hxxps://mega[.]nz/file/D3IBnABA#0CF6AmuhBiJ6KX5A5qrBPE3beqKfJUWzzCgsiUPcbI8

Analysis

max time kernel
283s
max time network
284s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/D3IBnABA#0CF6AmuhBiJ6KX5A5qrBPE3beqKfJUWzzCgsiUPcbI8

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
139	raw.githubusercontent.com
140	raw.githubusercontent.com
145	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5284	5596	WerFault.exe	139
1544	368	WerFault.exe	143

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Nyx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Nyx.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133701955812581335"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	msedge.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
4932	NOTEPAD.EXE
4064	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2020	msedge.exe
2020	msedge.exe
3544	msedge.exe
3544	msedge.exe
5848	identity_helper.exe
5848	identity_helper.exe
5664	msedge.exe
5664	msedge.exe
5664	msedge.exe
5664	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
2824	chrome.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 4872	2824	chrome.exe	84
PID 2824 wrote to memory of 4872	2824	chrome.exe	84
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4876	2824	chrome.exe	85
PID 2824 wrote to memory of 4204	2824	chrome.exe	86
PID 2824 wrote to memory of 4204	2824	chrome.exe	86
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87
PID 2824 wrote to memory of 4740	2824	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/D3IBnABA#0CF6AmuhBiJ6KX5A5qrBPE3beqKfJUWzzCgsiUPcbI8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffacb7cc40,0x7fffacb7cc4c,0x7fffacb7cc58
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,3292806931013435332,5243498906464864948,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,3292806931013435332,5243498906464864948,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,3292806931013435332,5243498906464864948,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3292806931013435332,5243498906464864948,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,3292806931013435332,5243498906464864948,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4328,i,3292806931013435332,5243498906464864948,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:1328

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff9a8946f8,0x7fff9a894708,0x7fff9a894718
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3092 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3296 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,8621973077623457565,15907970402469682274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5172

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c0 0x408
1⤵
PID:5412

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\TraceWait.css
1⤵
- Opens file in notepad (likely ransom note)
PID:4932

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\TraceWait.css
1⤵
- Opens file in notepad (likely ransom note)
PID:4064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:116

C:\Users\Admin\Downloads\NYX 4.9.5\Nyx.exe
"C:\Users\Admin\Downloads\NYX 4.9.5\Nyx.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5596
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 2736
  2⤵
  - Program crash
  PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5596 -ip 5596
1⤵
PID:3192

C:\Users\Admin\Downloads\NYX 4.9.5\Nyx.exe
"C:\Users\Admin\Downloads\NYX 4.9.5\Nyx.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 2688
  2⤵
  - Program crash
  PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 368 -ip 368
1⤵
PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\84609557-bee7-4fd1-8dbf-7a5bb82e4dd6.tmp

Filesize
99KB

MD5
9666b596c93154951157f7c9c8453ef5

SHA1
5aa67ece105e1a5c60c10562af076b0eeb9c3104

SHA256
25db43aa136f106ad9c0e7c8e824855ca482836528e14ecbfb2720bc6e6f47bc

SHA512
f9db7496ca31ca9af9ad15003eb897878db4873941e84889609cc0788282b2055c0039f8ce22260e0a7c6978bf25df5bc6650483fcf84b5ebfca5bb05ebf0c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
19090c6d234fd763ede9de407e2452b5

SHA1
6bc1a436172af023311bf7657ec8f81fe6e6c245

SHA256
e2ad6d9d68101e1c0dacc3d2ee86ff2a202aef24a7ead3e47bd45652576c8efb

SHA512
6aa209599b3d5bcda21885a3e6fc497a4df968717cae65f7c47dda818c474235943a9c2846113ad4fa1dfe753c7e2e89b732622e94678ec598821d2b7d9f8e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d90320caf84acd064bb88c55a80f150c

SHA1
c84061354f5e2ccfe445dd75c41ba722455fb0c2

SHA256
c6fd83d22ff52a889cddb5ab86b3c676b211e1783979b607906696a6d77d99e9

SHA512
3e94b227f0d60e47e517437ceb9bd2c555a39b0c38537032282f92604384c8edfb161cec1c740b7724a41257c3116fe362be4ebef62b52028a2b1e083ea6529f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
d64e241b17ca20fd08809421e198f579

SHA1
d5e7c481d312eaf961623d99919ea6f99ff170ca

SHA256
3588b3c4dd1e2bb9defc7998fccb995101f70ef737b9acf34b61c27f337155da

SHA512
1458840d4e4807c8d878e1baef249818634d63fcbbdcd3bcd12fdf484450ad4653c205274b0963a8a5e628a31abd1cc60130461f2ae4b8c4c7d760e1b83e4459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
11a686ceff8853e9009d87f4e874b018

SHA1
797a3cf83b6724b149f0b36a97bd7d882b2f04ed

SHA256
3da6d8c4adab90868bfc085fbc5fb3afe241bc22c46aede0139690ba7a6b47cf

SHA512
be57e243d55eea5b51affabc18d22a4ea69d4fe68661ec0c62b85648fafd2d50c8d2112e0dc50758afa593f96b466df80edee3e10de1414e2e57669b9b577bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
82ceccc091cf3d09f118607273c56db0

SHA1
cd9e5a7c69b3828992cfabcc3fef1a8763ba739c

SHA256
03756e3fe127fbf212b762b0e3b8cc7a643b062d78d0ccedd13b4b0d95d67865

SHA512
8292e9a10d5f74cb65c1b89c219dd496a22b0d19817cb89926fa37bbcc1b295260106f8273f7a4518243ee1f67252065bc17290f2616b99e434221bc7e9333aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a5251a8625601e8414ffceeef7f1bda

SHA1
597e2938651bcf97ff360966f77b958d2154a20a

SHA256
5ed7e18da1ba3a8d15e53594c41135e0dbd8f36d9aa9fc7496382e9a91f83a9d

SHA512
248c205cc753e76a0540978286016d487321ba5709ea04aaba7e429d107a02ecc0fe4416f82735a1150a49f200c1227a89df2357f0174bb835b032632f91ef4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb29a974b851dcea0a43ffc22600b3bd

SHA1
759e24b16d823c528e6a4c5aeef0a855fdca4219

SHA256
9059f21399c279bf87edff424a51735e1c54ffd01fbd2bec85e6de6a1758ffb4

SHA512
6d5832bc1ddd40855975ce6c8daef3dd76a148938542839d48a834027aff44fb63e09cf2947c541a55d4f8e0eb14fdbe0c51cd41c198f4fd48b21ac554f279e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ed3cf6b2dd88c17a7abfef6af08ed56

SHA1
4c7aaa0086fe998ebf19ad44ac42736331c7dab2

SHA256
28cbb983c8209208f1daa4a67871d4fab5a93ac6ab2eb5a0be982eb5541f2552

SHA512
53e5f3f4255aa3acc4ae7377092f55a5298a3d115d8b6c23bdc2c4dea7cf669b4880d139aaf25c3b6cf6642b1f0fd644b9fa9071da1e5fb57891319fd0d5739b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f90a58dd5301077e4128496985bedcb0

SHA1
07d45827a02d84f559d2db7230a98f17ad47cef3

SHA256
82563baeb92d09e993ca8df10c5faedf37dedf0adb90abf9967257e225b7e182

SHA512
74ff6465f6da1a77a6c47830b904eaf98c0d3994e7c650a924b9492eb280bd229e539530a2e1b283f8a5e771cbce1bd6e085eb16982a59461bb5097e0c1d95de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9044560b5ee569005b75fd97c001fe8e

SHA1
144cf84e167c032d96e777937e70a638da06eae4

SHA256
9fda656c834999498d059ea94594316423a0c871a472d11351c8736d9f25a6c7

SHA512
2d839b3abc39310ab6a46f1896968278195cad29b7171a46891fbe4f48a456522fe0129a9d2f1e9fb8e2d04f78c5289092db0c3e07f870363153a4dd01aa6ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18344be1ec689a6174b6e1837c9c800d

SHA1
f470fea0e2d64dd6aa4de56a98dd082ba6a28913

SHA256
8f9007cd190747effaea31c80304910e92fb23a24201b979cfe23d44745435f2

SHA512
fc6031bac29d9079bf3b213b70ad0c6b6ee086f571401c3417033880cfc15ba436d31321974977f9a32fd38bbdb7c05c6c8d26422f8e4e2f90e6dcd49af9be20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1c469698c18852bd2091b6f74314a78d

SHA1
484df04a16298da44b807a55283c5eace958d091

SHA256
faafd8e7eadedecd09d956c6855447e5faa49d82814a8979a9ff4bba31a68d86

SHA512
dc9614addbc1dbdca9096c740571eef0c0c33db24591f2db6356426235e05df05bf2013001bba84a5caf0198841e5b34d1d395552398ed0c2b45d22f6ce95b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
91e529686bc856eda8d198c4ef24e1a7

SHA1
8feafa3716130b594bb1ba8d49b4d5e7d09ba1a0

SHA256
972c09bc266d0fe8a5f393c17d2624bef03b273d8471a06acd60a810d82d008c

SHA512
0f38c0a64851e887ca777ab7e54d904d51c7f24dcb9ea792c181f1fafee1300df221a4cf0c9f84357db1ddda4696cad6d134c21aca5c7206baa5285b46b6f7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
5133a519853a5049f1fbff9cafdd9df2

SHA1
887a2b5f1e2ec5f0bc91cb5d5e4ca2dd46c24fbd

SHA256
2479eb85a357695a3a1d7384f534e90e30be2d7f5e60dbb116bf214e2bca8c7d

SHA512
5667b731a6649fd24045be2c36e16093090fed3db64cc5d92eb6d4b73d51716ec243ab62b2b534132976dfd59dbb3ea098557524e4cd5b31b05baee39bf4e4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
209d6f46add10ebd4e65d17cb5581b91

SHA1
271fc5b2afe38daff934803081e105abad7cc2de

SHA256
cd09efe4a5928d16a39ec451a332ce95d8379ce1a6835e5b2476c2ae236107ec

SHA512
b908a889d06b1e5c563b0ae1583cab529b652b0ff1ae2cc03fc8543c4a11f551c306026832bc502d728057bf310cd6cd69f2fa87c3e62b42d2d103f2ac93ce1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
4.5MB

MD5
4944f8bd9692ccab57ff30030e4c72c3

SHA1
0232de635630e91ff456324a2d1408aa9be27c68

SHA256
4882531357643382751617efbf808b58a0653cba1afcf4659b9d2bd0aef677a8

SHA512
3d3dd155087d997ebd325652c02ff75b043632f546c341225b3e750d416155aea4cfe8a3c392313e118c989e11a1c7359c74f1d5ed1a9f3c66b7810977c57953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

Filesize
90KB

MD5
0fbc21a293312ff3d0da50941cd9e1e9

SHA1
b7cf089db264de336a66ae88e46f8152cf18b880

SHA256
9ab9968582d6691836563c8253d060c96a8eab0e52a4d814b659d1385248ccde

SHA512
35876f7e149c8f6b336a9ad429d15dcdf485275d14af49799e87def1279858e883d83ae6cc7fca98b397245a9b499e7a930ea576d4f34f1d6f656fe72a6733ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
ea13f748fe21c12cf715f7cf7b4e771f

SHA1
c6cc9d5dc83350265c5692ed799a53bda95d5224

SHA256
050a410e442cf87f41835004c88695af0b349da589ff911200e411f0eab68e5d

SHA512
383c88f3fc3e2f47150ab06cd04b05593da6244bb63ab2f4ad57f0958b7ef10d7abc12427d7ee685a8157f3afcf342b6578edd4ae4458a18c494d1d988ea911c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
cad67f44471f04b6c0908e95f9f968fb

SHA1
eb5ea277353a531540ad8e8cd404c564ff8cd67a

SHA256
62bc6a303e8559fec1fff4edee2f26e1911d530b83088c42898f3bff539ea34b

SHA512
bc5f121fdddffb60403fe383ba42cdc7666566846a54fab4bc47ae3c68d8a0af4a53a2883a0e76b632ed219e992bbf3185b395ad13b3c531a78d1c9e1c439888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe5a6af0.TMP

Filesize
335B

MD5
af9e719709d32b0503d551ea4c50d054

SHA1
19ecb7b763d40d3df3482c28d66767a845c98aa6

SHA256
a07f68cefd21ac0c7bf5ac16b8502a44ec6590385b65169ea3b99165b8608971

SHA512
df3bb66610750c37aedd09b4ad35821c1f9c62a775c3c280b5cff133870beab1cabb1188da5341e18c15bbe9f4d63a2c8f98ecaed67e10e3b25fc9776df11ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
258B

MD5
52f54408f73dff022cd0f55af561aa06

SHA1
74a916221e9e3e20e2822ebd0a0c9566c048cbc7

SHA256
557ae00786147ceae4ed8a20bd62bf9bb294a79934fef591c81207f571b2c9d2

SHA512
2cc332790ca397e93e84bd6eff33723ec72321dda5eccf9343e2d2ba9e1906b868383034499eb53fcd7e335718faaf3cf3f1d2b97e340135dc5195701de810e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e328f343ee8c9d6cc29a5f1a49f69b5

SHA1
e9430ab7c1252d876a779a7f20b369acc8d1176e

SHA256
dee1079c8588cae2991926ae8ace4442196a92ff6d9dc1f5eea39c9b545462d3

SHA512
1d3fe909c3aa3edb853e701533e05d0e89a19d36ae6ebd9c0e12787d8bea584abb4bcebc8ecd438431f53e0f9796316b6a054616d3e62c3395c3e62a99a0a76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f890e785eb9858b516903d8f565f320

SHA1
bebfce42c6c73bd1accedd737e8acfd0c22d0606

SHA256
13282c85922d69419c967f113b2113c5d970d6e62ca8efd0ec5f7c481dc76d40

SHA512
57a74df5a3066a0be4d08bdc800a9cdf098b970fdeaeca300b505385bed17e5263e2ab89f8425e21dd32406875bfa5dcc62eb20ffceed0b216738cbb177806b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5be334a5aad981692f023ace931219fe

SHA1
4321d0178c649b5694487bdb74ca453cb890f902

SHA256
f24daa6457103cb258b9eec2d8bbcc0fda69ef41079f78e766e9a6613d684fe8

SHA512
e823fbe1c2a93b77f72f8438a0a6d6d0c97dd4f389eace46ef227a616bd6547d051ebbc799fe638863d87c63fa39584a95c2d984b4c4d3273f37b4e6155a415c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2667342f036f4f785d36e6360b7877e5

SHA1
a8720db12538a55149dd972002100294263bf26d

SHA256
c9973dd5c54035fe8c165a84e2cf3201ca78e0da5372f45a209e661e1528e9ac

SHA512
28466d9f6586f608801fa4aa9ce948cc0b3bbf841b2a570e25302bb6461822ea345bca6988024e3682d00abb53eb206e198cc4263021c706c6652618b70dda23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0071a42d6bdb89254f322a0a354cab58

SHA1
fb67fc43b6abd0572fd0d57043b17c92119171ac

SHA256
557daab3f0c9c11baecd5a1a707a1bef034ba652267d3a6193bede1aa0c84e2e

SHA512
c1e8f881c5055049ca735e0c97eff5ddeb4eb36faeb696220dd5e77e069855b4453a5121c8a28daf695a5dcabb93aee39a99b5b52a39620aa300e1264142e92f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
131ef1ff53b5ea74669b9609db0db949

SHA1
cf61bb84901f9721faa36a5eadb928799d614116

SHA256
1d8e83c8eb0501f7e92d8f1916178d99827378a86241948cd970df2117a8a195

SHA512
70e0e665f52d6b2abbb0e0a584a3674a9396091385b9d7eed16711c5664cb9f8c1ca5ec6475aa402e1521b949839840b96e7501a44631a4246ac89d1193f7c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d4a1.TMP

Filesize
48B

MD5
fa027c290342aacab51873ab7b8a2de7

SHA1
853e012b2b57e9af0993cec4490347ace281d170

SHA256
50f6125f13d76a16b57eed64ad0a3de3df6d1b558b2ed84531a96e06d8745c00

SHA512
c1f0dfe792aad77f8a5ab241618f92b15f7b54e23e41ed4cdcbcf4dc8229a8d2490dc76485467f71795d3970c70c2f75781556e686d451491190164da00443bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aea31771c7e23ff7d48fd36afdf3881a

SHA1
f29f0b8cd1231759d4c40712afd3b2a5b2b639c2

SHA256
57153824733017c10a181fc032863d78d5b0c9646869e006a63d3325876c21f8

SHA512
05fc63540dd8460adadba352530de458ddb670bc59cb9b6b6a6722e992ea5640d34b9bc50be8e7a7b773c64ff6ab0755c05e69606026729903c8179bab229f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cb01a2a1231663f0bbd1323cf8bdb5d

SHA1
ba0c60f475669f69caa3cd7e011734f607197f7d

SHA256
43db2c7e5433c4af3630f004df63c86d6c8a2a6d600777daefa89cd0c79d6ecd

SHA512
94fcb25ae95ad8a8075d5ffb17412291f3523696b230f9a76b5631a81ef08cc7bee7568ce97b6d6434b533d906b5d691838a2ce19580b4471bbc23619f1d9059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8e0dd20895d6af46073bf67bc4fa7ae2

SHA1
52d5d977c33eec48c064bcb5036c2e6986ebcd9d

SHA256
f21e5c5c654de602434beaea4f7236bfca5780ba4730d2d98c7ee8ff8596663c

SHA512
b3423e36dd3e80f9424167300b4e6849640400216a0536af9f51a3729d3eaa3f5461b509ce81c9b6eec69cf7bd1babd0c4ed8529950f569f17c8642e84e4a812

Download Submit
memory/368-701-0x0000000005680000-0x00000000056A4000-memory.dmp

Filesize
144KB

Download
memory/5596-693-0x00000000009E0000-0x0000000000EC0000-memory.dmp

Filesize
4.9MB

Download
memory/5596-694-0x0000000007EE0000-0x0000000008644000-memory.dmp

Filesize
7.4MB

Download
memory/5596-695-0x0000000008740000-0x0000000008764000-memory.dmp

Filesize
144KB

Download
memory/5596-696-0x0000000008870000-0x00000000088BA000-memory.dmp

Filesize
296KB

Download
memory/5596-697-0x0000000006110000-0x00000000066B4000-memory.dmp

Filesize
5.6MB

Download
memory/5596-698-0x0000000007BE0000-0x0000000007BE8000-memory.dmp

Filesize
32KB

Download
memory/5596-699-0x000000000BF70000-0x000000000BFA8000-memory.dmp

Filesize
224KB

Download
memory/5596-700-0x0000000007C80000-0x0000000007C8E000-memory.dmp

Filesize
56KB

Download