503749b4e0b20495bb2a97083c43f48f55413be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e418c66943605be8875e0cc331a6ea28

SHA1
a8a48f66740355b73aba7eea2d7b1bc48b679d72

SHA256
56838a98ff8357a239568ac936d05f7cb61de21de967f4bbb253bb27a9f7d0b3

SHA512
ad433accf64af5800f64471c7284f5e66ba24b4c91bdde8919493c4fb5ffb80a51d889cf9dc33abf4fbc95369641da03a0dece36f3baf5670a4a30abff814258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2bb8a6ad6f6161583b2bb64233558fd7

SHA1
91d4f06aeb574acfff7d0922f0220f22ddde186d

SHA256
9d94531435a50328950c5088967768c671ba298287cd8f31eb4e3ef9f7ad9d60

SHA512
5c98be46efe3f737f0597a1062e51f1523cbff510325d63c68158b7693a87a2c56f00619a2f37ebec368110d5dcd2c5992953e88eda7696635403b11fce946be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
14188b5700bad68dd9b6888a8a49c28d

SHA1
50af7274c426a766803873d5c87c2e9c9086b2a3

SHA256
c43fab15507da54e4acc71de77189fb6d86855e3c89124abbc98bb26f03ad644

SHA512
e3338076aa1d12db2394a22d4f97310b40cfc84cf9b7db0001c9ac5f574f03518f84e5a27e0432900a3a533da2da75fefb0ee878cabbab2ba608546e58456081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6b5cb65e708645ccdc3f590e5ee965f1

SHA1
0d435c0cb77ace25b9e4d542be74f0b921ccbec4

SHA256
aaa6e4d7a40432f42b7794d96c52ddbc6ba209696e06943a2a75edf7128c4495

SHA512
34336c89b68455cd3f700f9d2b7d5dfdfc290f8fc4c1da6eeb51ec42e615bc43689f337749c032852479f7a32df09c548e84df231b8907c4ae20095470b17bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
c1d6084a0f196b9dc94aab82d642f3c6

SHA1
af05a781f92017a3d4be507a84520ca6bda40429

SHA256
f88dfab609fc2a26bc567f438b1f2597996f6763968c594ee22ca4837a75a382

SHA512
eaf508c764ca99a183dd1dde14a9457935882697f3f8d1d96f63f1110f311e0cc6382a090eb33d4d1a30d96df1cc73c1b6ba5d482ecd22d9312de987721aa6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
47b9dc093f751411896b455e8eb6d5b4

SHA1
0538f042bcf744385dc0d9209a51411f45617412

SHA256
1238dc8cdd58da0b18d394cc3c7bcb4dc560a48d2ce64935d47bca6103b730a2

SHA512
d60e22e2bebdc4c8dc7f955e631e8456a80c4af359e36de783020563f9d333eab2768ec33e6ca2e0e3d9a96fc0e134382f50b9cefab8077df18b288a7421876a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
d2fbd65960a3171a5649c52a46b31db3

SHA1
64ee6c8725aa9c8b6e88c7f6f299d379bc901fd7

SHA256
c5502156752cd2a6ae3773063cbcbd94c21acaca8770d0013c8f7494b5ad092d

SHA512
0177bd57ff79837014b0a7dfb6e15aabe97dba7472477ee31876b2feb27256b56f592b508b620545065f4a752a8814173e02b0456454772b4060d2f1a977f429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1c779b217aa91c334e36f298c2afe96b

SHA1
dc545cb6018b312d5953bd3ce82a93e21a030940

SHA256
51bc6f1cfb0abd98186154a1bf90c1148c5ad1ec5869519348ee2b3be9e9b535

SHA512
89c70e24c1b34bbc86d1c067a4575a602a8c150144ff82c32b2a58e0327e1aab2317aae7223aafc0cfdc9844c5af9393116e11f80c342aab2c028189f52aacf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b30cc21a10d8bdcae40fb3e4382dbcf7

SHA1
b06f7e64ff91361f17fdb743fc22d6e649ec7598

SHA256
784877181aab2042e687b40a0459d7ea519dd0f08c02761a1b6480d6e47d5076

SHA512
5fb97ea7cf1d844d62e7d17257dc1a7df8e3a800ccdba35475435c1e528042473c957303a3f1f7e645b63904408ce111d68a931cca8553e8ca4b79c22a074311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
78b430472267e6673b1abd34f68555c5

SHA1
5fb8f29133ed1970681fd4d50d6abeaa0323de55

SHA256
ef50a802f26fbb34f341cd0ce06c13854324e70b238153798ff2588841306df6

SHA512
7a183e0b13f4df408a94e200c6a9568d742105981b4f0d421b95e125056826207a8e9e1e57917995dce4603e05d8a8819aec6468bad63cff5d77a78bd5b35ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
cbcc9f7c55a974748b55b00296eb40a1

SHA1
316f376514a6e14e79ce205f6fde0951fbc7a294

SHA256
5920b422d3056eb95fa903b48b9eec90aaaa3399559754e2d99158b3229ab4f7

SHA512
d94968f743bcee09157e0ca532a12ab2007e89d92767c19d7380e7fd50926b4d338179855be4146493ccd82f4c6046fd97051bef37df4c858edeec2172650bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
4e1d489c121e0ec5aaede74c751187ee

SHA1
25cf8c70e724f77fd9bf2ddd2201991e20e8458a

SHA256
1f3060229269f5a4e78423e35549dd826258348ab7c5a24ac8cc238589221403

SHA512
6b237dd95888a39cc7af743148441839c4aabf0019b507d808449d61c36c786fc01f2b009b0b131d92097746a69fbbbc24a2c4c0bbe6baafba4d73893aecf6bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c33f347b7273bb1a2b9da2837673fe64

SHA1
306871861686855e7f51f5fd7b3f152a13460250

SHA256
70f0cb8bc62996fbdc901d3d390ac4ca809119c78f339a7d92dc86fa2311643b

SHA512
e8cac846536da60cc36b1379bd8096066fe1f369b9ddc13fc173cc288e978f0bad7ac8e5faed2b7f6ee18d842f5231ae19f951106f390cf72e65456977017e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5728d2ffd5e8f4d2c60588ced411b76b

SHA1
73ed03f3e3db3822f151eb8f6101c3aaa68001b1

SHA256
35582e973bdb4f162d4695288e004d101e221ae463a0c32e5f008f08b8a7166e

SHA512
41b0dd3a8a422cfed05969702d7ab9387ebbe0bb8abcd42205762ce10e98c2d8e12374883ac1f3e291ddeeeb50ba22d09f1c952f067a865bdee353ef4ff3d0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d90459bf31ec99248df6204c03f33cf6

SHA1
fc2214ce004a2e6e5e6e65c0e1f7960b40bb607d

SHA256
912720e989be1880a0df6c2ac4ac1a1465c6eee98e317bf059e78213956951cd

SHA512
204868f443844cd4ef4c5103577791f8a52bbebc8186d66078d032a8b82697882cd25c62d568d258bb2f00fc34be3709747a3a13b3d0fe913aa5bf21ababf022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
587a3b4e4dad0d218d76494dc62ee861

SHA1
26f11c97b930308767bc316ee5ed7fdd02e976f4

SHA256
f7bafc316fae502dbee7d1ea7b6c8cce4fc574a74a2bd5269863a61ea80a753c

SHA512
d8d9d26bfdd86239e1afdb2523207e6e8553739712edba176a4f75deb5907919e45608976f7aa24b35fd8311f8ea5507759fd1c3fc744b4b6cfe7d799179854c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a4e51e79331124af6d5c7be619899614

SHA1
4de0370af18ecb9c2d1a4fbe3756938e1f8ab267

SHA256
25bbc90cabc0cd71d4a7e91087cbd79fe8ff1f087d83ecd985ba2cdabd7dd37d

SHA512
f986a8d6b8927887cf84a02af90defc0abcd7220f1927b77dd069eb0b4137a52e141079a3838c6d47e77a0e685b3fc748cc460d686704673747ddec375f7d51f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1494fc2907c26a8cbec6dba8e6de4122

SHA1
62ca18a33db81a6bfbb1d69dd6e1286b10ed83e9

SHA256
a8f9f5306a3a7c26ed88d450037dd52e6cb80ff53eeb71433ebfdf32cb7e693c

SHA512
63e0395bc5cbe19403438aa31cb51aaf278684c6e61ce26f8395af7958335635ba65fcf5e0cfacf2b193b9d330103a95b5c86d7b1885edd8dc6180fa785c9271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
532640f27fa9ccb61687ed1e8a52a1fc

SHA1
b0c42fd0bcc3798f80d5a1fb46ce2a118355d6c6

SHA256
18900d679ca5e72e970f80deeefbd8709953a2bc1fba17531c5bb11a55cb6efb

SHA512
b69f155c63231e2e3668e57e48be51c03db45244f03ee6f5e3c1ebd7a1463cc5a2a0bf7d1cc7b4465658dc2badb5f1329df6ea27caf5e6c0eed66706859f71ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2a13fc02a47c01123d574645183fd828

SHA1
f8fa5b41cc4568067225865b851309c929ab758d

SHA256
54aa29cc5d45c73b84e5e4a57878be40a399285107d5b9c61be47acd05f4ec57

SHA512
d9161d7d950b33140c05cffdbcf588b68f04f11a6e566c9ceee48550e559391d94ea89c4e4e09aa8f8af4e7caafba56eb336b6e1c78baef13eb719d744db2491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fc3e3361f2822a98dbba29e6248db346

SHA1
987a037690db1f3ef94b1ed9d024e5af33668b06

SHA256
205d58943421d42aa891d72599a7f4b1a23f1c8a9b317f547efe4448cd3b5958

SHA512
01acb74e7a5360013bdac3dc45a33a6f754a7ee0bd0e3386280f0e7b9d17d7a2383e2fb98ccc7408f5975a794155b8aea8b11dd3c3f3033d3cf450f796c692be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
059d8ac00070d53931fa458a729fafb2

SHA1
59038b736c3738c9904e2f805a5a4e4fd5fb517c

SHA256
0cddb6e0c7b03a557b9055f68838442cd8cae1c65a867c9c913a4f1502e0cc2d

SHA512
fbc8432b83ef1065d9fd9b2bc8b23ec7914c2a17d79e4071481c0955864232b4a4e9b5f5c0e7d3a3eb22a4d6b78c3218a0237a4abe3980062c3edfd40241db89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a01fdf3dfc8b4f66888375d0361a7564

SHA1
712ee11d63b1f3324ef6f3d41eace03c4a9afd12

SHA256
ffbed7fd427183a170b37cf57af32ccf8a9c6249cd8ab5e155d53eba7a1e7e7f

SHA512
d159399224e8de8df74b3ef6c4c17b48d812b65e74d6f088868e25d5ed6b0370ea505260b75e5073c8ad1963adf22e405e4907fcdeb766c1c30cbc631d828533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fd1a2e284990dc3103040cd0efa941b

SHA1
b5898e38b6c5545693e48ea802130a0fd593d2dd

SHA256
6ef12543c55d0ae9b87677842f283dccfe6211397c7fae9786d7d4dfb0bfa2eb

SHA512
a38415a55794369e771f567c848736f872ec5a68211316edf807bb889b7216be8f8cc332bc131778712350bc19f67cec8a5418d41578c00ff7cbb37ddc87e8a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6eb5333e9b23e9e56320695a78489bc9

SHA1
85053bc04150bc23d2da19ee62f3c44eb2c2e4eb

SHA256
082184a95c6a5b9cdb3e539595d23aa66c3fb947cc2333ad587a53d565121255

SHA512
80da1820215d003004fdfeb3b7541d176af18b243fc40bc16109cf7b129a83afa17d6bf05e4746168146f49ec7a3baa02b8be0d7cb123cb84cf86577fa0d2351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e7dfad98b09fe81f29eed16ef16f40f3

SHA1
eaf1f47248564735e8909eb288f2542b1c0758ed

SHA256
c0a9dfe4f7df01352d014abb5f8d9590d210cda529594a3002d0db94adc102a2

SHA512
186cba2b6d1f8b7567fe285c1f915f5e567919e3c9064d97619c744f4be07e0e68236f339972a36f716fa0aa3e23eb5faa6c42f11ef58b84be2b86aa3886f2dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4a0f215022a8955fc3e4c25faf0abc20

SHA1
5a8f832b19cc163c3317bb39facbf6c454a964b2

SHA256
d40d32ac878b27f22602e06ee8e7f9af448f98aa6ed387b58ac1d605d254bef3

SHA512
99884bca8e0b3f35316f6d94bfeaff76c6b64d22c3a8f12c01c23d13ab0f97ac27640a2b63ef2b897bcc65907eafd87e4bbfa74a22e2fdfc837de5ca8d8455c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1806f9aa1a1f1a3a5781450a1ede261f

SHA1
2fac3a066329399bd1b0661b0fe13107c1613b0c

SHA256
d0f838d345b9ab28ac794dae97f8a6af27c9615c72aac3666f862e29031653b8

SHA512
b62d86d5365234cb2b3629df58b6fe0619da7f1b10f1b1f79e2b87f27dedfd47b5fd04b915358315577f2f449af926f42edbc27d5e4af2e26ede1637e4c6b828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
537b4ad2d1e37401e4211c7e5b8fa19a

SHA1
677e125a3cfb28c29ad4e1367b737dc6fb687455

SHA256
528e7e5ec210ad6a1ec4117e4dc2a468e2361579b7963c81c64af899b9ac4c76

SHA512
7d34dbe10b338ebda9e4c47537e07b0172a22b5e4e35306a2acab5ad019029e11f0a4cd9195466c59804665729c2e6e5091f6a22822e20d8ee247f53d75c00e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f72d644e82cd1e8cfb99b229fc74754d

SHA1
6f3ef7dcb52d616103aa0962efb1253bc5f3f5de

SHA256
ffdf9f3ee2dd02c6e17cfa9b5ae8c9027f9d03f9842c2df8c8d597eb3f51c357

SHA512
4d8d33e6e25b681d3221878b646a8f1f0f9c4606913b2f37b770a8526e2a076f295af516ef357808912bac0ac3bb5ce9ecf0c6720020f1d6d773a0fe6524d94b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d718b903c2ad84c8c3463af3e6581f76

SHA1
b33e4818d5b13bcf2d17d39016b7298569e37b73

SHA256
ef261420aeec6b1241ab9695d3a55e67b118ef9e59358440de3bd2a6cecfb4bb

SHA512
7ba2becef4df0cd1b3ac5cf827f1ee7568b48a92c45bb6b75016d57cefe6e44acfb21ad04ff9542335dca247791ecb326f6eaa0b73ba784d4fc6739ad3ac75f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d0e1a9d39c68595d41c9c974db270915

SHA1
9aee8bda2583d449bdd03ad3abde022ec21ad972

SHA256
6d2b3dab6d4d108e1645f6e4b5c530cd3ea6a1c1d078f35817774971293366c4

SHA512
67f4ceb37748c3cf96a182ad178aea0baff6748c5b18d5559b58abfd5254e11735f43c8691e0ac80dc162b79685bab66fa9b2706871d7e3db686006830b877e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9b30beca84661c33da723db9c164a2d

SHA1
8b6e3a56374aaf26f42634367b282993a63d488e

SHA256
6c460021991d4be19c12a988f01eeb8e404d5e9e9281e2d4537e93b92ea4c09e

SHA512
458547e60d4bb1851dea007339faaa1bec22aa7f23203418150ad5cbb81d37173b6f7e7606e4af4dfb0d21931c8ddc99487ae3acb8e95f3d775c7f1794c8644b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
af41c4343f52465435e037242a301cec

SHA1
d05ed20ab2f1831bc90da53761207508c973b795

SHA256
0364964b4d98d85f8e43ce60f3ef06b2f7d8fa0cc87c8f5f283856411234a81b

SHA512
145c3433c69ece07291b85ca1c9cf81a282fe1d992d545ef4801aae3a334d52560ea10c8de3cebd3e1a56461ae7761bebb7f00cb44eedaffad7ba946ea2e5296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e518fd95ee8b2b03cb933f71a639fad3

SHA1
974e651d37d2685839c15e267b1ec14340797807

SHA256
190028e710ceaa06bd585e8a3920ccb795db6379423555937a7dc7f376133c0d

SHA512
e63be89505e8f616dacf8fe6ab3d58ec8fb6474602e13046dcc569c87faf8ebfaa1bbd72b4e3d072c950ffcb290f024428bc45a0bfb8a332ba6109d6d6bb25b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
66f7ff3fdc07463c2126b8059c6590f7

SHA1
01cffe0cc3f38a55e50a3fd22d69679d9c5e87f0

SHA256
5313d1fccc0b75e8de40cd9a2d8bb75be71170591f79aab8951a7436e7bfb615

SHA512
083ea9465bbeadd221a044abafd6a32588430714d208c7996b45047b7f14d6b79a261fdb65a5a01d28569830f495cf7d3357786a25b4b1c9e63518547f8f86ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
93bb4ea0da59dea5a8dcd39e24f82869

SHA1
a18b8c0481f1218342e003a22b0cfa035d78461f

SHA256
05e3161476b9a74cc948e089131d2bb59d0c06bb99f07f7bb5c740017080ef31

SHA512
7bfd79bd9d09f2af05283cd7168a339d2cfec44ab2c65b32c06d710aefb1934a9f0a0875d13f0a5e5f5f810b6f6c197b604d7afca081d9c833913bbc3ced9fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
abd49eee44fdc712fd63bd8ddfb54722

SHA1
8c5c0375aab2f03ad6a61a101174c82682a7f594

SHA256
ea551a21f13a447276316f7ed09f8eef7da5f3b23ed7b167d4aa4fea4ad322bc

SHA512
4f5ce5175d0c467a094682c0515fa6e64c092bee31185ace89ab0d3e93e274b0e204dffcd393ea36f71176a2e15b20c3b5d85a3d4265293e520b15c0e387c21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9abf2f339b5f2f010d4ca47ddc9cef71

SHA1
cd033c4d562905489769b7a1215c01f3867d459b

SHA256
939e6737acf0ebf414011499e331149fb19443dc41e4bbdf1c6c46036d3ef7de

SHA512
0f77e5431f04423bb2b5aa259c894d4eab5c5afa810f3127c5c43d5e972602ee9c47c8e783ab82db8ba67cfb827e223f3df84867f279323d3c04f18f028fef78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d7bae2fd629709350a1a06f6405f6a4d

SHA1
e97c636ebd1e2d63a75ef579d51ed2e83ffda1aa

SHA256
513c324a1627f6a6abd1f3823f10d447b53c8c8b2f3fdbb4c639a42b84d9e165

SHA512
2796240581e2adf2d632b588e0c290dbe6d079d2005c7dccedad09357d0bc5da15ebca8f8e347a53d4d5ec80df1a9d1769841030b73283621081d6db785fb45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a330d680c3c293560526c06c01f7cfde

SHA1
08f5e031348184caf6e4b68067e2b41c484aee38

SHA256
7a5a1217810addd25d9836c7313d2935b0b36a4fb91d64eea932bc4afa8c41dd

SHA512
be351e7873c71f8017d9701cb7a674b0dde29be256623585a382a4932006c083e89f5b82cce0880f892dd109eec58bbc4590bb282e7c8536aa8dfebe3574e094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a2e9825f47eced1c307b96b46eb3c847

SHA1
72093e08759e6664515165a9d74bb67ea0c032d6

SHA256
16690007ee07d10e65c5687ca8165ee9deadd7bdf85a0fd4347957d83b626abc

SHA512
6c9626f05926e48e97e5893426599268312bdbeb8ec5bfc754822658bef01e26d6b91977c4b677c8e65bf5e495fb8f1f47053625cb1fb543b21567416397ac49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7312e7aa99d9da6cf28685c2f00f5e01

SHA1
c50af5e497958a505516ec2b889d646cf54072de

SHA256
6c76ba19c45c432f85c8da66d0a81e33cf768bfb7f4de758c7e91715b7dc23b7

SHA512
cca1ee887c3ac673b850f18ae244c8b9cc59a589ac36fb4011e59a043095e1ac9d27d2caca136f46a2d8a54bd67fc3af066aef6972838fc0406ba3fff6417426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e902a2bc922898fd97dcd0d33d95f8f5

SHA1
6d63bb4adfade03f10eb1030f3d76a4e4b17e829

SHA256
46c682c4d2fbb43109cbf79440ac5d8e7fba531cd80bad65b87548f21740a774

SHA512
9c2037de1907fb6065e711e08ba940a5a51e22334e3da1f2bcc9949c308b35f7ca3cda606b2d8c8094e2800e2ffc4b7a16075bba26208888739092f37b1c650c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
901941bcd8542dde87eabdca2add45bc

SHA1
48ce86e7a87bbd3228d5dd53289cc3b7d5766d2c

SHA256
24d72939dd1528aa8a6be74efbae70c54d0562de220c377a1fd51d09624f0347

SHA512
da179e4eb177fa3a56360b87d4c0846f47a4000b6db7c38b0d4c70bdb39c2df9595c41ceb682698372ebcd13bbf025b9379c456d0436f1b7d0b0b553bc73801b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4595584c664792ee0cb1c3e522a24189

SHA1
a865dc6d24471fbe2b2ba941efbb59a997cbee58

SHA256
e23abc1456d788e9f4e14ae6b1e7f138e5cf9fc3bd6171a77af43850036c8de3

SHA512
bc37d25e29e15615cee2156abcfe4dce0ffb7d1632fdc8515c3c6b9b584ccdd3d61dd5cb1fcf1636a8243ab675b27121f83cbd04e684440ac02afe4baecb6dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d6a9.TMP

Filesize
48B

MD5
c54cb096fbda420675fa7e893033de27

SHA1
66b79210eb8196deecc5be603421aca65bb4b95f

SHA256
ffbfb4da5a4c96f7021c213d3faaf1f246387a9660ae735d21f02e84ce6e788b

SHA512
7937d8eaf38fc56928aa45199aff9d2f41804ee2a572e92dbf98f6f72a947def64fe0d2f7af5f141d58551eb4c7f5a22346ff0394d4b67320ea65724d59cf151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2b00bde232f9d61196dbfe57ab4f2808

SHA1
d0e5b5e09302f314085c3adb59b304e4d73a391c

SHA256
774292202e80d4350fbbc70ef03c6d9bba785389d5e44c6e7254366051a8b8f1

SHA512
c421845dd63dfa5150f15eff0757bbe971853300729b8df459de5c975de3a9907d26075868be8ce01a8db0d34197dcb84cc64c9e387035dd99b89d34535e67a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
4823d554b769340081908c65147fdf7a

SHA1
d11dbb759f31d7903b3ec3f72d13663a366db1ff

SHA256
a1a9b2bea403a75c8e8abe0a6d175f69eec2549c481cf33c1fac095aae9ea17a

SHA512
199fdde461167c921affa362d527e5b119aa20358a1cf69174e3e2484e71d7681065fc6c766e69b1cddb994de3d9c6bf7ab108ef8aa4cbcedfe354c27bcb4080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
185540a0911bfc4ec2e226855b1b208b

SHA1
3182329c3e2f633bf9278c47dbb40519fdce0296

SHA256
ad75e1ed9814cea3fc153b138d6f9e44ece6d89b5413ee2645505ebee2118090

SHA512
36f3cbeca2dc8082a5a79d252e39d51a6c290fa779ad7c18e04efcd59017729be2f1cee116cdb310fa51ae907a763daa28db098b603e5b20c8282e083e98a4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
c56c05fcd80e91bf4563ffc7e24417cd

SHA1
14182ee23d8d966912edb8e366190caea41f38e5

SHA256
23754fa0e135c23ee3e44c4c2d9b807032f0ad7722d80cac4124ec5598485b1b

SHA512
434da63fa8f293432fc769d3355c0a4f7faafc078d6ef933b2dab42637303ecf2ede7347fba15e246583c1359c7f9b68ca905ba0af215fca328904164665ce9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
02eff7de53d17459386ce1ca28bb3a6f

SHA1
a9e46e088f94b8cbe01c4d37f5d33859cb1d96f3

SHA256
6ed7014951c7093dc8280e0ce69fd1b92b3c49c18c17e2bd56b2d706d30ad3c4

SHA512
fc8777d306e52d28df0f9c5aaefc364d167be38d43a60a142915a678863992bf6463e070bfaf1bdf7b4df65d4b065a36e1aa9b01fb60743476ac63b4e801cb71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b2cb97300b3df7fe0aa6c5c4c91e4d8e

SHA1
1a3ebfce32f6ce98f73d405f4dcdc92fd4d35270

SHA256
70a02eab4838530d5b91e4036b5844e311e5e2fcea4373c06a2e78f9de37fff9

SHA512
d1e3b26e6c862d2e9d20468149ff0b346a0f408e843e5e1da8076ab3a241d87d713338cac45933637b539144642c0afcd8a141b313fcfe08d895ee0d0eb2883f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cdf5653d9eb800221f39c3c3c993a591

SHA1
3f8004f293e962d5fbd44dc884a329d6f47f51ce

SHA256
0ed074138b4cffc80a69ee86ed4457be1d9f495e59e7f1e0f2432560ec8918eb

SHA512
25375d2d7bcc89be527f171a54deebe271b0dbb907aa3e02cc20e0d97748ec3f592b624d5a503f29e13c473ed1734a87674cc157b458bcb68d244c1b0d9cffdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bed9727047ca1de05436aef780007b12

SHA1
3b091ce68195d13b2df50e2c3dc7534d56a864a6

SHA256
06cc6471ffc5f1450a960e720972c4385eff7c37365ecc1434aaf3835da5811f

SHA512
2c24438f8747025487cb5bd6270e56357e7ab7d9215fcdb55b12c7aa416a874373702644d06662071455bb9786383a0ae8046f788a12c5a3f5699561c1f4f665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0cf51ef0f3bbd29c38b1c275e9c1ccee

SHA1
1b21fe3718d8117aaaf38a3b40d765cf7a542013

SHA256
9fd2ac66aea125f03dcd290d54b3ddcc8b1e722d0495dca8e3a0609d5c7609b6

SHA512
30a89b37d3487e1802b78fe85f3b497f8a976f9687f6b487c3634866919e16956154b85adf76077e697a7721b0c1f58805ddd059e5fc2330ac43e9362fb1c00d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
864a89bad9474087de9209dd458d736f

SHA1
8b8949b28d43f3ddc1ed7ba41146a70309d55e3b

SHA256
0381d54c0f7c0b174e202f53699ff49add678214a73d6eaa2055f5e7cb3fb508

SHA512
5baabfd2219da5521cbf9801eda82b25f709f16b021ea496d199cdfd1e358d331f4b80d9c8300b33bd22b662759059b0fec925745f9c6e2308d59f3935ec8ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4f786291d762ec72596393ecc39227d

SHA1
6b01f3a658f487eb0e8cca5d9d481d3d4227496d

SHA256
7c1426e70600da4db707c9ce111c2deaa221ae258a39b3e63cc6b1d226503bbf

SHA512
ada99f4bf9edc40db153ee5dee0f591ea7348a0c492729609face0db1671c6f401ea5fc168f008f2c700189fad180e762040d7d0d0276868b5ca008b83460424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
4e44ccf82d0fe4d784e4fed47eebf960

SHA1
94ab831c2d3f3a70c95c11f88ac5c2b6186fa5a0

SHA256
363b97cc611ea85066829268855132f71660f7fe0bab1b2233b8af3d87b16f82

SHA512
ce3d6164b1320d69e20a4a429aa203128d8ae3cef0e34be01c3cbe99fe73ee031bf3fa4c967c8619150571d5d8bf1ad70928db463ee61936ed8e9ec2a8e74535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
1f6e757837b2987d4a85e41b51721e10

SHA1
d413cb16a9cca47ee8e31e92d064ef0192b94e70

SHA256
dc3c59faf4312496d77c2c060eeeb3bb1ac86dce53f198f794913d985f4b1973

SHA512
a4bf64efa1872468ef9c9db9daacdeb86fdaa99c51c4f84c62792fd1fc9004d7aa60218c797dea14b0ef45862fea9a66b5a67d41dfdbb6f2120b81eebf82d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
fc36c77a905122385b87de6d11dd6981

SHA1
9cda9010e74d7d90d2f5296aac48495de66bbe90

SHA256
a45acf7ef3ad446e25adb9b8e2aab43d6f44359c6c8203fd3171ddc04babdbb7

SHA512
379ad1ffa07791cd9b501efd4b57c6bf926d98d315913ce89c21f9a2e83385c0a3081b04c18e0b86172dbb9ad1bbe7e90b5d5b1019de921179dc42cbc5dbe8d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
4f1c1a1005cac1ce40a0cd8e8e332c6d

SHA1
3d3ed7540e115da5d50a6e8855ff3538dfc31822

SHA256
6185afce3016a1daa47ed16ba8c126062355487ef4d30d09b040b33ad83a5583

SHA512
f62576620a02cff7244bfe1ced56d0982523d8776daf27bdcfdc54ae645d8b23c076c688f462f4fb5b7744cc0cdb4b008248d56944eb3fc960d1c6e609fac550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c48ec81022f1ce9ab0ae5d8082515b60

SHA1
8c257a39c1153c69133c6af35ada612922287448

SHA256
df94b958c711990e192563cabbf7744bfa88b3a633638d8e1fe4ab4fb1addc37

SHA512
b3581f3f83bda9f0be8b35e59eb4ff9d6a22eef7abff0f86c6ebdbb16bf1d0076673bafa6d61cbebd6ebad9e7c3cd47e37d41c28ccca9e7a43c6521e98b6a339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ffcfed363c37f3eb1f9b2366056d0349

SHA1
7e97655eb028176c9b27f955b6e8236c792a9f31

SHA256
9e52070b2b0ea6cef1904541b0e2a1e19ea2e8769c47845030424c57278f60ef

SHA512
03f7624bf7785f8b956aa9bd7310dac220e9b6ea96eb52bdec3544f40f5324060e607794c018b55a512864efba5e74728b43c85195748c312ee484f4942cf3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cb706179183276bc3fd7295ebd678f0c

SHA1
fbbad339de7f28db43402895ea4406c4eb6de8ec

SHA256
83c4a36f73a964029167aefffff0e3a6a4e37b4946ceb33b1dd0807779c95aff

SHA512
8ce57774dcbdae561cb49f7d00f3a47b82c56633222dfbe197b4ac2efeff500cc63db5d445139227d3c8d4eb8b6d791ba59bcc302ad01bfa40a42bf5318846a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
e8c036f3b3453db85fa1dcb6bbc5e545

SHA1
44c591277081666f644ae1b5daf960cdfa449486

SHA256
d999a99375182183c6c3696edd5324df78db0410f56b70974d84fab3adccd263

SHA512
f68173f8d4490ce6b6c55ae81bfebeee8f70af9d7d9d0a37730faeadee3623d43764495cb899c42979b081dcd60e5833d597a8478d5c027b9a2fc22e49410c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ac20bd0f8405cae8aa833f142511ae1c

SHA1
0bf53608334a73bfcbad4a1b86c45e00f0829dff

SHA256
e587d377e15fe03a886fabfd5cc6d29672b90120d38d177013deed033c3186ee

SHA512
acdf0724adc20fc8428dbb07f55484dcfe49d03cc4a74564d6f16ce91bad232b144c7431ed7cd199a0fcead728784e0217a974bc733bcdd3739b5c344d9accce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
995bd0ac36c430da21679ca2763e8b00

SHA1
0f3b76e10b115b3473a041fee9c3feab58041bc8

SHA256
e765941254b4bf947ed960ad188a14a25d4bdfe2a6094ea95221903366c533ba

SHA512
ac4a117720202d28b1ddcd95e88d839b9d8019700d676c90acb8826d978e21a32433049b8d6922f007f9496ccf0eb82c11c4be4bfc5e1e9828c1c69b7701b8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5801df.TMP

Filesize
203B

MD5
8df87b4f683228fab454b4291e294923

SHA1
5fb51f3fdc0f0a8971e12f86224debf1d5bb9c24

SHA256
6adf5ba2d9eda6eaf0f2103bd38a8a2f2d13026c1391e267b0a5129119285bb8

SHA512
04992bfd7033621e0943e81b9e2de67298f0d759fb95e49a83e88a1b340b71f7e04878ae91aa73c7172d2b5991c89b859249f4db5ba8cc4202638f02aae0105a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fde8016e0906a0846ed4421429721d44

SHA1
30e3282d0ba26292a5221778d34fabf3bca98c06

SHA256
59f327e3657737d8b3092a1f6a53f14ee455fdec5bc37b6ab159159b0b5e4b8c

SHA512
3d4700b096e6394e7231b58431597b0d490ef6cfb80348f765accd4e0817b1e64f09ddd175b7df882f4d7e6de71240ea38eb266d86658a8ab499b1f5bb450e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d098c8de3301e2fbaba160b5d91aeaa3

SHA1
c03968c68aa6a7c877bd62dd1fe2b614d69c25d9

SHA256
ba54360661f38c15a08bcd7c0cd07e5136c2592377f236d3d68a3bdc81eac8ec

SHA512
165254d828f0d916adc9b24a956ef5890eaa7db73105563bee805b8d5ba736820a5a3dada9d3b51d8b7f00f482577b0cf9bad4e268a88d30ebb07280ce2e2e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ce3452807564c9baf74d5940ec3d9525

SHA1
642feaf2eaf0e86e66ae8f5a79c1a8ee6e66967a

SHA256
733004931637788e6b5142703b08d75c487fca9fea3a5357b31d56569aa59d02

SHA512
5a859a3acae1ea42c7145ad331ac67cfcc271121e8dbd6cb5e9943db012df6fadfeee1072f65a758c5ab63f1b71a35cc24fd8dd6a1c93a60be1f5d7983a36841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2c956f536d1a0252e3bbf67b6ef24d4

SHA1
b1923f49ccac9230efd2225962b8a86ffbec107e

SHA256
f8c0fda4bd0101b3a36ae8cf88e1ff8630b841eec26b8fde87abd7d0a937dca1

SHA512
61d0ef0c05884ea279b63cf09ae314ab9ea813d9553096d849fddb55a78f85fe90c5ea62a93d0e93740967a25b2b276c91df17d2aa29fbc4b8fb48df29cd5f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a73facf24cf7eee030e09c659ebff902

SHA1
d175bf7746dc26b7c9a15e988ac932ee7c3b265f

SHA256
6b9e868022094e9e24c04b3178e58b7c4983305728aa49863fb157549190e325

SHA512
1e6d6d83771ae25df4f9573c6e792caba9eb2d20a415df25615ea07553341f4724cb61d803bb46efc8a0be6287d0c4864fe04e399b317a51ea5f984c43496414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48db88cad697167888544bdc43c28911

SHA1
ed6af6487f230528bebda96465407c4df5b96891

SHA256
f54124347433fe41ff57911cfc569e153f4bde4b10878eb8bae694836d39b763

SHA512
de5449fbf2840574cb852f7f071e20062120f874acc0ef219326df0b0eea0a7235246525bb8bd7135d4dc3156222b616a3bdf255c16969f4a9578ff56bb3ee1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08cf9624a7be86303942a2c800efaafa

SHA1
4cfc16f1129c4e3212cbdd78d0579cc6b8b1a985

SHA256
eec661d08816e6cf37a7495433d5fc8bde6cb35cbdba88dc358b5f327cc6f9f1

SHA512
a7130fc8799a37fac3b6731466b62d6f5ca46a1c11f1a82455b8000f7ce89e4df86f20857a6dff0ac92daebdab065fbb57aac314cceb3c7bcf55c7c2b3773e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7cb4d463e31e8634f8b2d1a003dafc71

SHA1
440161ef6195cfdb7d25c75eef901615ee0fd306

SHA256
e67b3388af99aec98fdc773429bd5002313d093dc05fa2f10f422eed7127243a

SHA512
78640f951065feffced7c7d4cda9849f7621f9db6193cce3a94562d18ca7a1521713a6623ad38ec7d43953fe1ac434d2bf23935220fa58c1a4738c99bdc23a7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
28592b6019fba707567bb5a62ba583d8

SHA1
3914f7d1e67a7ff3b420bb5675d28e0074aa1ce4

SHA256
ef7586e89e03de1ab7a77e4d2265c03a46edab4498544f091aec0fe2636a92be

SHA512
48ac96681372791d930649f0f841fd36adfc4f7027fe086c6070a85d2f4c85fda2c659df106411fd0d7acfb724d53c04a0ce467ba0371e35f775b8b8e755e6e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
091a541cd893ec0aa0870fc90c550d79

SHA1
709b5829b6e3554b8c6fc8f867bbd5e42e914e58

SHA256
0e21dd264e1b79f7a34aad80dac473a66e26f895be371e38f608306947a4f991

SHA512
4fc5e924df91badd8a054ee5ed96b23d575241c058f9678ce383dc1d6d0119555f3ff1296ee41e453970a756d3b0bac8555b1fbfd3ea3fc66ab5263da4a20291

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
e86fb0d26f8622fe19b1826fb6f31590

SHA1
36a67a0c2750038a553fdc95ca98a617f10cef67

SHA256
7a189940d25ee8065995598d738e14be453d7ff69c0c31492c6c612cedd022a0

SHA512
7a0d9002caf9c094d37704de5258f160953b14c5299af8cbfb04ddaacf5a32f261e695f04bb4267933954153e7e6d2785faa83a2b7e6f9a541d4e7297cbc4d54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
b8f6e7605dcc3dc017d29eefe26386bb

SHA1
5bb73f85ae27ee828e8c8c98c16d740775565353

SHA256
188b0c23000ae09f60ab6646f36ffa42c7dca88c77b9b71c9ccf4c04503d586b

SHA512
9156d92a22223380c0441a72044229c5bf36f75e240a5da2a3e9dc9f1dee9e232eddd56a43086a8f8d495e2025ecf6adf21ea39f4ff698e757f2e9ce6a0480cf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
70abfa6288e52af5e014e7c42e679d45

SHA1
c08fbd18900b86355505738228bab5e409fecdd1

SHA256
bfd79ae9a5c83ed0161cc8adc8aabed6bafd6e15fb21b733c9ea88ea8db42565

SHA512
01576ceaeccbbe49aebcb37ea3d49541f7c8062f5799ff0cb8544a2bed3696d561080a940ea5ce5daff7215a7394c7c5c6a64582cc2618eea6f0025033820da3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
678701c20033083cd195c8179b584f55

SHA1
3800785e4ba2aafdbc1ee72ba83cb29c528f76f3

SHA256
6804ae5d5caa8b1b975d783ab26e81c760a547a674e66494da709e64d6380bbf

SHA512
98aca1412ac38271bb430510c030bb4f4d320ce22569b6736f434f8decdd53e9c8327ac821384a70a0f0c64eafb5b90470be2a6c820f872d2a9510abff9fbf69

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
c6e10c0e105417c80b6f558065c5b44d

SHA1
d3cbb9719473a8579e8636c7c2c4dba4ab7d2e54

SHA256
0753676c453ea462b83233c1ac7bfeb2a9ce418a55773640751cb444c88c4bba

SHA512
1a6af16ad5cf681379d0b46fdef5698b41a4d3229ce0526561fca01442b0ff98ff057e60c91c3b22d0385c483b45dfef8a39c89a156f7898c55690be47176e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
1389dcdc389728e9791a9c5e07152540

SHA1
88bdc37df70fc6318f6461c775c077050dabd739

SHA256
5c248ece3ea7cf845b1dc0d3588eb12382578ad24e5fbed952586864a1dab28e

SHA512
7a1fd81c306e163df13bea4182c51b723a919dd84a48fef9671f56e028d234766031efb1a818cdffe7a4da21fe6f22e538629c9f42e153ee929b94ea3f29f1e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
af4b0b492951be0dfae1c988cb9a92ce

SHA1
4ab4b5fdbefda5f2f796f4d5232dabb1874e9593

SHA256
8f2827b3d277711bf9419b6dca9316a89c5abec9ced336e3d77266037a56dd0d

SHA512
b5d64a7aaa1967662c87df0c7903bd6d27d97c41b85317c31cde04f2874dd1216ebf7995726883213ed26907157631498edb19f5515c32856254de906f635d38

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
20082998a916d13d6a8fd5a8fbf04680

SHA1
c57f4550d4eaf12632c46c88ddb86f30c14d6b53

SHA256
ee7ee6a8a5cdb8a27b86faa20ca0a7a8dc04a92341c9753adfe8e3ef3a975db5

SHA512
76d9b48d36b84ac9ff8932cef4c1cc0e7b26fdb85f41630dec4477f6437c44e166957314dc8e42c9fc9fe807876b2c9a188ad468273aa3fce473f2932910a4d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
3868bd25a6bd69d6057a6ea4771a3841

SHA1
619bf66f6818443ca454da2937e11929aacb5f49

SHA256
b1e2fca458d4cd24260ec45ace20de1f9fcb188570b75ea5ebb435eb41d7a966

SHA512
f0b69592afdec76a407d5ad0bfe881aff071457cbb6284956c60a841ea8657cd0e48d2071f04804470869ba8e4166699072ef6b22f5c8ff620d5836bd91afe6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6fb421be1bd0b33fafbcb42638c8ca49

SHA1
cc4b95e74c53e5eb77ad4d798e7217c8b4af71b5

SHA256
3dc12d701cbfaacf12575f2ffbbe768c55d7296cd994ff5f9c2225e512494fbe

SHA512
9d26a1e183eef4a24903bcfd127fedbbb55d461dbf5410c208fa250ca3bd705ac91dc8a963ff34b743ea31cd58a8a9e7e426cf2d2a160a3bda599433b4823392

Download Submit
C:\Users\Admin\Desktop\nexus\nexus\Results\29-08-2024-08-35\2fa.txt

Filesize
4KB

MD5
728c16f90507176fea4f5ce985616306

SHA1
8fd7b8f040cd9ca40c9b8601810895033a42b647

SHA256
cc6531c9de501ca2fd9a2179cc10fd1f828255d194741ca17529a20776f9d39f

SHA512
9db8cb4f86e0dfd712d81973ee6bdaca47027f131e52bde16b4d97bff8956dfea0d64b5a34f2215298bde8c1b6923ab9b0ab33de8cd426aebcdc2ec6005b7f4f

Download Submit
C:\Users\Admin\Desktop\nexus\nexus\Results\29-08-2024-08-36\2fa.txt

Filesize
2KB

MD5
71ed56e46e042819c2d7ef9c595174ce

SHA1
6621e1eaee05d4c389ae8e075b81535d0e1f7df1

SHA256
010891cca426b3f4beef8e8e0233cff1a713fe077347360257c73ef5e03c3d77

SHA512
959d814b3e348be390ed0f5c157224b50920505ac097431aac707a9cf0828acd124b3364bc498a32d3e37506717474fe5fb8a8325bca57c0572c6fac44504c81

Download Submit
C:\Users\Admin\Desktop\nexus\nexus\Results\29-08-2024-08-36\2fa.txt

Filesize
4KB

MD5
e20e53ef1b5ed63842451a4910a26864

SHA1
1d2a8bf04f1960b5b5614336f8d4adc9dd3cb70c

SHA256
c7f50fdd44a879b3c821d7fe5860b1ebb0be073edf9ffa37c4b2d6553960d8fe

SHA512
16483c97113bd38c10ccab598f81c24c865c5082c7b78a9d614d45006c416dc4040da635206193e93a6eb7cf336a71d16fc47217348ee17458df26d5206f7f3f

Download Submit
C:\Users\Admin\Desktop\nexus\nexus\Results\29-08-2024-08-44\2fa.txt

Filesize
4KB

MD5
0b3d5b2ef9f48835b901d01b6de751a1

SHA1
ec794f3534d2a4d8b729d68a62d7b1fd16dfdd16

SHA256
50e9e83ff24b6114ed6421da1ba93ef654ab9a945fc3f6ae5fbe325e487140ed

SHA512
d7081568df0941218f8fb336bb8cf576139e5707cadbc263a6f20066c3cec1c5610b32f0e409d726d5bb660a337630e8b01bf3a5b1ea434a944a85bf4466ca96

Download Submit
C:\Users\Admin\Desktop\nexus\nexus\Results\29-08-2024-08-50\2fa.txt

Filesize
4KB

MD5
4cc603a19fa4148f21fd5d69627ecacd

SHA1
4875ead44bb7b29febbc6667adde6142422a7bd0

SHA256
441b7b979cd3976eb38228aa79a2a29e1b72945f6fec8eae2b7aeb98f5c5b216

SHA512
d50c837516a18a490dbea55ed03d71bdb8c6ea6aebbe18769f2031560c540dfd59870b58c92d75e1ea0dd82d4a6efbb35a9fb993321a125dedbfafe03df48526

Download Submit
C:\Users\Admin\Downloads\1M_UHQ_MIX_COUNTRY_COMBOLIST_HIGH_QUALITY_GOOD.txt:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\nexus.zip:Zone.Identifier

Filesize
52B

MD5
dfcb8dc1e74a5f6f8845bcdf1e3dee6c

SHA1
ba515dc430c8634db4900a72e99d76135145d154

SHA256
161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

SHA512
c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

Download Submit
memory/3588-1665-0x0000000005A40000-0x0000000005AD2000-memory.dmp

Filesize
584KB

Download
memory/3588-1664-0x0000000003430000-0x000000000344C000-memory.dmp

Filesize
112KB

Download
memory/3588-1663-0x0000000003400000-0x0000000003426000-memory.dmp

Filesize
152KB

Download
memory/3588-1662-0x0000000000F00000-0x0000000000F16000-memory.dmp

Filesize
88KB

Download
memory/3588-1667-0x00000000059F0000-0x0000000005A0E000-memory.dmp

Filesize
120KB

Download
memory/3588-1666-0x0000000005C60000-0x0000000005CD6000-memory.dmp

Filesize
472KB

Download