hxxps://mega[.]nz/file/gFg3RSRS#GHpdd77fCW_bpRKj_fVISSB4JKHn3XGtLG7G78x39MY

Analysis

max time kernel
660s
max time network
655s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/gFg3RSRS#GHpdd77fCW_bpRKj_fVISSB4JKHn3XGtLG7G78x39MY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 9 IoCs

pid	Process
3476	noita.exe
5056	noita.exe
2964	noita_dev.exe
4964	noita.exe
4644	noita.exe
5436	noita.exe
5688	noita.exe
4140	noita.exe
2204	noita.exe

Loads dropped DLL 63 IoCs

pid	Process
3476	noita.exe
3476	noita.exe
3476	noita.exe
3476	noita.exe
3476	noita.exe
3476	noita.exe
3476	noita.exe
5056	noita.exe
5056	noita.exe
5056	noita.exe
5056	noita.exe
5056	noita.exe
5056	noita.exe
5056	noita.exe
2964	noita_dev.exe
2964	noita_dev.exe
2964	noita_dev.exe
2964	noita_dev.exe
2964	noita_dev.exe
2964	noita_dev.exe
4964	noita.exe
4964	noita.exe
4964	noita.exe
4964	noita.exe
4964	noita.exe
4964	noita.exe
4964	noita.exe
4964	noita.exe
4644	noita.exe
4644	noita.exe
4644	noita.exe
4644	noita.exe
4644	noita.exe
4644	noita.exe
4644	noita.exe
5436	noita.exe
5436	noita.exe
5436	noita.exe
5436	noita.exe
5436	noita.exe
5436	noita.exe
5436	noita.exe
5688	noita.exe
5688	noita.exe
5688	noita.exe
5688	noita.exe
5688	noita.exe
5688	noita.exe
5688	noita.exe
4140	noita.exe
4140	noita.exe
4140	noita.exe
4140	noita.exe
4140	noita.exe
4140	noita.exe
4140	noita.exe
2204	noita.exe
2204	noita.exe
2204	noita.exe
2204	noita.exe
2204	noita.exe
2204	noita.exe
2204	noita.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Network Service Discovery 1 TTPs 7 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
4992	GameBarPresenceWriter.exe
1932	GameBarPresenceWriter.exe
916	GameBarPresenceWriter.exe
5532	GameBarPresenceWriter.exe
4416	GameBarPresenceWriter.exe
4240	GameBarPresenceWriter.exe
3196	GameBarPresenceWriter.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\cpu.PNF	mmc.exe
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe

Drops file in Windows directory 58 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 9 IoCs

pid	pid_target	Process	procid_target
4736	3476	WerFault.exe	120
664	5056	WerFault.exe	128
4376	2964	WerFault.exe	134
4544	4964	WerFault.exe	138
4028	4644	WerFault.exe	159
5636	5436	WerFault.exe	177
5860	5688	WerFault.exe	181
808	4140	WerFault.exe	186
2088	2204	WerFault.exe	197

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	noita.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	noita.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	noita.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	noita.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	noita.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	noita_dev.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	noita.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	noita.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	noita.exe

Checks SCSI registry key(s) 3 TTPs 23 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{8DC95B23-DC80-4006-AF51-3DE6CC4B72D4}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{DA99C7AA-B401-4DCA-A330-67E9BAD418DF}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{74F6DF7E-93CA-4D33-8B00-9B3F5F2C1689}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{010717F3-5BF9-43FD-911C-FD16DD64EA00}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{A32E8519-14FE-4EC9-AB12-5153F1F66813}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{732862B3-74AD-4133-974F-647149E2FB4B}	svchost.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2160	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 53 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
556	msedge.exe
556	msedge.exe
3608	identity_helper.exe
3608	identity_helper.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2104	msedge.exe
2104	msedge.exe
2964	noita_dev.exe
2964	noita_dev.exe
4436	msedge.exe
4436	msedge.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3512	OpenWith.exe
3240	OpenWith.exe
5700	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: 33	436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	436	AUDIODG.EXE
Token: SeRestorePrivilege	880	7zG.exe
Token: 35	880	7zG.exe
Token: SeSecurityPrivilege	880	7zG.exe
Token: SeSecurityPrivilege	880	7zG.exe
Token: 33	5700	mmc.exe
Token: SeIncBasePriorityPrivilege	5700	mmc.exe
Token: 33	5700	mmc.exe
Token: SeIncBasePriorityPrivilege	5700	mmc.exe
Token: SeDebugPrivilege	5580	taskmgr.exe
Token: SeSystemProfilePrivilege	5580	taskmgr.exe
Token: SeCreateGlobalPrivilege	5580	taskmgr.exe
Token: 33	5580	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5580	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
880	7zG.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3476	noita.exe
3512	OpenWith.exe
5056	noita.exe
3240	OpenWith.exe
2964	noita_dev.exe
4964	noita.exe
4004	OpenWith.exe
4644	noita.exe
3156	OpenWith.exe
5436	noita.exe
5688	noita.exe
4140	noita.exe
5700	mmc.exe
5700	mmc.exe
2204	noita.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 3708	556	msedge.exe	81
PID 556 wrote to memory of 3708	556	msedge.exe	81
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 468	556	msedge.exe	82
PID 556 wrote to memory of 4056	556	msedge.exe	83
PID 556 wrote to memory of 4056	556	msedge.exe	83
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84
PID 556 wrote to memory of 3104	556	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/gFg3RSRS#GHpdd77fCW_bpRKj_fVISSB4JKHn3XGtLG7G78x39MY
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9115346f8,0x7ff911534708,0x7ff911534718
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,13977352638095353193,17288383249000003893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4004

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Noita.v2024.08.12\" -spe -an -ai#7zMap19452:96:7zEvent3383
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:880

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Noita.v2024.08.12\HOW TO RUN GAME!!.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2160

C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe
"C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3476
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1944
  2⤵
  - Program crash
  PID:4736

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:3196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3476 -ip 3476
1⤵
PID:4376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:460

C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe
"C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 1912
  2⤵
  - Program crash
  PID:664

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:4992

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5056 -ip 5056
1⤵
PID:3068

C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita_dev.exe
"C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita_dev.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 1636
  2⤵
  - Program crash
  PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2964 -ip 2964
1⤵
PID:4640

C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe
"C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 1908
  2⤵
  - Program crash
  PID:4544

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:1932

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4964 -ip 4964
1⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3906172dhaa3eh4c2aha268h255286468812
1⤵
PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9115346f8,0x7ff911534708,0x7ff911534718
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2914091465124066517,16345816899351486925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2914091465124066517,16345816899351486925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:2148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:3556

C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe
"C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 1912
  2⤵
  - Program crash
  PID:4028

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:916

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4644 -ip 4644
1⤵
PID:3276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9292c6e6h6f26h4b1dhb53ah782c620d5aed
1⤵
PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7ff9115346f8,0x7ff911534708,0x7ff911534718
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12396184650515685006,13743511741017489986,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,12396184650515685006,13743511741017489986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5324

C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe
"C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 1908
  2⤵
  - Program crash
  PID:5636

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5436 -ip 5436
1⤵
PID:5612

C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe
"C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 1912
  2⤵
  - Program crash
  PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5688 -ip 5688
1⤵
PID:5836

C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe
"C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 1928
  2⤵
  - Program crash
  PID:808

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4140 -ip 4140
1⤵
PID:1744

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5876

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5700
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" ms-settings:windowsupdate
  2⤵
  PID:5176

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5580

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4560

C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe
"C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 1920
  2⤵
  - Program crash
  PID:2088

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2204 -ip 2204
1⤵
PID:5828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdeeca48f8268c0909fcd620f08a10e6

SHA1
e3f86ca11e1292be9d4b9c623ab330b9c54b8a11

SHA256
bce489fa9182961ea88bc677bcfa02265d9f08d8174ff9877bb78a3cb3a5e23f

SHA512
7cbe28df1d5c5b3076cc1f444087a32e6461d7d9b1bd355cd835caa52d2b746cb76e09ad055034f335518fe3ce187ccf384a03bd36b048fce3b6749c0f73efc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a1a2994c0a0901a48a0c1cf403e0af05

SHA1
6f197178359387ac0dcdfbc01140a04fc604223e

SHA256
737bcbd14d31802e2d253dbb6c95e425b62b308345d7ec654abf1ab1da4b934e

SHA512
42ba075df3f1b669e4443b84df2e0201745eb9b46716cfa3d2ca4099adb174cb79c9b0629815f5d71f3bd739c8339e18672ff328901fd294b61d6ae7438ced28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
bdb566f439bbc9450c388d9544eb9507

SHA1
89d28c020fa6f87166b4ca954fe0a79d8a34ac5d

SHA256
546de1efb6ce9fd18bf93da4e3bfec9caa51047f60cbe2afa87d06798552692e

SHA512
fa98b6f1bd9fc78233d74f3b0ed0fe4f7ac76900b9d583d46d6f881bafd42a2ed33742f358ae75601088b55ef50c610d3cc298725d0d3cdebee7460ec76672ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
4.5MB

MD5
2a01a8efcd8aec5af92e839b02de54e6

SHA1
618611f3b344e7dbe353fcbb7b816d0e8caf749b

SHA256
bc9c22bde52a5e19fb8958090e6d46b6a94589a314ca9fcc89c46c5bedb21793

SHA512
be1be310bc12e35f3288a725a6b87432874b08e4ba48317d2b4de70658df412db229c07a0f08f7226b784d49ab3e420b48e28ba7d2d7eed6273bbe308506fe4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

Filesize
299KB

MD5
e351e9c5f6403b0632254650d632812d

SHA1
82170698c5162efba9cc2ee11a329e42213dcfef

SHA256
9674582a075b64746d466c7076e2ebe2891b499ca7a4082c6ca5d86975e10275

SHA512
d18fcfbf347fabffb7fac63275e5cd9b0e738e6535664fe2ea4403c0d30270f08a010a6aa394cabc31d06b3a5de29a0c63faaf8f6861be3131fad098e28862ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000004.log

Filesize
1.8MB

MD5
745c2d26b1483e39b3fa389d5a13658e

SHA1
d2dd07c6652d1336ce0e6f3b7ff282d43ba81b07

SHA256
d2cfddcb74864bdc885e3542ab2aeccd40441336a17bde8ec7fefaef4361ab26

SHA512
803239223ca6999b90d9e71fc26cad1b7a9d27d1d329fb803e772ed4a9ee2bdff07ac7b4115ca86738ecda629fab0d88b7d7b4992ff6ad139c62cc466537a635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
537B

MD5
d2c910478fe828360443a6ee2cd4bf06

SHA1
0f2ef4f8c18219b5eb88d2d0aed8f6aa73effcb0

SHA256
fb28b7d852e266a4fbf5b2bb80cf40d05b60cc308bfd83fdb54edb57d9ee255f

SHA512
26bfc7d20949338722984c2dffec1341c1fdba9ae4e5b5272d6c9cd50eca958927996ae9f948d92ba5a6581d1b7a371d34da5a4560aa1db574718fda48069fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
6e8746af4b25436a48f8197bbca952ee

SHA1
ae8d022fc8f6af61e129ad9aabf0c753937f96e6

SHA256
c0e9a70809e242834e371082de5407c3c4714fd30e5116325e268316c8aec941

SHA512
03f614a86fc7599506914ac034b6a0f0ea118c2c49dea848b044fea092a8cfb99bb1f676690f56d9027b962f5ca80986124fc506318067aeccabecda2e2a4529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
72011fd5a9358fdb5250a344adc2d257

SHA1
6a8ae4755ea1b9cba75eb76ba9b014603d181af2

SHA256
d92e88b8ba3d5582326234630580fce4334d95d84fa6a0a71f8cc2368e327f39

SHA512
706dc2010199d003a5af45aa546761e108d6316bc9ada4fee3efa31a64f28d3647263d0f9a1eb10698f4991f94384aba805790c031e926102185c3e9d6c53c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
926813fa4f21df9a6586e4b8537c0b86

SHA1
0cb563356315ba264ce2e73e69b10cba43e414b0

SHA256
92aa6e7c2c07e73e1f40502f6daedf4d8118dd95712b57a88950c8536155d07d

SHA512
a070be282c86f1403d6d72a1a7ff4ced2f24e06868e2e32a96a645f274c26a7ec02e6fc12c0202029b98bec686487a9da8d4d15499fb5177ff472925a0c22870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
a05c9e848bc70a251c00d78117ae4671

SHA1
fecab22e9d06cba967bd268fe8e9f4f53dec575b

SHA256
910657d5fc75ef960abb26194078febce46a4552a532da9c1f0875c06d3d6977

SHA512
997c8b5c05937b7030733c25ac0f586912ced51cb1ca74e6b8efd52e5a50557d0d29a03175300adb6fd8176ced2b2483251d29d86eaeb2ab8692a8b13b30abc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
849737321a3b5baf9119aff202640dbf

SHA1
72ec96acdea49bdc0f6b39f69caaa73afb35ce11

SHA256
eeaa03d2d771a48301c78268bd986579662bfcc27d96e4a6ff4d6dfab863b348

SHA512
e0beb51d3d75f9309e4609489ffdb98cb89d0716bfbe677f19e50da5029830e481c35ee2eebbba9260ec1051a68f1e81be3a278acecd6f9a2f3b2331c31fe378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
74bc0829a8ac5c80a52e124e14f50460

SHA1
c7e8761a31172badd9742c066954c7a03f974f7c

SHA256
56f4e757ad4f2d4fb5222d20e7bf37284ba5e6df5854924d76b1f492737c4170

SHA512
3b910e8bb1d73697075a5d80fb56d313220d21305d8ad060a2a470fed26a8eddcf581a7a7aea227dda035115a84b57452565ec21b1754d289f60f51f5a50cf84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
dcd287a24380f217b855d2941f830c6f

SHA1
12fbf924913796711990eddc4edc55103f12d95a

SHA256
c7c0a0ef3b97344939038975071bf668e001c3b78e8e0c4d1c7ad386e324151b

SHA512
6235711151207529bbf5c5cee03a2ee6747cbdcf4372f6ae13bc83864e56ae73f254bd909cde73c3b5c0ab3b741a64bb1f89c369cb81a424831689769b4abd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
cf6e496b6a9e1a8fbb1e89c2b1f5f575

SHA1
e2e59564772a6b20de18a5e980e87d9907d9d032

SHA256
070a72337c5fafb1abc3f3473a62092936248545da247d06d356f6f564df4bbd

SHA512
700f759e463d8a802fd715a311ef36d73a9aee07203e59f729b6fe5a56346b0eed8aae8ddf5380743c9e8aaa6ba5dc428fb752c252d448e74be138ec36fc9f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
94f664ede07a1df848855c96abdbc56c

SHA1
319d463dd5322ce9c828eecd5733c67d34f08441

SHA256
c288c5cad8a85405ac2807a3003dd7aa4b3161458795d2102001f457f8977ddb

SHA512
41bba8bc9a1135be294e3121a10a5c8496b5a75903f25c8dd576586bbe7f93ed6aee7449fcc16bc32232dff415e1b78b809064fcc872ee1f1b91c6d165e4b34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
c9f660fc0b18233c6750b6ef92fe80cc

SHA1
e636b6992db1c67e6d25240ae0e5c2a45ba3aed5

SHA256
da22b5a0a798db50c903d1e573919cba559d04fa1beceef5c15984a9dcfe5259

SHA512
21eec052d7baffc5c51e5142befebfedcd166b422eb037f3ee49085be3c24da06c1ca97d8652d47c985f1d30c704e3f4d7cd1dc0f84788a3dec2d4dcd22e2e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
45aae470a865f82d96d6d025c751cff3

SHA1
7a4e674c6bd3832f8659e1844c51e361e5d09859

SHA256
9a5e16f480ea31e4ffccfa6b5fa888050a83a8c3be353767b4b69474583da571

SHA512
d22fbf018fafa5de13f6dfe103e9cd89ff7b36607f1f9b39b70c7d2db819d6c05ad4c42c8f1790b13442fbb6c6c291bc71e95d83f27a41756c1eb3a99d65a1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
d8b8e4871a82784b89124d63ad5ad4f4

SHA1
1e6b159130f487e074e57ea238bb0c2a08ecbff2

SHA256
55b23ccde01dd40673b1219342a5022c7ff17fff3a94d6edb6a024b1d19e8f68

SHA512
c0bb3818b4be3455c570e3210f0d8e42e263bf6b66b06ef0278e3307d076808b26754b0c28026ab67d1f714e6540146c48d37131a219958b10deb13bd6a92b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
dbf4fc9caaee2a13ad1a86f52be0dcd1

SHA1
c49a3096a98e3d8acfb291a48720edaaa25ec96c

SHA256
c43aa2a7e78db841d9a97303b9a31dd235202600f575136a3bc90372a237e139

SHA512
97a0e5f29446e9e9be8def01547e1b66d61264215ce893d4b3c6084bfe4b45168b4e5c5520cb75cce6fe891efe65b2086d5eb0c27956c58d8aca4eff81a36140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe5884ea.TMP

Filesize
335B

MD5
ce177e3b39f44434b44591a7b37a403a

SHA1
1a4a30f3a8f12037f69719bebf0d50915aef3c2e

SHA256
e1fb17679ebb84b8f02a71659bc6288a50b840fc30f6b488065a1d1ab089300e

SHA512
fb036a76dd2a4e234d88fd39043e5c8174c2990e318904ae380f6764cf87815fb2a01fd52e9e0c6d6f8abc9f99963a4f5f16cbf65c4e4a1b2c248a0f6984e8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
103B

MD5
2f01a5ff512acf5e3ab394e6c0c01c5d

SHA1
2c896c886006175590d8b9ef1adbe247c2020318

SHA256
7635b2f763e484cd198fcd7b802f5b9af83cc5149c0b156cb121dd82f3d4cefd

SHA512
7b05b9d2ed852a1aff0fa18c0e466546f344677332b44fb945a92a6ebbb9dc49757466218756dd84a9680019ac31b9e1a62ade6cef1feb4ef88e9df837ce2531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3ad1744c07124c87110728ffe806b64

SHA1
2617af0532dce7802b16e55df5740a5fb8309244

SHA256
68a188923d3c67ef8cc77c6ac9db606d7bc4d1eba8087c237b68bbb9118fc34d

SHA512
00637138797abae5d81c59d09954ef3a8c9ca4dde666760c71072123886b0718220a9f3b2a5e85ed031008a10cfd808c8292ce9d2e44a3eda7c5a44fc5e9eafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b02c6c533a4d501880d50996038b12f2

SHA1
5d95e5c6aad82bebae49b37eb08441b084356249

SHA256
250718481f5048ed5bbcbbe4139858dd14ac9fe53d2b8c689cc49dff34168077

SHA512
8d559edf5579f1d4f49729ce5e4a21267f2f37512faf27f064d860200760d7ce1f951104cf2c9b237b33abd330af7567d24ecad15844c52d6fb7a5e4a7934d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
58bf76735c8cbe8438dae8f0ed7607b9

SHA1
b746c8d9da128fdc41434c160f2c916e12e2bb28

SHA256
f89c43ec19fa5bdea7b93e1ae2784f1527708197e0294f2c8e3eea7af7637c76

SHA512
39d0d1900006b2cde3d256ecd9a49def8961712b9a18ec8106ac05fadc9ed8a2947a6d9c5bb4d3caf00cf802ead814177f63093c04c1c3b621b9c85fc0e136a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58509c.TMP

Filesize
48B

MD5
69483b0bdd9f4d37f8ac925b3547491a

SHA1
2d1f62cead51f8f8ee36b591059c1c8e08a0b0dc

SHA256
11eb1ef0aa0ebc12ad98d9c9a360a9dd44d9fe2b608153b7378b95054b4994f2

SHA512
f46b344725bbe4949e7d85a25dbbe91afd850ec363d128937e063c23cddfa3978f7f19e5c0bd609a4b6399e4f9af497b22f98e7b291ed8a2071b53244c252d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f9b5dda0-f344-4ca9-9caf-055a26a39863.tmp

Filesize
6KB

MD5
f3cc00fe295d349acc58fdd4a44a8df4

SHA1
9650fa1ac85e84c6dc26a698e5680a4a34c976dc

SHA256
cf16dc46192c5f7578d902706462c9159026d768f26b76013bcb7213e79ba58a

SHA512
429e3650fb5135f4073e14513c5f4c375e1ca9e5edac5ed32c37ebb236865f75f16c82a41af83f55cea1934ce9543c3e63029a97429fa7a6068bfde8ff212823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1828e5aa5dd2b35b0899f24a81f9c3a2

SHA1
ae922b5a168539ffb58593546af2067cdf92648e

SHA256
bff0d467466a568c05a699c72ece32c3544440d22a329c30070c600e7955551f

SHA512
4cdde7ab8ee587278efc42298df26215a12d270126cf703b3a2991147e727fcda19e7d80279176e5d911915959fcdebe4b3e45cd993d07ca6389f4c48ba8ee3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a09b30b221889c9560a987f99d36b97

SHA1
6cffcde1044f7da604b0851466a9f85ed7b1eb3e

SHA256
fc4718518322f54acc1b7e5e40887db5f6a569a5ab76ad80ed78f8cfd5bd6920

SHA512
724c50cb9af11826f11a4af3c04a6bcbcea45a016f3067fa38a94eb7ff3ea19c9bc1c7dbd832fe27fb74eb4f74ba06afe13d0ba28f75dff4c667ad32484dc620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e69bbfad7ea5cb98ac46d2863db9329b

SHA1
9b0a2128f1f080211b78a01cd14067b00b99e93a

SHA256
0b7f686f8165badc397bdeb66352b91e5b2012890e86c555e2730820ec9971fa

SHA512
477cb295de33c7ae282dd20a3feb5a1a0a82e7734784b5553f8af19312b8c5f85250aff2e2fac1ba387168fc9442043d175826eb29ed18d2d636be79f99961eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78f310331804ab8e5113bbffd91fc174

SHA1
d240ce3eca9aef0a32f2a16ffd231e0d8cb1f053

SHA256
2bb42fee36cb0bd528b8d08853b737b10a8d3d1764b9ee6d28fe4a026700fa2d

SHA512
ae554585ea746b1b27555b1f6d942e5825ae4f0803a7fee2366e5cf05c6a4e8dd265851c15e184cdde46d07186e564f37c4e9c7cceb66fa7277161d27400207c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c3c15e4aa9c05d8cc82b0e8b36e0a4e5

SHA1
15ef01ffc8ac3ad8ad847201ed2e26be9502bdf4

SHA256
f64f925a5a1194e1b7e07dc3058ecfd20ba1b99a9b08bb34e18e7e23aaa78368

SHA512
76884849a02c9680a9bb7b9ea60d56fb9bbe105c09b024794d274e49b0269fe8a02da0cb1f2c7916324065706f3630067fa169e82782572b9852f6fd017fac9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
781e19395354c73005b0a67cc47eefed

SHA1
99fd0db207984bfc49da1d2c58b3b7bfe9f1e913

SHA256
3f9710ff0e2230f8c6683c6b71eb5f698f3c587488c82d9dc2593eb08e6c7fdf

SHA512
757fc2dc31247792ff41f978d0fe6648c68d4cd33b64f0151adb4fc0d9707013e5c853e6d81aaf262b9623140f5a87f342c104eb6f9b79425a9868fb7c31b392

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\HOW TO RUN GAME!!.txt

Filesize
290B

MD5
644de124f6b5e97569af54334e8089bb

SHA1
1d8590bd75dcb7312679ba11370dc8ccceb89f49

SHA256
7d1fb32ee5cf7ede6b6757acea42da128ee72789632921979c6626237bca394a

SHA512
55c71986b71cfd91459b72701eebb62ab04d3d705eebb6c818e838fa689cde1807eb294bca4615073ac8f4ddb37de5c3a8bd874cffb593b6f8cfcfae2c6ad36d

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\Galaxy.dll

Filesize
9.7MB

MD5
456580a8dff085dc4dc23bf053465de3

SHA1
7353cf5c4f00b24b9893f3ebc22b929aa9195066

SHA256
9f5eb1e137e728fda3a605ede593743e5af6790b135392e9bb179cec0b210005

SHA512
b98b753bda57f4956e74a493203426956b9793107e31b1d7633ba1b0fa6c7cae6d589f6651f2f90daaeeaac3e8528c4ca4ae1a9a027e84a6f7ff8f1a9f80a474

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\SDL2.dll

Filesize
973KB

MD5
9fb755341c5bdf5caf6e96a4bcb74e9f

SHA1
a4d2ee11fac54df972326d5dcf8a3a71e686113c

SHA256
9609a55be0391b20a82d6bd7f03561dc38387d5043f2bd5677116a5152449219

SHA512
423754375b0555747b31da87ffb4c83016c2324a43ca4a58b1b2a66911903812866f4c3832b80a338998b3d95cffea519a9cf5af1071ec30fb08eaecfe8919d9

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\config.xml

Filesize
1KB

MD5
18b15df21ddc1b428131c6b396ffcb7d

SHA1
1dd1511c08f835dfdab977a308e73fb95bf1f3b4

SHA256
e0061a931ad73155cfb890f06dc2e4c27f0bb411348e85a005d24cada7cea4df

SHA512
08f640215b1f7291cb06d9f286a12e8954d92d25d715f4eea2bba6065cf9eb16cae531376108f9ec91840d571a658c5d067abc6826315661a8701892960bfb18

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\audio\Desktop\Master Bank.bank

Filesize
2.3MB

MD5
bfa3ccf2a3e218b0155e2fce66a1310f

SHA1
34cda23088800bf76a396174d5e2f9b1be603b35

SHA256
f9a2167d7d44183c2c82585f584eb8b893c7b2b362db4e7c643fefd985db9e1e

SHA512
880b02c01225ea9a71f07ffa9627efb0147c428ea3c89b4dafdbbd1c09d4d3f5da0f0cf1e0335a6c7232c7a4c386d42ab3c85b91d3a296ba1e040b5626bedbd4

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\audio\Desktop\Master Bank.strings.bank

Filesize
49KB

MD5
6f6757c066ef91da233adbcd6ddd2ad1

SHA1
4326280b6c4cf8fae65af9984eb0e3e19c94efad

SHA256
a347883d1aadc750bd33889e932d8bd5d91ad058945df95f6cff0a5d57baacd3

SHA512
26f39545741ac192e90bb5b313924530c575a01005745ded92a50834cd4e501c0b1449ea3553217bdd803a72863c98bd0c8d2239e8ddc9334103e4675950cec2

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\data.wak

Filesize
40.5MB

MD5
793082c3c89e61df18b6e352a73e78a9

SHA1
7fd40ae745edaaf37bc784ed4e2ab315ea4003d4

SHA256
6956045b392a7e6b200643c1557286b5dc29ea7c02bcabcba7a20801f678fe03

SHA512
ad156e5a41fefb7805183b1efc8cc33e319045f8c2d0ba556ddf541fa98ff6de61e0ca19c2ab0acf9dee027feaabb8dcd6cfb341204a9036a35c2090d93e3222

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\icon.bmp

Filesize
12KB

MD5
5d07d87bdde7e026d89c7116facfa63e

SHA1
3038eade6ceab6afe24e76d696b4fe352e267d10

SHA256
58b4af7b86aa459d1e9245458fa9df2b33ebe05703573388e2e2a6f621abffaf

SHA512
197e1a7842b64c1d825121057d41e0769650cce921ef94c2430b3c7a9bcd4c8cbd0373873fd2f15ac6d354d7b462609aa6ee3f04d47447fa23e32653c832713e

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\common.csv

Filesize
1.5MB

MD5
f907d597b90a194f28defe1f612f2351

SHA1
86809e40a603f11561a431a3d583e0cbce7f249d

SHA256
65bf2afded9ffaccb402eeae58685378448cf605c00ec0217d6da19869e9bc06

SHA512
c8f2b1f7cf761689f3d5e200dd0195b7b37ac0fc996b184e0ed2ab7ad68ffbe64f76a646ec6eece0945587a65f87ea6d9044d144269398ded95604066ec2028d

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\common_dev.csv

Filesize
124B

MD5
719a60bbbca6884d233e22bc442723b8

SHA1
8561f07a2434492e31661b5961a3c7b6241f689b

SHA256
7d1eb974f81287f069cd74882a434c5726dac794a5a0db8a1f7fd6f43c17db30

SHA512
d8855c3cd38ca726062ad0a570dc7bdd204993617ec66bcdd75bcc2c29defc0eed800f563cf4bfbb06b55377293ea7149da84149c6c9d4b7aee4dfa02594401f

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\de.xml

Filesize
386B

MD5
26e133c03c9ae7f3ebd6ec1ea9d9d415

SHA1
eda116cb159b5b20795dc4a99161d143d96c0f44

SHA256
038538e354bceff6be985383cca35cc48e7f49f0cbc482e0966fe86bcf3297cc

SHA512
08d8d35cb5448a2f275b9bb4d1b171e901b9e292be134a469ce5c8bfd7b8105e62c181db85beab6d494ef4d675c744ea36948cca0eba3ba358422e6acbe05acc

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\en.xml

Filesize
299B

MD5
ff4ca774e784d5114013ad2efa80b933

SHA1
7617434f03d492355d62b2822d43147191cc2b6f

SHA256
9f6c89116c71ba52d4f4f13a6cb56f29022e97747a63cecfc2b21c5107edd840

SHA512
cad6bd5cb27af8b3f15fbefe1ddc67e561679214cdb37f17c3694bcf47b22c53b87eb59514b37b0130365e2683b8cacb79ff300a5d6f439f316308bfbb6607fd

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\es-es.xml

Filesize
422B

MD5
67aa5187e7dcdeff11175cdde0b8eaa3

SHA1
91495d2e763f7c844577d5bb30f285412f99ff28

SHA256
1c6d0b25286af327decd9851f1f5d19b510d70926e0b9063eb92ad8d812a0eda

SHA512
22bd7986bde30d8b271b8bd1ddf67867aa484f1074d6a16e7b372da1bcd8f2600a74d6f6a74c8266b6fa4004d814020c7fb4a5c7b656a322783a75869e9d14a8

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\fr-fr.xml

Filesize
423B

MD5
daddda0712ba876643219e0164cbb281

SHA1
30616698e2c95201a16461fc3c88415e2eaa1ee6

SHA256
3cbfa939a6930d9fec1ea2d58da3c7fe2ef0f7cbd86486ea0d9b0599b73e6f0a

SHA512
a1dbee86003d427f6e4858e77b43c7655e622a3067867d9ff46f0e3926ad5accd63a91cafa3ca08c7dbf1dc31808c5520914c308fa0305f3131808cbdc2b90f2

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\it.xml

Filesize
421B

MD5
fd2f8c848984e993a2a7d0699a2fedc8

SHA1
a2e7072a99c12d88b0cbbb69cd6683d743a0b0fa

SHA256
d9a2b3be82091a053e0b3a140a5e16f03745a108797c8245c9e7367ca372fa39

SHA512
07cda0be2aa9368dbe4275b91586ac90508ac597bc3c45db3c95532b30ac902954c6f763b0bc39cc52fd2c74008860a8dd44f88bd9b8d86cfac2f1eafc3a3e3d

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\jp.xml

Filesize
410B

MD5
31d5ff71fedc7ad74832122de225f8d8

SHA1
05f7ed5e4e6e04298adb203038dbed14ec241abb

SHA256
70e60affa683e3a5900147f751adffa117802fb07e74bb426017a32d9cf8a4ea

SHA512
988c16217bdace66d8fb9ddb90bee98fe260298972a9d29d4756a3b125e4cf4f46adb1d3189b0cc2e381d07661dd1f68a8f9b8cd640b6461d2364a44c9ff096f

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\ko.xml

Filesize
325B

MD5
8b390625de55b19b99c660dda1bce570

SHA1
f509576bad3ea50956813b9746cf0551c3a9bfca

SHA256
53a6a051fba375b56051cd0038a8da5fac8cfd66c939fcb5a9acebd2db17edac

SHA512
0547dfc0a0d3e49a198dd423864ebafae85013faff3c961c8450b21ea846c3bc95a61bdcaf86d506639adf3faa06eb04d64ecbe726557dc29ae668b28d61c8ab

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\pl.xml

Filesize
382B

MD5
552e1f0b790ceed4ee1994a58c130d95

SHA1
9431f626ffc68c00d397ca1e9ab0417f7dd10894

SHA256
03763f336b6aef117baa03f50a3a8429e29b308ad872545e7972460b745ff726

SHA512
a43f91b8e13ca73b9fd47b827ebddaec22b17e3297ad1a6307f4259134198f3f3781965fb304f30c2b3339cba29579c515115fd23e984a7fb1f0c3c926371c82

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\pt-br.xml

Filesize
434B

MD5
bf5d075fb970e3780c7aea402cb0cd62

SHA1
ac8f55da8994b151f6ab323be763eb7d8f552f3e

SHA256
6dc7ceae0824b5440646d03119e35f88472d2878644c1a7aa176a75e07d5d400

SHA512
78e0433efcd27d2e2a3b1d715d250f36f022a706347e53aabc1b34bbc3637af3697d545ec99b14ae3481f26df9c3c4cca00d27be8e6894cac0c790131c3e7882

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\ru.xml

Filesize
392B

MD5
d1f8df71457b27a5ccd3a1909b7be6fd

SHA1
da7c1cc97d8a7e79af6af2931bd226c46076d98a

SHA256
f4ad29c49b0f6e45cae6e1a42e15b89af93de8d2053f501f57ecc99c961fe54a

SHA512
eca8202c77141fd420554b936ad8f7c4e62224a29b3f2e495db360ba13721510289576cebb6fc28b752b0bdb5c1ed7087dbbfed335e48dc077ab7eaedee6daee

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\data\translations\zh-cn.xml

Filesize
336B

MD5
4b6171521c2a365063ade83c9a4e7c43

SHA1
170ccffa267af141aa6b3f2f4c028072f2eef01a

SHA256
e6377050e3945630a644ec173002d8a085fe2425c859933b2c3a49f149ed448d

SHA512
1f5fcd0302ec696a8c934b0c93416b5903f785d6ac1cb3afc7fa2789c3e421471ae208d07893785d1ac292f1fc59ecb4727cc29719480764aa07ab7417fab4e9

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\fmod.dll

Filesize
1.5MB

MD5
1008e387f52b506a59d4fd3eec375323

SHA1
4c8ee1eb572a6a3125559a93a3660ffbff15066d

SHA256
a15cdfb589a84429601a37d5f156ac62c965b150c3837ebc20e7f2cf68a87a4a

SHA512
0ea90de7d8a4e918cb37c867d139b94ca32a8c713ee2c7b1b2078a4d810b642a4c57c686cc8eeccbbf5431cebd37010b78487271ff3c7698921dccc2ed253eed

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\fmodstudio.dll

Filesize
1.1MB

MD5
e1f7bf986c30bfc542b1f33664323191

SHA1
d47880daefa297c88e796bb70835e7324b0190e3

SHA256
b6180ff6decf117f2e658d1fb5f47a9d943170ae0322dfc94d0c9de692c7c489

SHA512
0c126892993e8725dad6c1709dbcde6d7fefe66ed1e1f22fd7bca8e9326c5b06383aa704da55b07b69ee6a6c088aa2ecb298b31eac691082b90f93ca8744e822

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\lua51.dll

Filesize
347KB

MD5
b10ac564652bdfbb1803194d3a757a9a

SHA1
79358074cad094b6740f8f7503766785583105db

SHA256
8a5ca62b77bb5708a1b45c85808cff1191299be34b49a36168354f3bb87620ec

SHA512
77434f88078ba8fc2ba19f74027826c15cb573ae97a958aadf252d6184ae18b7e9e861af0ca2e9c1304012dd09ba82907165bb327d134d604ea6fc67e65b93ad

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\daily_practice\mod.xml

Filesize
1KB

MD5
190c7c93eb7a0470401237cd3b6ecc80

SHA1
61c5095a6063ed68abfb6bbafdfc70721981cc08

SHA256
1c0fe905f0edafd688956b6b8482d916dc83c4f988ea8aea428bc19f943ca7f9

SHA512
0b070355d76b590e54731e86d66726929bc901d744c27028f56a4401d54dbd9a906259175c7f902aa70d00dd88568fe3cae1f545b6841a287c833e60a671ba29

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\example\compatibility.xml

Filesize
43B

MD5
1904118ed3f3118b5ffa505473e07bc6

SHA1
94369a632be9a340fbac8d19e202d433e67b08b3

SHA256
71aea1af43dbb68d2d03ee16b843b927706e3a3783cb386fa7a7f2afd7c19afe

SHA512
89fe5ff9b98fb8a33b95dc33115e215741b6053d1c185f5285f6fd7686ad1e242dfb93be8e2f5b49cd014a52a9cfd9db60686bec2bd103b6596d6ae68f4528df

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\example\mod.xml

Filesize
669B

MD5
08bbd7a21973749174284be9b844888c

SHA1
47ff95186fb065a6fa1b754a0586cd956f40dbe6

SHA256
8f2c5544f7dc1c80a78b86672f452d804f204acfc523570cdc31e2b1efff9120

SHA512
d280c355a50669a509bbccd2185fda1894810aa3cb5a63500c06e76479e5ffde0f277787021cf6fbe80cd224ca8cb0091800c00bfbe2a4a8a9d7a81e72786ab8

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\example\settings.lua

Filesize
9KB

MD5
105a65a715246cfae168981c7bf2890b

SHA1
f0d95ebd34e6cd3b18bc986f20e1452625fc1988

SHA256
f015bbe40f10d375ac59787f6e51bb3e82fe65dd255308238ff61fbb572ca467

SHA512
e4d57f5ac68e6af57d10879450483fd0cc9b2b7dc7b30bcc000e24f55e677299610d85655bec1f3f79ea80bff28f8bf364a7a909cadb18c410b2648fee908728

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\nightmare\mod.xml

Filesize
963B

MD5
82a58c58835c1bfbd2044c2bc1709388

SHA1
20504367079c9d953982ff4a2ad63c95b5633f1e

SHA256
26a01a617d1b4d52782a08ef13abf65997a84ce351f7396958280f321d17d05c

SHA512
75570375e353059aa9b80dcb42fbb20ab50a587488a5304f265b7a593ab41a945d993329bdc5e6baa9dd50148faa38f31f1b3c1ba92a641ea267937bee0186df

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\starting_loadouts\data\generated\sprite_uv_maps\mods.starting_loadouts.files.fire.player.png

Filesize
35KB

MD5
9851a78509362fa381836103a3cb646f

SHA1
5e27ec2bab5d5a76223bfe9fdb45170f18122390

SHA256
e2b6a611558c64193d3bee941ba66ff5c03ee0a3f28854f36e38fd52fa865369

SHA512
62c75fa85454ce54effbaf6a3731c2fc8509eb2f531fed311c2b26a546eca0884e1b043b9d15afdd4fe8ccee220ac4bd61eebf2dc896558f92aa37ede1d794d5

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\starting_loadouts\files\slime\player_uv_src.png

Filesize
12KB

MD5
bc7b1c1d000ca6e5a3fd81c6b4547e5a

SHA1
1723b7ef8201ea59192df6f46f1a9106b916879c

SHA256
a37c483180fdd92d2f90841ced65f53dbcace91018294ee1f95211129fb177bd

SHA512
6854dd2a943e5df73af56d07c88572db74a78fe0fb762a8c9fa076bfd2553602ac73668cda880e8444d7dd8f97134c0eb786177f2f08e59c7b5cd0073efe512b

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\starting_loadouts\mod.xml

Filesize
572B

MD5
b86dce05e87f0127779431bbcb915c8e

SHA1
86628afd3cc183543efcbc21890f0e96334b39ce

SHA256
e74769efed41be232997e64f8b8cbcc9b98e7b94c7becfcca3ce4aed2b2ec0ed

SHA512
8d8f5c0bd2d916988e0163c1b5e8d03b7c28a5d93ec4a4e17a506383bf45e901b050ebcfe4f93b16443e5fd91c9b23ab3aac617129b9285311676d7d8e22bda7

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\translation_fi\mod.xml

Filesize
417B

MD5
c07522786087bc0da05d066009fe418f

SHA1
1295242210edce78b55a9b467886f209683edaa7

SHA256
a0ef8663b62643a948466a60eafe64bf80b0346c16b858c4c6c689743c334df2

SHA512
aafec2f466c06027dfe41ce2a8d344995ad813666edb88b885124b45aa4b56dd059fef3f243e78af8f180292a0e583f234946a4ea18374b4a68f6c2b0c7a2fa0

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\translation_fi\translation.csv

Filesize
300KB

MD5
a92bc13c411e513c9aeb1740cc68861a

SHA1
29bc310f8aa6035009db303f08e6dd50756cd501

SHA256
ff0fb419c82c0ec7eeda2e72c7a15fe60edff994041526016d0309be2c582c85

SHA512
9cb03714a22a080a456f75fa81c06e29a6c0ee4d540bcf3077c3c5da31714cf61aca3c329b64ede4b4a8fe2ea1164b847131251ffd3abd80a1f487e65ab989df

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\mods\translation_fi\translation.xml

Filesize
399B

MD5
2c00550c56dd6c33ffd81cf5e5364be9

SHA1
9eea71470e0e6da1e8377e765ba4a40e02a9c6ab

SHA256
836f3447abd0e0f4ba6e1ce4d4cb65033579f6d1daef44e9558c2324a9726364

SHA512
230740ea7714c49896c02d0c5aca4eec834b921d488a487099fdc60510c52cd019e3b22c128bc8899c1b8cc8c9fa8ca7806cbeeaefaf06a7b2e82584051aad5f

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\msvcp120.dll

Filesize
444KB

MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Users\Admin\Downloads\Noita.v2024.08.12\Noita.v2024.08.12\noita.exe

Filesize
14.7MB

MD5
06cc19f553bfb571f37be9abba398ef0

SHA1
d10328905b669a6f61d0e81699bcc16c93dd5fef

SHA256
5efca22317dc78156bdffab148a24824952c9a570e1105e8d71df3e85767485d

SHA512
bc01247100b381da79d0cbc6c112a91f19f8fe45c3fc35bdf568ddd252b4c5188df42ea74031897fc00d17a827dc3bc746468b69f02b95808e7d3b75ebe68551

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/2204-2266-0x000000006C740000-0x000000006C83D000-memory.dmp

Filesize
1012KB

Download
memory/2964-2044-0x0000000007FB0000-0x0000000007FB1000-memory.dmp

Filesize
4KB

Download
memory/2964-2048-0x000000006C740000-0x000000006C83D000-memory.dmp

Filesize
1012KB

Download
memory/3476-2034-0x000000006C740000-0x000000006C83D000-memory.dmp

Filesize
1012KB

Download
memory/3476-2001-0x0000000008C10000-0x0000000008C11000-memory.dmp

Filesize
4KB

Download
memory/4140-2161-0x000000006C740000-0x000000006C83D000-memory.dmp

Filesize
1012KB

Download
memory/4644-2102-0x000000006C740000-0x000000006C83D000-memory.dmp

Filesize
1012KB

Download
memory/4964-2051-0x000000006C740000-0x000000006C83D000-memory.dmp

Filesize
1012KB

Download
memory/5056-2041-0x0000000008C10000-0x0000000008C11000-memory.dmp

Filesize
4KB

Download
memory/5056-2042-0x000000006C740000-0x000000006C83D000-memory.dmp

Filesize
1012KB

Download
memory/5436-2154-0x000000006C740000-0x000000006C83D000-memory.dmp

Filesize
1012KB

Download
memory/5436-2153-0x0000000008C20000-0x0000000008C21000-memory.dmp

Filesize
4KB

Download
memory/5580-2263-0x0000021C43150000-0x0000021C43151000-memory.dmp

Filesize
4KB

Download
memory/5580-2253-0x0000021C43150000-0x0000021C43151000-memory.dmp

Filesize
4KB

Download
memory/5580-2252-0x0000021C43150000-0x0000021C43151000-memory.dmp

Filesize
4KB

Download
memory/5580-2262-0x0000021C43150000-0x0000021C43151000-memory.dmp

Filesize
4KB

Download
memory/5580-2261-0x0000021C43150000-0x0000021C43151000-memory.dmp

Filesize
4KB

Download
memory/5580-2260-0x0000021C43150000-0x0000021C43151000-memory.dmp

Filesize
4KB

Download
memory/5580-2259-0x0000021C43150000-0x0000021C43151000-memory.dmp

Filesize
4KB

Download
memory/5580-2258-0x0000021C43150000-0x0000021C43151000-memory.dmp

Filesize
4KB

Download
memory/5580-2257-0x0000021C43150000-0x0000021C43151000-memory.dmp

Filesize
4KB

Download
memory/5580-2251-0x0000021C43150000-0x0000021C43151000-memory.dmp

Filesize
4KB

Download
memory/5688-2157-0x000000006C740000-0x000000006C83D000-memory.dmp

Filesize
1012KB

Download