hxxps://mega[.]nz/folder/HZ43QRzK#TtqMnisZc9e9CG7Xc65qYA

Resubmissions

18/09/2024, 20:30

240918-zalezssarf 9

18/09/2024, 20:08

18/09/2024, 19:45

18/09/2024, 19:40

18/09/2024, 19:39

18/09/2024, 19:39

18/09/2024, 19:14

Analysis

max time kernel
998s
max time network
1001s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/09/2024, 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/HZ43QRzK#TtqMnisZc9e9CG7Xc65qYA

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NexusFN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NexusFN.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	NOTEPAD.EXE

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\HOOT.txt:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\nexus.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 922836.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\1778x Hotmail UHQ.txt:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Fortnite Full Capture.svb:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 4 IoCs

ransomware

pid	Process
4340	NOTEPAD.EXE
4524	NOTEPAD.EXE
3508	NOTEPAD.EXE
1852	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
4344	msedge.exe
4344	msedge.exe
4776	msedge.exe
4776	msedge.exe
4752	identity_helper.exe
4752	identity_helper.exe
2600	msedge.exe
2600	msedge.exe
2920	msedge.exe
2920	msedge.exe
1668	msedge.exe
1668	msedge.exe
5104	msedge.exe
5104	msedge.exe
2772	msedge.exe
2772	msedge.exe
4848	msedge.exe
4848	msedge.exe
3708	msedge.exe
3708	msedge.exe
2392	identity_helper.exe
2392	identity_helper.exe
2832	msedge.exe
2832	msedge.exe
3684	msedge.exe
3684	msedge.exe
2008	msedge.exe
2008	msedge.exe
5616	identity_helper.exe
5616	identity_helper.exe
5744	msedge.exe
5744	msedge.exe
2532	msedge.exe
2532	msedge.exe
1524	msedge.exe
1524	msedge.exe
4092	msedge.exe
4092	msedge.exe
3568	identity_helper.exe
3568	identity_helper.exe
1376	msedge.exe
1376	msedge.exe
5496	msedge.exe
5496	msedge.exe
4556	msedge.exe
4556	msedge.exe
6208	msedge.exe
6208	msedge.exe
6648	identity_helper.exe
6648	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	2968	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2968	AUDIODG.EXE
Token: SeDebugPrivilege	4568	NexusFN.exe
Token: 33	3624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3624	AUDIODG.EXE
Token: SeDebugPrivilege	2020	NexusFN.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4524	NOTEPAD.EXE
4524	NOTEPAD.EXE
3508	NOTEPAD.EXE
3508	NOTEPAD.EXE
3508	NOTEPAD.EXE
1852	NOTEPAD.EXE
5428	NOTEPAD.EXE
4340	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 1532	4776	msedge.exe	78
PID 4776 wrote to memory of 1532	4776	msedge.exe	78
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4072	4776	msedge.exe	79
PID 4776 wrote to memory of 4344	4776	msedge.exe	80
PID 4776 wrote to memory of 4344	4776	msedge.exe	80
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81
PID 4776 wrote to memory of 4352	4776	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/HZ43QRzK#TtqMnisZc9e9CG7Xc65qYA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1fd13cb8,0x7ffe1fd13cc8,0x7ffe1fd13cd8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6964 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9280120464890687109,7589823539963671728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000490 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3896

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:3692

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\HOOT.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:4524

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\combo.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:3508

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\proxies.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1fd13cb8,0x7ffe1fd13cc8,0x7ffe1fd13cd8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,13838729480459116503,17065786865961536642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

C:\Users\Admin\Desktop\nexus\NexusFN.exe
"C:\Users\Admin\Desktop\nexus\NexusFN.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1fd13cb8,0x7ffe1fd13cc8,0x7ffe1fd13cd8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,6383724631589206428,7020533320500659964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:1548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5184

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\Results\18-09-2024-08-10\Epic 2fa.txt
1⤵
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1fd13cb8,0x7ffe1fd13cc8,0x7ffe1fd13cd8
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14057754081663152892,8281001055481767703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000490 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3624

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\combo.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:4340

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\1778x Hotmail UHQ.txt
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5428

C:\Users\Admin\Desktop\nexus\NexusFN.exe
"C:\Users\Admin\Desktop\nexus\NexusFN.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe1fd13cb8,0x7ffe1fd13cc8,0x7ffe1fd13cd8
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:6448
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
  2⤵
  PID:7136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:7144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11102369441412418723,12075438841081217781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:6236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:688

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\Results\18-09-2024-08-22\Locker\1+ Skins.txt
1⤵
PID:6768

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\Results\18-09-2024-08-22\Epic 2fa.txt
1⤵
PID:6428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9922056d2d0c82b0b15fdea40711cb4b

SHA1
d863ef216db8ead2c1cc80c434ba438858140f7a

SHA256
426588e59b0e2349cae7cd6fb971eef292ba0c0ce0c47aa2f51235597f26d9e4

SHA512
4d977430f77987d72b10eff74ce4881f7d282ed4ae88f9908e3ba282ddea305df229ea931209fcabccda7aa12f2180d56ac94b3c99b1a14992d68ab867ac3c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9187cf5118031ae96f0060439df320f3

SHA1
2152708b54d4f5eba398f56d7a4f8d5d6b8cb102

SHA256
c5b23f77f6aba182d883a67a0956c1ce6663cf1af497fdeae6e71eab2c1874e6

SHA512
38b9e636b768e6ae6f8df079fef52b43265ec06e620d228ceb8e7a4f5fdbec8a3c1c1f4eaf5e52fe80a048c9d1f9400045100d999af006696f55d9c0c2150fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbeb40ee6385d660d41ad368a12bd24c

SHA1
5c0de717e1ccc7db37d859f5fbdaffa5d1e8f375

SHA256
05083f27adfe03ee2a345c68a35546ba8ca5fbbe015d06eb339adc35c5a76a45

SHA512
21505c53dcaefd01896375d0eefe2dff06aa0b8913655a2ddd8c6c6aeedafa6224853c8c227c822d79762af53a2404cb5a072c8d1709ed9501646f96c2e3c805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ca5e9955524c9823b048e60ed6947ab0

SHA1
aca389f7f8abd8a414c75b6edc7d9b4b4f9867c4

SHA256
06fc4308be85717134d406c5926d769e72b50956c2b424131bb2b3416e7afd8a

SHA512
63abe46140b6e9824f3cddd85a4c39ed8efbb54bf5d3872e8033f7bca698ae9ed10454d8be73500186e701462584f516ecb06acbbdd2a6a02d6dca7616002818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7edd4095-a1d7-4aa5-ad65-e38436c506fb.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
42KB

MD5
1e839b4744ad28d6e340113882563fae

SHA1
89cb26bc12ca7316dbfdf0003b8422a1bb1e8e19

SHA256
beb665068f875334f864278e14622ab0228a099461a6d7af43c75272ba158953

SHA512
c2ed45f74099f29d40142d6a71f5b1aacabc362975b78b1289e4a02d317b1e7aba1c093fb1c87c22da63c2883088a00bd9cf8f22572b29719197fd75c536fc2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
36KB

MD5
f90ac636cd679507433ab8e543c25de5

SHA1
3a8fe361c68f13c01b09453b8b359722df659b84

SHA256
5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

SHA512
7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b64630ce691d1423c932fce38ba7dd6b

SHA1
36cd70c8dc5c3ab9d5d6f822a5ac02bb86708a85

SHA256
1b6fcbd3b6a7f8e796286fcbb675a11d59f7cbfe789c2b5fee400dd2617d5669

SHA512
523407b88c36bf0132e49297ae49bb504da70cad6834a4a74717f1501a4825bff35fbb11005bf21fd8811558d9c05cd9c908e94049ea9e73675a01452e2c448b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f48d536b075cc134deed9e598c32550d

SHA1
a83c9ef7be69447dda333f610ec1771b121e1df2

SHA256
a2278d9ca1f2f2720d2010255dc86ba3d1ee43ef277493721f76b62f08528fab

SHA512
b05f404462c9307c1c02e809bb387d202b9bc723603b96c2e2a27a09e0261e3be221c0949ba653dcfca497cce704088f94f9995351c965fc7e9b8e4948427e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
026108350466515107161f7d768359ae

SHA1
85ed2a8392a74a5c1d423eb7e80a04bf227e6bf6

SHA256
8782f0872762862d47c0920c1f4f84baca12351b2f94341b3f98a32dd861479f

SHA512
b018703d3a322968859651d94ed9c40c71e4b839c1ccadb729e046bfa0087ae8b838610155b394630a4424684e181e0b6031442b0b9eb36b74228a2a7aef4901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c75c005e76c2972607b269e794597bc6

SHA1
504be676722b49e3e0206b02b07642b012ff883d

SHA256
81e38ee6f1d6a6bd48e1a4cc55d9aea5554e60459492a3b31fe79ab618b7478a

SHA512
57fa8ed39489ab88b77f5d3f10fad7057e86ef69b4873f7081314e154c208af9fe7936922c2945d310c8d7f708e3dbf6a885bcb90cb6aa1ecf8bf0e6e9a67c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
83c26d639b9ed7441fc3aa89cca77f31

SHA1
a2a44df6dc77752b7330dedb2f5fe4d4b9fe8a8b

SHA256
b9b4a620005fe87de78dca290a8403f695b9c868971d12916dc7e7f18fc8fc9c

SHA512
b12c9cc7caf51ddca197242f53f9db31a9a4add7aeef4f99103909c8efca6445151a0fcd34a19ecef0c5d05a7933d21febe8340bd2a1b904f736d595c1dcb505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
28774e8890ea348a3cd6bd2a1a528574

SHA1
ff4c3d41973cea628bac9dc373ce2733670afcf4

SHA256
aeb3bc5f0db43794d1fc0569b67e5174cfe9cbf0e68b40dc3ec889e65ab6bde8

SHA512
e3195cf78dc3caa4408f5dc22b6d2f8d26c513e6d9b2958f0212b5a8f7ddb51f03b96fcb9d78a7d5619b5e30970fb23612951fcbb665234b6dfadd7bc31fe89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
36KB

MD5
fc5251204bf5f7d716adbf1b5b4c9d90

SHA1
22e294da88accaf7521b692dcd0590ede677e6dc

SHA256
587297995c06d36bc021a1d93db820f2c84ed3d0b6a3e763e6acc0a519e1d0a3

SHA512
efbca1a825f9fceef6917f0690517f2aaff369b1df69418ae30b7b58bfb831f7ab2f2ebbe244f48ceedee790d485d8dd51f263c3b92478a549f7c5210a942d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
cfd98c4323955efe7a45884d4b2b394b

SHA1
c3bf414de4e24df9129ac0e73ce4a90914582306

SHA256
6defd82624d5a5a9bc2b312c049571c825ed4e45ed383c19f3ce8c3bf3125941

SHA512
765c825e0ff000b236dea9b91e6e5b2c4af7b8ba8eb8c7940973cca378b6fce49f13257bd517b8dec910a96e7a07306beaa25826b9901b60ca0f5d62eb0c076e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
24e11701c53c90fc40affb01c4bf2c52

SHA1
5d1cbee2fca6521890ab6688d3f2912a23b1bbaf

SHA256
fe1fd767a726c3521a1fda9cfa20056a31d7d7a7c742ccbed6b3942abe9b17dc

SHA512
9f034d34d96c1ee7a1cef2e17e461842ac5945cf43b39e8d88113feac1346a7d43ff4809dfec03c0721ba80de55335558645fdc070c59d21c77b8711034cffc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
9KB

MD5
41edf82e605e7605679a66f4cf3566da

SHA1
ed9261f5156409af0dc557d15f7c830e0fc9e8c0

SHA256
08aaa0ef4ee0ae6df9b9bb4e0456e7e8b9400529caaceee9db7cb017a3edf299

SHA512
696ad4eb1a4d969fd3ca84317906aa59955b5e12534e0efd2c788615492f7948a6c79a4e015304af277f43d0730ac52a6def7106681d9aca8e8e848bd274db52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
c633abd59c196ec870a4adc13e835810

SHA1
abb23947bef5940d5752ac48caa0c44cc4b3b753

SHA256
4feeebffc0c64f865a620cf1ba39fd36bdc150ba00c8d3cc29df9adfa51a97e0

SHA512
cffd132ad16e14a32149ac194f1a2e1a87be0ea87b10a02f4116aa777aed352ba38f01f4c7225f2cfdaaf3f1d70d4b88da092fafffbb7e390c244b5ece759a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cb08919085f5ccd2f0f4d742379b9bba

SHA1
3387476b6e03d21bef9e5602dcea7ccb3dff92cf

SHA256
47e50c1ad2bb0d4d6c506dbbb1bd7fdaef6404c88ea02b295922a1944f9c65fa

SHA512
ffc298ab788334bf2e6a663a97d582a10272f257fb53d13606f382daf2b7de3a93114d73def4a723c346831e951ec5cc74d545c7bc3308b2e2f079e038fa1451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fd1470b1923a6fbab1320ec0a77e312d

SHA1
3ec521667a787c758696e6e8eb0e6d791a5f515d

SHA256
12f262939d0189c6c32fdec16e733a28849ed0409f16ef8bc77ad479bdda263a

SHA512
5032aa1aebcdf07db52af8213810ae716326d2b4814beb744b8792673f185f8e6a2a20f3b591b3f8fc4fe82bdf680fc3d7095ff6e30e047741a5809e6a3580d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d689c74437ac99c8f1d891a034e82bbc

SHA1
ea7de4463dd120f7721cb6f19020703abc783df6

SHA256
349b2cb354cb8d86615016629c3549c03e53fcc99699ad3e29763c4ac394b755

SHA512
4f0e0d3631e68a6e87dee2db55ce4c34e5db7abd32b91d1ed790ad219f41b75e93a8d585a529463a44d4e8f8a006f4e70148a1f64c817df53bb81cde139cdfdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ba4d91967eca3aa6e48736cb967d84ea

SHA1
0a8c4e73c47bfb0a871184dd9ce32be3f3eefa8e

SHA256
87e788ed90016a2780a40131e9a5c561573fbb7810e6fe12bfb50275d5745d34

SHA512
facfd887f0e90ae982f2bcd91ce08e3d6b2a2b6596f30343e29d7500db0d3cb53f1cb11a4bb893bc02274f702d2bc0587e14c983bb668bd9ecdc0e9402f027d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
725862e925314a80d2ec9480e29b7419

SHA1
a17726faa022676890332422bfb38b56796505e0

SHA256
e1c0062bb2d7ee188877015f20f9f8e6064d201d78550cacc36ebcd593234ede

SHA512
aee142fb7352e9b67b3cf460acbe81a1e5f5597bf9b499244addbc1ec476955977fa2feca2bc912cf9adbeca0ae2913626edfe53e6f884abaee3052afc3cf5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c17ad95b526975d7fd97878db2d2a622

SHA1
95c4a0ef1d365241c53378fdfe7b5fb1aabdfa78

SHA256
8d19b5276a41ba21e55757b47d303ad47dba3e4b0644c8e26dacd55c7053ed8a

SHA512
cecaee6ebdb387f0e1f4598ade3f3f0709d1d044bc41063f519e16bc9a0f5e8cdf306a8683188468c28ad2a6268ede2b557bac503229a93217b78ce93f9cb4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7f5a1bee733e08e4e374bef990c01131

SHA1
d4c8112de44cde41d0321a0ff0e81cabb05c0d2b

SHA256
c57efd3a686e821170c36fdfe9f624e8e2a48a3d2018964a8cec7d9023173353

SHA512
3e9e57cecb38c42c07402bf194d7a68b69da96d58558b40e32cc744edbcadfbae7a1348ae9c57d3d024005e5a42d6dba3b91a675955e9a70954d55727fa28cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cb189ea48780f577877da5c66c697fd5

SHA1
7f336c35323a5ef0e59a19ce3384101970ddaf69

SHA256
e7661997d837103d88183645e147dc0e58f8f105da66c95055d90760f34894d7

SHA512
d8abb82576f251a65fd400e6fe1507d1efecbb43b7c1564934f9296b0a8fb8abbbd0ace0d24ac10acc286607e467a16a5a30533760b536888c2a5eb20325fd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
364f6f615e407bfa802d609482a82bae

SHA1
adb819c3eeed479f1e2f7ab6d62122fcba8f616b

SHA256
c40ddd1f01ec0c12f9a5833473cab348fbc579ff7ebffa92067cbc703b90558c

SHA512
fd817f565dcddce75018d3fb52c238f91d1905f62c65d6e6cd3d801811e51bdb039bf214631c0bb5d920aef0a64ad2e759f218781aaff747fcf1a232ba1d5e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c10d42f9ea490e47f7852bfdafd1b451

SHA1
99c2e69da83e1c5cb2f6d9cc180c86c47d60ddd0

SHA256
c84f5208225f7f314fa3d902b396ce5d92acc0efd3003b6a3e618b465d7df0d1

SHA512
68cfb853ae8cf634ff32c2f781904ca0edb3800693b91819451cd8f002a038e41b4049b0b68032d4c5f7345b82f5e4d50e8ec970fce17106b1642f36fd9c83f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3fd49b245ce5ac1c56400dfb0079aa98

SHA1
ddaad047126a2eb8917fcd392b6fe116b1c32b64

SHA256
6ff56f75b0806c341eed9ea2357c00df957e4333753053b5971877a141cd6487

SHA512
8a1ac2460a89d7fbde850d43fb7646b5f2f31e2302391147c8d1b8560233bf51dd7e7b7ba1af95074a073ae78359b0e988aa4d24349d862a1c6f342fa5d68d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f00fdbee01d5ddb95bf1a3219096d341

SHA1
e8014aeab92406107d0f0f1f9d810fc7faee044f

SHA256
51d3c06c757fddace19c226b1704f8de26087af9179996d3944c1764fb48236f

SHA512
342dcda5346ea59324ab9d0512afe2fa4cf62b1cbbb5dcc0b4fd28b362642d2b0af3ec16e9a221e5e54651a86daa974497b56fdb2d5c336fbd6d98da467d39c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a49898751b843c2b0151f335b197e779

SHA1
5990da9ad722b22b0aa5aadda64b9eb88a5cd25f

SHA256
58cdfe06d37fb48f321838848593e9e5a97324ba90ff04056233d46e5d3ee9d0

SHA512
8d459331c25d5a29f9ae83ec3611136ed765c3aff329d86b7e28798bdcd57f853ba6297d4321ac4d7bf720c6b9c64b77c50f227248e72c729668cd5329ebb898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
544563a2300f331ed27ebd98876b27c0

SHA1
73115870c49b4544dce478134f302cd372f6299d

SHA256
f5babea8c7dfe2ee56e68318fd8adcf258c92d3193bbf7071f67e19acff22926

SHA512
824cbcced28d120c21bd213d62c9d24f06abb3b967e470bdb3894abf2e4babbef431ea21340c89403b97db4f103195908c44baf523a3a6a1fef179145d09e602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6deb5c22016732459380ae07432ea310

SHA1
a519d210ba3f4838a9f1e13986fea2beabc997ca

SHA256
ef387ff9abfaccaf5edbc788de8ac28435df87b9d51213811662312caf769c5d

SHA512
f341f492b473c0be4c1ab6412fa61ed877b92194370b3d762f695a6b4665f00a693ccf789738ec20df069e281a72c7df40202be6fe24455cfa9c977da92c53b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
afdbd7780da33aa7693060d9eb99d3fb

SHA1
01f4b6fd48cabf9ce22badc9d134a10988da2340

SHA256
9cea616d921792cfd295c783a78bdac538b4132df61e6082d0cf15bd0fac21a9

SHA512
2feee10340f3aa5d18b907b73d09ab014b8ff12f0c0dfedecd92a37f2a401800d99cbe5b8e92321aed3f9e11e97ce28f9b0df7d51eecb62ec5305c52122bd9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c8f5c7e6aa30659f3082b2d0aae71f52

SHA1
b9211c0e35de63c7524efdaee770ccd8d36c3bd0

SHA256
32f785aef158bccb5afb19db951b6b92f37bb820d2c34a85e3bbe3f67d0b7b2f

SHA512
a75b918a686617014ad588967dc88848e7fb538f939944bff752acdca9ca8ec58f710751b6619ed57029d6ce4d45b7a8fbe369f52251ee6b05a3918a3b0f4c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1445dbaa87935c22de01a22d0785fa58

SHA1
7798bab16296d91cdf64507917cac1b691bc695a

SHA256
1cb24c7b02c9ae6b3e9d1189df74c67d228be9e217b9072b897411f81bb3803c

SHA512
746bb943e23585192a6c38958e40f2abae9a36810b2fea39cb340760fe0260b28f15e97d3f5adc4ad1c36b50e9183a498e60ed6540f7c5ab7f121d7bd65b1109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f585aade6bfe50b80b84a99a82040cd

SHA1
3380eb1c6b0ea74fc44fd179c68d000eb61c7c40

SHA256
5cc030a68ffe45efe97bd90f0b6d2b3a78c8cf383789c4f2aceb9fa0187629aa

SHA512
40c8fdb98631a8a44b46b03bcb8f80788646da8fd0261034fe0c2136081b7cbd7a902d8ddad9f21ef6fcc31edc2d5a6c2a70b82c2eadde1d5881f2039a451bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dca533387dcf00e0ca6b311a2af26e85

SHA1
0cb7195f8ed7ff0314258d14fca6a5f8e1f94d30

SHA256
7cfccf47fd5ec3d956f99e522a99ba5b03316d6a2463e2ea46c63fc7305e1eea

SHA512
3db3ab4df51ffd3a9fde739752d43009c7bbc17b0e8adf7e350bc268e0702938553181746ca2d2a84038b1633330a1468abacbe02931817ba05b12a7e2c4ebff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d644147226bdcd5464d6ca8cacb2d5fc

SHA1
9d6c9e2811bfab80674e4c870208f75bf88261d7

SHA256
ebf4f95f88677ac5f7764dc0a28e326320ab9eff9443d43912143d3470991079

SHA512
b0d0d5bb4efcfa400db104c146b2aa41560b86c2d0eaeda017a3e2d19fc582f8a3fd855d953471fee90b7bb342bd7af1695dcbde3b970b10fc0caa3d6d84fe61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
61cfead9159487a74c88252174f30e1e

SHA1
155c64c95bac317a8cee113c7d97b1997bd85a15

SHA256
7094d5981d27a6e1ca505e324c1d5b01628e8a293a91b9d3a5cc21d3647f45cc

SHA512
39b6b95e2d9b4241ef65a7604e7f3b0d430a556ef726129f5353283c4ec0a9cb66db680839b40bc585f5434d75400c2ce9859b368e83674f8d0d88fbe65157f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
65749c79fea8aa25b89c7dd91623b8ec

SHA1
9623c9e7ac282a752cb3005af2fc234f284f6891

SHA256
cca6ffaeb0cae843f89adea6c3e9af8c520a780486d86f39f5d37c550dafb7df

SHA512
38db05ab84c8c7e8ce7214930a002b7346308dc4980176c5c340d8f00a00b2721200dc127f7af34c29e2b853ed4cd806f09d6493a0c05d8d35a810302255ebce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e44dce0bf53db97ab93a409ae72866db

SHA1
db90be94bf452c5b85cd36ff43d38ac26432393a

SHA256
447e416063a14e3c66d4f14059f69452158493255d6123b2e634f2918fab4dbe

SHA512
151638edd74cb4e6f7253424fab8a00922793975e1987c2a3d0fbda3601ce78bf4cfa675beb7dc8b08f4b04d3f9935964ef5831696ba49baa928547af52adb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b7943a5a68cb32e126044cebc5edc6f6

SHA1
35224bef4f1635b52642df3fbb81173634d4671c

SHA256
ab5274e83736ed61c22d630b220d5b177e15d1d4b71d959b83c5dad8818d5c0e

SHA512
9c976a1400a38766b6589212d20fd5d2c93b6837be02988e9eb9438e5cb61ba457b134ed33c2c11a4cce7d1151e124bd52bb5b31e34c240809d0a95e6e9c1dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c9a0ad4d268f2c064b032cfcd170aebf

SHA1
e3416cb5f37442e06f858987b1173ccd10d85396

SHA256
41d63c53e48e622b1d9b8869c364335e916de47a19b63491e0197d49577e43a9

SHA512
cc1f6177ff9c1ab5f0e5f89ff9e0378e3b11ef02eb7549abaa21cdf9a22e527f72f16e0bc6f090f38c966d787fbc85c31852d8a65739830cff5396cc588562f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
28c5cf540bcc915d8b28a4a1e16df17a

SHA1
11175a39f8144b01ea3504d01adcc5f10c0ec89c

SHA256
a8b2f7010e1d482d990b0738e808d68e799f02f74fcc1cc6c0ba29237a1206ea

SHA512
e00eea20a43843ca08e96ac3434b29e6d120403248d21a13bea7c02275c46f4f9ae04cc53e7c4aa8b551141c5b6af930cb502070a6320fd77ba2115bf0de782c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
818ad59a020d1bd3eb8a62adc71763d0

SHA1
791dafe0bfdf420b39e999028d6c2211d9dc9d43

SHA256
e5afaf38d46006080ed50709ec1a965b8b68bfb6bc848f9ce76e4bf7c467af0b

SHA512
5f38a4ec4d0350312f2bb8f98bd74ed7e116e6ff3f9dd9ee1725773e6ccc6bc5cc1b9e5c445af0208bed4471c4286f447b33d97ebc0532f4244dc9660906c894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
85c08950f8a8c752b45a470ec8a0f17c

SHA1
06fafe75bbe6621ff128886f4537e251ba0a9a35

SHA256
1a23b401d64c8b00e580cc3ca332a5162219829a3028c1c06557dc521348d6da

SHA512
b6635f9d79d12adc463846c21aa6a09ef8b84e08ae0e73bd0465524b625ef56a80bd7d603db5c4ec3217fc156c52160d09833dc1b8bad98e54e9be5f1c44e57d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4f579bffc588ad6c874886c3fcf28316

SHA1
b38248711ffcb8df306892ce7a4f8c50084e47fb

SHA256
cd70f9b887e99633bbd4208795db5169c3968c851c772b206c5ec6b48b52457a

SHA512
a3479fb344340daebc21f320665d1ba0614b46462b5c9da63399498ed6b0a0b00c408e18bb6abdc96364d11bd13235980d6824d6f1e14988f2005439c298d274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
755B

MD5
15546434efeb95af1773aa0e3c0dea52

SHA1
fa1719c97bcf4953ee6f5d906cf1b5bc767ddd83

SHA256
5e3252183f41eefbcd25d07431aaf51cb8211bc5491d07b039460e14647fc63d

SHA512
49e90e5821ef48b99cf2cdc002a759e24dd60e1ccb109052f4db3c34b4292cea3e786fa2e35ec8d84fb5643835f83ecf09699ca7232c4dfce21ecc71e73e7f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
4d37983dcd2f3208dc98dfae523a0d4b

SHA1
840c7630be2a80563831bf43965bf09c867cdd6f

SHA256
5a861a37adb18ef0781fc6548f1f97cc9ab95b0ef271b6bc06bc33881bbe875b

SHA512
44f458b9bd60f9432c5df737948720a4b0a024bc350164032e859167462751b7a5f1d32d466fdcf51a2daa719c89f0df353823614c6fa078f210336952994dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
507a11f4105e9399a707553006c7e6c8

SHA1
cde465012a22ae6ebe2580640f33ab884f5df0a8

SHA256
788e8ba1ee5e67579950cb48bf4c4f7f186bca4a41c890ed68a2642511469c34

SHA512
0f039d62563d8146f76afbd67acdaeb0ec1c6f8c5b956008c970832570977df7b8aa55e9d9a407ccdf8302ac8e27ed92b12e72f1b998cc8685d14d92352e0130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ffeb.TMP

Filesize
48B

MD5
1471502ff22bc7c233b7bb4b70e80c3f

SHA1
5d9fdc25a2f3a309421477fb002b0f06ad0b9941

SHA256
de43e38ff7196c50d1a5c68895423c5f95e799d31555b52569c604adc15e20da

SHA512
70740af66067c0d010f54804209068a6154efd35860948993f425b542910cf598bc11b81847b7843424b90010fbf8e8ef62e9cf558fd5d876ee6b843300f65e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
a2ca627631b2c18fe78326fc371c875a

SHA1
5b93526b3c5f68f87cf6e2ad0c3c5ecb8ff2c6a6

SHA256
b1e5c305fda47cdc2b2ddc19895886953f5cee80966d794f0faef10ccdf03955

SHA512
1a06745c5d5fb0d80de2e64fd07959788fcc6548ec38880af6f3b39ededa4d6b840fb7aef83d58d51c47ae04ba553ec537fce2a97320051de7b777a629abc773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13371163695294462

Filesize
112KB

MD5
621cf5aa6cf54c595278855975fe7d0b

SHA1
afd5cd9d2e43e910dce2b9e55e4767498c0f251a

SHA256
73dacfc4d5fa1114a7b41ea193d44e64b60fb3c6db297953a6353470cdce2e4d

SHA512
003255212a2424da7b570cec61450b06547613546e2539e7fb74eeccd2ca23ce17be44a62d1f8847d1b994c070bca4278e191fa36e5e25bdf5ab0493642a35f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
795ba5fd4598bce11a45eaf8d6491ab8

SHA1
b442b17295f79767c2b8ebe2862a7c73774883ed

SHA256
90906a66e29623e7f835d6ef795bab23053d2b92ed2e98caa2494e99242723a8

SHA512
709c08683de792e1a0e5c581b97e2e4f8647d9545390c84c96afc091dee4a5423fa6a60689ad72ee424feef774085fb54cf3a641f0d2eb1154644afe552dea53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
627ac305673913644b7051bb6af11009

SHA1
85e710f0a6cbbf8a829ce097800173888d99dad8

SHA256
2ca949ac0b6421c909ea7e8563f46424c55cc862bd1e44d1472d8070e3eca5a9

SHA512
3be31be42db984489004c99c9e43e2a433c85a294f2fed4f4701a9be14f2761addabd46fbec19088ad370045248fe634894a4f7b7b58a3baea696e54df94a8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e3e5448ede897f0d0dd231f3ff734eb3

SHA1
7aeeb0ee86b06a5a028305e22d18b6b9171063f8

SHA256
0c9c662b5e737d65c90405c6a5272c832615d9cff720d9b16ff0ddac2ab74b1e

SHA512
4efcdabc6a210bbd1a4b3b1c77673980cebd72ef2d786f4a6c9f442aaa01057b921bdf30498ffdaa48d520e0243e2ddad5cbf2a4010187d8aadc121867f3f1d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
367df52c40b84f03a9c6f68579eb0ee7

SHA1
d031331ff37e1635a38dbb2090e80e9c90407332

SHA256
7c7ca1cdd0c4d0370f395ca9761e0da677d46fb8f40484e9ad4c8d7bbc7808e8

SHA512
f95452bc4de4231b3e830f51d75519397cde2df8b3a04db77dd39341badcac7401aec5100dd9a8c37efe9b76a19db7a0a178f2683db0edcf0fa0803444d2920e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
648278f9256f2ad83910e03c3866209b

SHA1
340829f61ff7feccbca17f121790cf9bdaf6c839

SHA256
7f834756d15e98542a4a0de5021b6e21fa9f58547296e2d8fdf6a9046b9dc589

SHA512
f98afb644c138b41cce8d9578924083d33fbe30f84dfdfe1b6b7e5c7c2aac8dfa3f55ec5073d45f5268a1352015770ab23e7ae3f64d920196c41efef005a5e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1583be7527bb013819fa7ad9d2faa0d0

SHA1
a9ecb19732b011f274523ac58f00f4fb6a5a42a2

SHA256
e3e221a23c347cb36ce6b37798443f33bdaa958b4bd5eff69542c6b25e29af2b

SHA512
8b1be1dd7985f3188fe29423f7ca20324ec517d211c355d59cdf8fdd99b276a2354c363ca4d8eb91e07db7ba7c827e0119cf43deda0f49439fd1f90afa962c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f5ae94e35204dcc03ba207cfeb2d6a12

SHA1
0f7987d2c337949e1d9d946b8d8a0f0bcb91b7e3

SHA256
2c7041685e2055fc42bb54fd6f809fca09cbc72beae7679507f62f9ff4240b93

SHA512
4d7437fd542d22d1f6f99bd329f6f10fce911b28ddd60ab10b6b0d5111832a6861886be9dfaecbba52c50585e7d43a0eef5e92c6cfa003aab5061d12143b5983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6874b6e24871783185f10820e3ea67db

SHA1
ea432e88382dcadfa69c48752d4b523e11335cde

SHA256
d9a66c6c548d79159d6b62862c62d04e74e401ad3733ce2c5de7e91e69cf7848

SHA512
7d7bf40a23e10edef09738c24efabcbbeab2af0356ef10c9b337ebdbcb8b1634dc6a8d48b962bc9d12f2eec23b791e262c3be4ce8e79e1437d02015b63a547e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dedf8c9a797d66ec3b4ff9f6b75e3081

SHA1
1d3c412415d4872459a8834ae9c5954e9edb53ff

SHA256
b9ec06a9336deb1e8919ea0b3a572133c57c0761973cdf02d64edc53045ad2e2

SHA512
b5404ec8c07e9803a11822cd10ab851b0915a49a18dbd3d523e50b0a488a579c17f60370e35f126e0c55d1b10a3e7d1505a7981da1e2e67c645ef0aeeccc1fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6d5d702acb79f122b1222ad5f47390ee

SHA1
c368b876acca9a939be2da904fa8414d82f4d094

SHA256
98fac52f2121f4f99a0e788e0b709bd0ed1331f399c22a3705801896c9797e3c

SHA512
74b4cc377ff97c8d57bc9b130d849164f1ea82269b629cda376e7bbbb0445c4eb325b2e869c6570abf28b18055c84d6c1c688c9b0707002b67bfac528da4624c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3976041de8a2331326720871c34b50f2

SHA1
d6777b865b920916913fcff4b6a9e8d955611240

SHA256
9036e73ed60bd992795d84f0d065d522d1de3aaa4966df7bd0a59065f5907cfd

SHA512
1ac714c5e759b7efd97d9d57302cf82b5c1f2f4efcae4c2a22c4fc29acd67bbe439622374ec583593009ff72318411c788b28f6dcede14247acf3ade3e7c6b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3fd44d9642d23a6430f6a9e41df492a4

SHA1
cc696af23f5c839bdcb42932f704b857152ba728

SHA256
fbf7d6b9db49a60f39c219a7095e57a9f3bcd11d9718c94880ba41ea26caa1aa

SHA512
b973cb2e38e44577f3732f0ea8785ab39c3d349029ee9e99bd6ce53a35be45cfa8359f12ddcaaf2bbc83a81b50f75ef677340bfcfeafbc65d094a44802f53068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58240d.TMP

Filesize
203B

MD5
0bf3a625cd988f567e78f6a1c8257965

SHA1
3a5b9b11657e4638a8180c499f9dd2ec283d2d47

SHA256
2d4698c31561d93c30574eee0d3362fadca318d9bda4690a285c5b6b3422c494

SHA512
bd6d8e4690c9dd39a99d6c1cca54d545379d3efc0881e66f6dc01b5167f7fc8b17e0f0bf75554a0756623f44be71bea7abe5ecbaedcef70aff68d9b5882f0666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d842d63e69b2377cf76c79c6ed3e9b35

SHA1
7a70260068dacdfa5e8d3fe6119c0f2334abf394

SHA256
a34475c6dd87e01c3b208bf454f3fce85263c7562a8e4a4db7e286e228aa4ece

SHA512
76e40c2204620a412c93739e64f5cba464febffed26db9629989b4d062615755a649ef1c55c500ad10579fe51f4b23773d6534dac0cb0457bb040bb13a27f409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.2MB

MD5
848d3a0906f238a9846443b0926edf00

SHA1
5418e51dfb9aa1d28ac8e52d942df8fce9142dca

SHA256
4c440b82c0d8f6e51b92d7154460308d1ead916d25d360ac5027085042d6395c

SHA512
6304288bdd25f6b0c0768ae468371f41bb575cd8a3a93842b319e1f835fbf16ca8296a777d179f01ecbbda3fdb79aee3e3e9d1c91bf35ab7313a1be88eb39cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
6KB

MD5
bea0c0f895044a4e11d42b3a5d80161d

SHA1
10a85bf464cba69bd0b12e3dbfa9af7d540b0331

SHA256
db07281ccd635ebf4c196e36d1411f6da02c5b4cb9de1070e64664b2ecf8b34b

SHA512
f42d71f9591ac3beed9e071bf94f9b5d6b2337a841c8697e7821ea4c7697daec8e1069543726a1357998900ec16b6bbe0d4f97d387bd0129808af9e7b66d42df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
51724d555fa294c1524ba560f670f8ea

SHA1
276320ddc3322ff07c441c57c148f3431d45fc25

SHA256
4cb9fe0d229b6ce336ed9b44cf95b39acb0cc46706e607ffead5a81c637d13db

SHA512
88746b168564149f49f7d432284f52e75da483e03733f76d50f711e30a5b55b90724cbb79661325124ff063d84a6eb4dbd83d6af93f6a4b3a6d27b6041380599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
7457aa2c637bce71a0b9f7aca01bca3b

SHA1
c7781f2660ce0bb37a35959a5b09acb66769a7df

SHA256
902211555c0e1d35db605bd8e7c9c0404c21c3f532f783e94ecbba305072e56c

SHA512
49046750fba9691c951eea90d5695df287d24a28139897cd1a7ecf6a61682cba6d207cc386a0160cbd5c315c5874efca2eaae77bc81d2840fc5e5973a9bdb301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
e7c0c884eabd08fbd5dbdd652da066c1

SHA1
c2ee8c62a54db02b2a2351b53d9ef9e1d351e501

SHA256
414b4d477f9821b4f1f46ac36b9e2d58ab44420fdd816bd2b86351c916696ad7

SHA512
95482efc1fd2a39d8a67b739d2bec5ba3bce5e43a7a052e08806fcba584f8c945b738566f4e3a9d86cdc65b707b7fc53df81145382d91393d1172359521175a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f98a7cef18e592d77f84d58262abd3f

SHA1
9c2a7c83b63b4f6d343430876a809ec963498ef1

SHA256
25d29a62965377600f8ac571d6052dcc4d73dbe1a85fcd578f7e9f7bce0d794d

SHA512
7e35a447f3f774c6fcd36dcb98a500f6363fa0080512ea0b64bae8a6cec7bb4d6af2a98afdb1738c5f98fbe5681270272235ca32fcab8646682cf9d230fe00cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
799bf8b651ad9cbd2eb3f9ab945f29c8

SHA1
1a072213165880e8861418021ae39455d03c27ab

SHA256
8054b118e07748bb49c6eb7568b77b1804fbde98a75484e0f38e577911e43b09

SHA512
8551e4da67f912ee9b1ff8dbe0a71951a18f760dabe2e0d9ce0b1fd3dc3e8f64aa61af383c5f5ea3d2f0db26b0c9c9627afc83fcc161864404000c2655d74f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a9e1337be50d08cf486af1c12ceb0cb0

SHA1
ec6c5cb52c15594ccd865f727ee150b0baba167e

SHA256
887cbf0c2c255ef3843f622103844375357e2460c133c8e518e855840d664e5f

SHA512
2ca3eac07eb882de8a59932489ab1b9af06ddb6b92bab1a573662d5ec9d2990b91dcdf3848f72a42791b58c5e0a96cf8576dbb1e9929852b9c14ec2292a71e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d16188dd491d4c424dfd29452c392ca

SHA1
67c7347735540ea41766e1fcb78c4abcdf05c093

SHA256
8a2725397463e3c1bd4f8154f7042a604147e991a701c8cded3e2b84bbfe7461

SHA512
1b8d890a241ee653d2499465ecf860d62b0b75c20f3f714771069b9bd3d1b137192affda17b0016ebdce3fd37553297e010a402b858b2c024b46db670e115cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
485f9dd55092a1e85eae29be25cf9ac9

SHA1
5cd31b486c514c27959285af9608673599dd15a4

SHA256
bcfab36dafe7f96ebad98e89a5f65ef0ffba974ca4c33a55aa7d2e00d3c1306c

SHA512
b75d266e6f005617100023fc8be1ba3a3681b86cf95675e1a7f2009e11278f62cfc12b9d80e8b625386447dc0d2fc76f8352e5dcf4ef84e8463a39ac635c91b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06f7967eba631da3b7ac0f70fe352330

SHA1
3562f672921706447346b578fca6aa1120fc9828

SHA256
ba43b3d354c0a841bff49b93699768b0c3268e1e3ec1a019d22ef1999fae4670

SHA512
fb2b0cc7e4b4ff7dc22ffc49ed2826037e8b2909d560fbc3edf78a95d6fdd446203b0f0b396f2a6402714bf62e8542234b8cb0b01f98f08b618c564fd6a85f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4eeac446ba86b15e991c440e19424bdb

SHA1
061d4608a35f590f45996909e374d89c93ad3d4a

SHA256
62aa84fad08ca09ab3abef92343a663716147dd8206b0adf56a3c149af56ab6b

SHA512
b7266c1e4066653a0befe2ef2a4bfd80a4100a087d3fba90571628c9c9b7f8aec2feecc8139f00d40985ccb96e311df5bf5f33d526a69b5d08c33ba4900f90b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
67dcef29b4c7b9864444113d04becdf2

SHA1
d2eabae392959ea91ef77eaa780c3a298a60fda4

SHA256
6f574021750babdcb614d8558bd44d03d81c299d754d2b4005ef74697cc9f30f

SHA512
95c2ab2907e9956d8ad11d7b38313d1b4e8bb8ba7d913e0958301f6aa8e476303aa7b8153ec1b98748d80e45dd8de1570e56e65dc36fa498372a7ff4c21e2c41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f732cd1fc50aef65f8a5f681ab5f7a18

SHA1
deb72ce3e4206fe89feafaef84de70cfbf8951f4

SHA256
0c76b089947139d932c3e5dbef0d407e7ad35766d8d621a8dff4411b7563d6c9

SHA512
f8239323d13ac1ea67b8d0ab5eb81f3adf6f303aef5e7cb9e2c3bbff7c637026756eff5534ecbb76e43c7ab0d0a4079843585d3fff474abe1990cdc4484ad237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
661425affda7d4db3414138743ccd4d3

SHA1
d4e9de43e00032826f36d6c820dcda5eaa94eb0e

SHA256
9b927ccd0d4dd1fdb6ec892e087879e678d64239b6825e19004902616e051e51

SHA512
045455496accc6c8dec9d95ee1590b5dbdce3e9211ff6f6dea295f98b564f68b6f7d346a7158b2b935451b319648b6fada7bb03d659d2e53b350d918fb9f16e7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c0dfa804e166e2cd11e584896c62c331

SHA1
371693f82b9d2b365498d3fdc4eff6a77f97a69a

SHA256
78c00cb0cf60313af4d8ba7e35867170c40e4198234ad8d07d12ee5bf7e16a4f

SHA512
33eb15c253391ca0698989384f1db76faab2e83e352871c3b7b4b02a93fd2340aa002b0515468379bbcb98aac9a517b30cf7c9913b976b7c92f4aaa2f691c34c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
96bd3cceb36172419360f5978a4ec5f0

SHA1
1095116c80136bf592d89eadacf0ce590f599843

SHA256
d27bb2d47e9d36ed275f7efc76374308cb94883f167fa68c97d2c617c68b2561

SHA512
53a4004efd0916a8fdf5f179374c5c739217c53adfecb004e4fa0c94a5f6f572bee13b7ce3a87201b2469174612adec3acccb2b08ffa09111f0f0ce3e83cbe8f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4e97f4210095214747a05318e8d48965

SHA1
8c81527949053f43f659edf26b3b86456a3bd3dc

SHA256
83262a11daaea6b2d9698eecba3204567adea6895adca29c865b828aeb00fef7

SHA512
6329bb6c2b55f00c9a1805679c2253d355087bd098feb9c75a5f132ff896d63222665afbab16eefe28d3316092dcebba602ef5fe0a339c1bbac3a8ef53936cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
883d2cdee43cb301222a9f528f62a305

SHA1
ac5a04c1475cccd9efe9008a1486d0a311a39c72

SHA256
003ee96f1dceef9bd73dc6773cf9af4b2a945377ea2cd9c0787cf6d3f634afb2

SHA512
5fa03587b5073385a7f60632917b557ac423d43de5f52e5c39690c4762b1efb176c0cc987301a975f0b085f2e5d8e8417a2271ba22c9effdff4e80bc19db8fb8

Download Submit
C:\Users\Admin\Desktop\nexus.zip

Filesize
369KB

MD5
a9bbfc89690d3095e180b07c6d1e367d

SHA1
e05cfdcb8701c3d9e3840aecdd77516572bc0278

SHA256
a66f58a10ae4cf981749ae70edfbe2759c93eb6eedeaa332c8dfafc3c89e8d53

SHA512
4d8358b3b4ed88db446d819d2e74fed91f51b68f9d9b2d8c63b1e0a1d223b6e044030eb4d5824c1fc8d4cd05ad05c1e684b05623485383d5866593989436d3a9

Download Submit
C:\Users\Admin\Desktop\nexus\Results\18-09-2024-08-10\2fa.txt

Filesize
4KB

MD5
a85fe5db39b4a9fa580a0ad38124d6a3

SHA1
856fe12f80f7f50b05c1ef906fc7f9024ae8a09f

SHA256
ee488fea10b8a0fc6fd7334570e6f407c506c845bd466cc171e4262947f1aa5b

SHA512
294e55d78f6bbfc18931ecb962b3d29e346b8f26adcbe26330f5945bf82d33d7bd9eccc22129c92ba0f105363806dab06a0f0a8ceff689561ad54fa3b93343a0

Download Submit
C:\Users\Admin\Desktop\nexus\Results\18-09-2024-08-22\2fa.txt

Filesize
4KB

MD5
3021e2129d524cc5e6a0508876e1cbb2

SHA1
c03a692653e0136ab9e5ff283513b297cfccc633

SHA256
d282228ff2e7678538df364acbeb45851a74155837d999f0c9c77cf707d107be

SHA512
45956813b5abcb651a763fdfa8c3a14951ef7b34a9ecb3e9953fbca08b60d3ad16abce75ccf92a7801d892fc80ccb540d1f070111679ef37432421804e6d5b61

Download Submit
C:\Users\Admin\Downloads\Fortnite Full Capture.svb:Zone.Identifier

Filesize
52B

MD5
dfcb8dc1e74a5f6f8845bcdf1e3dee6c

SHA1
ba515dc430c8634db4900a72e99d76135145d154

SHA256
161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

SHA512
c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

Download Submit
C:\Users\Admin\Downloads\HOOT.txt:Zone.Identifier

Filesize
169B

MD5
67fc3c1c48bad97ccadf7a4e3dd7d025

SHA1
9b028a2d83e7fa071c8e233b78c2c36ab3a371c1

SHA256
310518c20e679dc4f9f78f4d17439085f1b0fc178f7e122fccc9a02541eec6cf

SHA512
30ebeb10a9d900fc74cdd31092641c70ace86a3ab98d0cb20e99bd3c4c653f6bd904fa65f5c343728de0c5f161b467a6eb572132498560550b3e4bfc485ea9b2

Download Submit
memory/4568-1096-0x0000000000D60000-0x0000000000D76000-memory.dmp

Filesize
88KB

Download
memory/4568-1100-0x0000000005B00000-0x0000000005B76000-memory.dmp

Filesize
472KB

Download
memory/4568-1101-0x0000000005A00000-0x0000000005A1E000-memory.dmp

Filesize
120KB

Download
memory/4568-1099-0x0000000005850000-0x00000000058E2000-memory.dmp

Filesize
584KB

Download
memory/4568-1098-0x0000000005790000-0x00000000057AC000-memory.dmp

Filesize
112KB

Download
memory/4568-1097-0x0000000005760000-0x0000000005786000-memory.dmp

Filesize
152KB

Download