Resubmissions

09-12-2024 20:00

241209-yq6v7ayrct 10

09-12-2024 19:59

241209-yqfzrsyqhy 4

Analysis

  • max time kernel
    646s
  • max time network
    647s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-12-2024 20:00

General

  • Target

    random.txt

  • Size

    1KB

  • MD5

    690898f1caa00ae10d00d286c5151d2b

  • SHA1

    b6be0d193ec3f5bdd910baa4edcfc71b91175cf9

  • SHA256

    101fc81ae7c75c2430022f77a4e4c5c4fdef9b44b27775100bd4de7b9a9fa670

  • SHA512

    5852810826df1f7fd429070359a34c4f9bf9d71e6136682c4b47b7812e03904f75b31b27ad3b393f782326376713c90866be14931eb5c0e4a2e70624fb0ce17e

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\random.txt
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:788
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\random.txt
      2⤵
      • Modifies registry class
      • Opens file in notepad (likely ransom note)
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2760
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ff88782cc40,0x7ff88782cc4c,0x7ff88782cc58
      2⤵
        PID:1012
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,12843244846974969120,10521573865459650574,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1844 /prefetch:2
        2⤵
          PID:1912
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,12843244846974969120,10521573865459650574,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3
          2⤵
            PID:1784
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,12843244846974969120,10521573865459650574,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:8
            2⤵
              PID:652
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,12843244846974969120,10521573865459650574,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
              2⤵
                PID:4968
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,12843244846974969120,10521573865459650574,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
                2⤵
                  PID:1308
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,12843244846974969120,10521573865459650574,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
                  2⤵
                    PID:2448
                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                  1⤵
                    PID:1032
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                    1⤵
                    • Enumerates system info in registry
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:4352
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff88bba3cb8,0x7ff88bba3cc8,0x7ff88bba3cd8
                      2⤵
                        PID:4012
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
                        2⤵
                          PID:1348
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3480
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
                          2⤵
                            PID:1844
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
                            2⤵
                              PID:3408
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
                              2⤵
                                PID:3432
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
                                2⤵
                                  PID:4728
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
                                  2⤵
                                    PID:4168
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5092
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
                                    2⤵
                                      PID:1196
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8
                                      2⤵
                                        PID:3576
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:560
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
                                        2⤵
                                          PID:3484
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
                                          2⤵
                                            PID:432
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
                                            2⤵
                                            • NTFS ADS
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:2300
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
                                            2⤵
                                              PID:3880
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                              2⤵
                                                PID:1884
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
                                                2⤵
                                                  PID:3644
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
                                                  2⤵
                                                    PID:3780
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
                                                    2⤵
                                                      PID:4200
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4704 /prefetch:2
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:1312
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
                                                      2⤵
                                                        PID:4620
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
                                                        2⤵
                                                          PID:5028
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1668 /prefetch:1
                                                          2⤵
                                                            PID:2028
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
                                                            2⤵
                                                              PID:4480
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
                                                              2⤵
                                                                PID:4872
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
                                                                2⤵
                                                                  PID:2036
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6804 /prefetch:8
                                                                  2⤵
                                                                    PID:5112
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
                                                                    2⤵
                                                                      PID:128
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6128 /prefetch:8
                                                                      2⤵
                                                                        PID:1768
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6802518499679993468,16162460010882619146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
                                                                        2⤵
                                                                          PID:1644
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:1432
                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                          1⤵
                                                                            PID:432
                                                                          • C:\Windows\system32\AUDIODG.EXE
                                                                            C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004DC
                                                                            1⤵
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:1716
                                                                          • C:\Windows\System32\rundll32.exe
                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                            1⤵
                                                                              PID:3932
                                                                            • C:\Windows\system32\NOTEPAD.EXE
                                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\proxies.txt
                                                                              1⤵
                                                                              • Modifies registry class
                                                                              • Opens file in notepad (likely ransom note)
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:3096
                                                                            • C:\Windows\system32\NOTEPAD.EXE
                                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\combo.txt
                                                                              1⤵
                                                                              • Modifies registry class
                                                                              • Opens file in notepad (likely ransom note)
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:2780
                                                                            • C:\Windows\system32\NOTEPAD.EXE
                                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\random.txt
                                                                              1⤵
                                                                              • Opens file in notepad (likely ransom note)
                                                                              PID:336
                                                                            • C:\Users\Admin\Desktop\nexus\NexusFN.exe
                                                                              "C:\Users\Admin\Desktop\nexus\NexusFN.exe"
                                                                              1⤵
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:3144
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                              1⤵
                                                                              • Enumerates system info in registry
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                              • Suspicious use of SendNotifyMessage
                                                                              PID:2272
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff88bba3cb8,0x7ff88bba3cc8,0x7ff88bba3cd8
                                                                                2⤵
                                                                                  PID:4180
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
                                                                                  2⤵
                                                                                    PID:576
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
                                                                                    2⤵
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:4588
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8
                                                                                    2⤵
                                                                                      PID:4068
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
                                                                                      2⤵
                                                                                        PID:2400
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
                                                                                        2⤵
                                                                                          PID:332
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
                                                                                          2⤵
                                                                                            PID:2928
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
                                                                                            2⤵
                                                                                              PID:3500
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 /prefetch:8
                                                                                              2⤵
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:5392
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                                                                                              2⤵
                                                                                                PID:5700
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:5708
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:5900
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:6004
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:6108
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2456 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:5844
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:3056
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:3088
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1096 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:4668
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:5112
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:5472
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6568 /prefetch:2
                                                                                                                  2⤵
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  PID:2676
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:5416
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:5888
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:1080
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:888
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:5040
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:4192
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:6232
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:3376
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:5268
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:6440
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:956
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:1016
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:6776
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:5156
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:5376
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,11621578501173043327,15947179560977788489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
                                                                                                                                                2⤵
                                                                                                                                                  PID:1504
                                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                1⤵
                                                                                                                                                  PID:1320
                                                                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                  1⤵
                                                                                                                                                    PID:3608
                                                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                    1⤵
                                                                                                                                                      PID:1420
                                                                                                                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\proxies.txt
                                                                                                                                                      1⤵
                                                                                                                                                      • Modifies registry class
                                                                                                                                                      • Opens file in notepad (likely ransom note)
                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                      PID:3356
                                                                                                                                                    • C:\Users\Admin\Desktop\nexus\NexusFN.exe
                                                                                                                                                      "C:\Users\Admin\Desktop\nexus\NexusFN.exe"
                                                                                                                                                      1⤵
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                      PID:2580
                                                                                                                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nexus\Results\09-12-2024-08-09\2fa.txt
                                                                                                                                                      1⤵
                                                                                                                                                        PID:7008

                                                                                                                                                      Network

                                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                                      Replay Monitor

                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                      Downloads

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        b3da975a95619740f938ce2edd1b7ba5

                                                                                                                                                        SHA1

                                                                                                                                                        aad7ccbd90df0a8f40517c6a70e250a47e865368

                                                                                                                                                        SHA256

                                                                                                                                                        84fe6937d3ed186adabf0b976754b1b0977952efbb48e3085c2312ce84a9751d

                                                                                                                                                        SHA512

                                                                                                                                                        d5e7397c265088efefe1e60626752caaebfd5cae5efc99f654cc307d40f64e94716b6e0421e6b907bbdcbb0a067b61a94591fc7821d01d0985cff0110ca28479

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                        Filesize

                                                                                                                                                        2B

                                                                                                                                                        MD5

                                                                                                                                                        d751713988987e9331980363e24189ce

                                                                                                                                                        SHA1

                                                                                                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                        SHA256

                                                                                                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                        SHA512

                                                                                                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        356B

                                                                                                                                                        MD5

                                                                                                                                                        d4bd8ec173de7a034e8d6009f03ee290

                                                                                                                                                        SHA1

                                                                                                                                                        c445de9622f6e57f134774a2665c5ee590d408dc

                                                                                                                                                        SHA256

                                                                                                                                                        40373d0b77a1fc56a2bda93d673e4eccdaf5921307737df086b8f20d000d8d8e

                                                                                                                                                        SHA512

                                                                                                                                                        19563c8241ed694deadb6f588d77db38c64077195b2f159bd13d94177628ff47a54aadb9178bb03e81ef5fc03a73dc1c25d8b75fa6df6d9114aa63c58e9d67b3

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        8KB

                                                                                                                                                        MD5

                                                                                                                                                        614d0693b8c3719a4284fa92da55bc3c

                                                                                                                                                        SHA1

                                                                                                                                                        a0cce1d3efaee7a032a9bab7964ccb27252b803b

                                                                                                                                                        SHA256

                                                                                                                                                        d02e596f4e4d16654b7ea10089298a1eabee7a5d97d2fde9ca8a7a071b489421

                                                                                                                                                        SHA512

                                                                                                                                                        ace26404edb89d722d51b7978a2e827104c81a708a612b5ccdbe1359ddc51218541862bfcd0c6251cc2dc1b97fcd72a219f3cef32952e2267a70df623dd44ab3

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        228KB

                                                                                                                                                        MD5

                                                                                                                                                        c86505bf4aeeab5cbeb7c88213d4fb03

                                                                                                                                                        SHA1

                                                                                                                                                        3ee75b98f0080969217ca84c1b72ec78e3542a8f

                                                                                                                                                        SHA256

                                                                                                                                                        3fe8a9f118e523d1940f80d4b6644262cda02cc45a23d3359f412549453df6c2

                                                                                                                                                        SHA512

                                                                                                                                                        658dfd3f9dda41d70355704addc8a939c00e62ea8b0ecefc76d855f00edf88cb07856184b62be15a2dee59e114a8565be52f0c8bce57df55a1b15b574c0c83d9

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                                                                                        Filesize

                                                                                                                                                        264KB

                                                                                                                                                        MD5

                                                                                                                                                        f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                        SHA1

                                                                                                                                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                        SHA256

                                                                                                                                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                        SHA512

                                                                                                                                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                        Filesize

                                                                                                                                                        152B

                                                                                                                                                        MD5

                                                                                                                                                        02a4b762e84a74f9ee8a7d8ddd34fedb

                                                                                                                                                        SHA1

                                                                                                                                                        4a870e3bd7fd56235062789d780610f95e3b8785

                                                                                                                                                        SHA256

                                                                                                                                                        366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

                                                                                                                                                        SHA512

                                                                                                                                                        19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                        Filesize

                                                                                                                                                        152B

                                                                                                                                                        MD5

                                                                                                                                                        826c7cac03e3ae47bfe2a7e50281605e

                                                                                                                                                        SHA1

                                                                                                                                                        100fbea3e078edec43db48c3312fbbf83f11fca0

                                                                                                                                                        SHA256

                                                                                                                                                        239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

                                                                                                                                                        SHA512

                                                                                                                                                        a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                        Filesize

                                                                                                                                                        152B

                                                                                                                                                        MD5

                                                                                                                                                        be8983c45152765cf6b429a3dfa9609f

                                                                                                                                                        SHA1

                                                                                                                                                        1e162eedfb3213c1ab1ec201b4aa7ba91b319828

                                                                                                                                                        SHA256

                                                                                                                                                        106989065e76bd600640c123cd1d2fa8af8c6e00a17e264a94a988ff6653b727

                                                                                                                                                        SHA512

                                                                                                                                                        429d79d7e104cbf7d1283fec2809a5d1dab38492c7b24eb447031f4ad44637bc5df16be1b04f74bc09adc1523aef90ceb402ed05da511286314e64e1922bf9aa

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                        Filesize

                                                                                                                                                        152B

                                                                                                                                                        MD5

                                                                                                                                                        8956fdd8a81812861268518117d3da32

                                                                                                                                                        SHA1

                                                                                                                                                        6862b764b28d922a11845bd940849c313e04c583

                                                                                                                                                        SHA256

                                                                                                                                                        c93f57a78ad76e23e1d86a9553e5fad085e40d85e97d62295cd5735f0b9ce020

                                                                                                                                                        SHA512

                                                                                                                                                        8f1532f7aad5ddfc56df1a629c983f8ba948d23c66371eec31393b6e1814ca3a37d14bc79bef6d74e27a5dc150d13b8c331a9a8300fc63f541c79a964d710088

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4459bfcd-9752-4c20-ad73-4a2e08f866fa.tmp

                                                                                                                                                        Filesize

                                                                                                                                                        1B

                                                                                                                                                        MD5

                                                                                                                                                        5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                        SHA1

                                                                                                                                                        3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                        SHA256

                                                                                                                                                        cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                        SHA512

                                                                                                                                                        0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

                                                                                                                                                        Filesize

                                                                                                                                                        119KB

                                                                                                                                                        MD5

                                                                                                                                                        ab02f19dfaf1c1a531d221dab55c767d

                                                                                                                                                        SHA1

                                                                                                                                                        1bc300cd763e71699f538cb0846cdfbba459cbba

                                                                                                                                                        SHA256

                                                                                                                                                        0f5add159aa176c3b736f90f17003cff6b6fc70d5198f5c18b184d87df94d471

                                                                                                                                                        SHA512

                                                                                                                                                        c5b358337c77d848a4dd7f0476ca4b7712392b2cca7bff4f5b0b3517851962e9ce09109b5f281bc6927945776f0735e0dc930e0cd939d1332a9a1087e8446c24

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        72B

                                                                                                                                                        MD5

                                                                                                                                                        86f7da23048b375e206cc366599cef41

                                                                                                                                                        SHA1

                                                                                                                                                        92bbfbacb2dc6890ed775a639a2c06d59fa0ad06

                                                                                                                                                        SHA256

                                                                                                                                                        93cc2c64e4383fec59804ea0752458a83eb6a8051d54abcecfbc56786e301ddf

                                                                                                                                                        SHA512

                                                                                                                                                        c04056cd9fe83a15cc96c318971782dc0032317fa11f909463dc039d0d30de2e5ddbda68a72a29bc92c63c7eb3369f20d8f3ec85328ac3b264e4464e84ca91d3

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        3KB

                                                                                                                                                        MD5

                                                                                                                                                        b95c38e61e92f62559f38f468b602472

                                                                                                                                                        SHA1

                                                                                                                                                        b3b18987e44811ffedd37041e9712cc5c27b9266

                                                                                                                                                        SHA256

                                                                                                                                                        40b61ef2ea224de61c8a9d89ff92bc10d3bf80791816549ea253aad4b79d4df3

                                                                                                                                                        SHA512

                                                                                                                                                        9a4efdff5e3f19cfbf4e1b490fb9f8151f295097a64fbee30e697bfeb41b5fbbe666f6c39b6a98b4bcaf7fb3c7fe0e853b697cbcede34025acf1645d4a42d074

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        5KB

                                                                                                                                                        MD5

                                                                                                                                                        3f026666a30b598b5e82d2efdd4f6838

                                                                                                                                                        SHA1

                                                                                                                                                        57ba47d1bb32208fe58d685d2bd97d5ef986f0d7

                                                                                                                                                        SHA256

                                                                                                                                                        333c99f10ebb4f5e4ad5c3281a2480722521825e0d98532dcb8d52ac4824adaf

                                                                                                                                                        SHA512

                                                                                                                                                        3e129d5c33b56d2c43d42c9d00ef7e6cbb76a52880942c5968a368f849cecce68ba04738b6c8c147e7b2efec13538a5403eca378fa5dad2adacf1bf6dd28bcb8

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        5KB

                                                                                                                                                        MD5

                                                                                                                                                        a8a790a05a34319b74f5d2780550775c

                                                                                                                                                        SHA1

                                                                                                                                                        0739db6e9afa70f7a5b4c4fc2f2c29c5cb0a7ae0

                                                                                                                                                        SHA256

                                                                                                                                                        f7545219deb509a650e1cb3163cd48ade0f35736812ef2a04fea5cd2ff8ca380

                                                                                                                                                        SHA512

                                                                                                                                                        36a94c0dbbf0a3ea7cc2a019ec7d1e7b660b75debb68c34d1266b80c5bd251d79d8b7b5b659565bfb679730ee0b4f1b8dbd3b553ff4ee46bb506c42515b58210

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        3KB

                                                                                                                                                        MD5

                                                                                                                                                        7f07af73c6836b7f473fb1abc8954b9a

                                                                                                                                                        SHA1

                                                                                                                                                        51d379b24631f01d8df4358a84affe23bc01ccd2

                                                                                                                                                        SHA256

                                                                                                                                                        96b121ee312ff43240347b590a48ac2d784f13e5ea8fc89473f87e681cfe8b12

                                                                                                                                                        SHA512

                                                                                                                                                        59b0780a66be2ccad5629ab232d3fed5d33e43051f951842e81d08ecba0e0e52a9106767b060445a42265aa5512d015e4f72dbe28f409fb6b636555964d15a04

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        6KB

                                                                                                                                                        MD5

                                                                                                                                                        3ea195e3c8b617baaea804b023b34a32

                                                                                                                                                        SHA1

                                                                                                                                                        2cadb4a4f1d936a916c9dc47bd89cb8bd0d24df3

                                                                                                                                                        SHA256

                                                                                                                                                        4deed52d4b8eb09380a748055d7ed63697681297ae6eb62ff512bf0eef68d56a

                                                                                                                                                        SHA512

                                                                                                                                                        9261a7afaac09d38c0d1b9f0385d0460ab85ce1b864dcb94f499bcf05d862c241a4860b762b16ac631547655f38985a396c48ccb2f2c34a7fbf8ee614d9b4107

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        647429e249915cc7599cf8a56d75202f

                                                                                                                                                        SHA1

                                                                                                                                                        9a405d0f120f18dc5de4e8b2caa75e5befded459

                                                                                                                                                        SHA256

                                                                                                                                                        27c939531caf10cfc81e58d2ced417bc8a50b9eef10fe40c048d397dba06ec30

                                                                                                                                                        SHA512

                                                                                                                                                        a020b5062e80b16a7c205ab63bb343a66ac81c14463951fadff6e3441740a919ff80ff1f8334626b5c91bc6341d82f4202fe6f1d743b4a7e1b7ba377e9623d0c

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                                                                                        Filesize

                                                                                                                                                        28KB

                                                                                                                                                        MD5

                                                                                                                                                        41c1e1c2e7940f89427b53b8b7603909

                                                                                                                                                        SHA1

                                                                                                                                                        97375dc2a94473af0df6d6282d861ba4a2dfc429

                                                                                                                                                        SHA256

                                                                                                                                                        72e4a73036fc24302e9c4c3ed946d677dfbcb3a731ed43328e30a173c204c378

                                                                                                                                                        SHA512

                                                                                                                                                        8aed2a7e726bfb978e086fa706cea7635459f417a906d88cfd6c70b816bf8b3a9bff315ff4fb761f5c04907254094b0f19d458fda6312e0d83bf1f7bb1ec4656

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

                                                                                                                                                        Filesize

                                                                                                                                                        41B

                                                                                                                                                        MD5

                                                                                                                                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                                        SHA1

                                                                                                                                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                                        SHA256

                                                                                                                                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                                        SHA512

                                                                                                                                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                                                                        Filesize

                                                                                                                                                        264KB

                                                                                                                                                        MD5

                                                                                                                                                        58a34c62503db8a2b5a5e25ef3f242c6

                                                                                                                                                        SHA1

                                                                                                                                                        8d639d1f72146d57426904bbeed3a86aa322d202

                                                                                                                                                        SHA256

                                                                                                                                                        60def166e22e0f47bfc21c9f8742404ec0157e805c6c5003bc1d94cee14472e0

                                                                                                                                                        SHA512

                                                                                                                                                        244ec416958edc44fd8fc77e69e268e92a3d5bd007320dcf0a2eb0b44f320e7ff7e8b4222a516efe5dd9aeca280cc80f1cac02915912349a23fbbdaf64a34aae

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                        Filesize

                                                                                                                                                        116KB

                                                                                                                                                        MD5

                                                                                                                                                        ddcabbc271241cf1ab1eb5bd7738161a

                                                                                                                                                        SHA1

                                                                                                                                                        36e85ecb58374630093217d4bfbe29232d8e7dbc

                                                                                                                                                        SHA256

                                                                                                                                                        fc406c5c869fe9d1522a7588b47078771eeb407acf16c288cfc5132897fcfe59

                                                                                                                                                        SHA512

                                                                                                                                                        6385e13db5604bd6083df02628ae49bda662fb4d1e534eee02cbe743151233268edcd2f7153cf9b7c66448e68953df2643f6a947833014d299f5d43e03c93212

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        MD5

                                                                                                                                                        5d5d4abbe5d9bd1c9542b409acaefbc5

                                                                                                                                                        SHA1

                                                                                                                                                        dbf602f10fe02279ab91737068770154fc6ff4d6

                                                                                                                                                        SHA256

                                                                                                                                                        8d7fb42f1a2459b695c3586227425dac2ab86cf1eb92f5454f4d525103619c32

                                                                                                                                                        SHA512

                                                                                                                                                        930579e3b85141b02cfa93560a74d08b2c9e6416dd108ed5ccce6d8ccae7fb93477684e1ca7e10ba2896cad69236610cc5fbcbfafb9fac3b3080c6bf17e4090b

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        188B

                                                                                                                                                        MD5

                                                                                                                                                        008114e1a1a614b35e8a7515da0f3783

                                                                                                                                                        SHA1

                                                                                                                                                        3c390d38126c7328a8d7e4a72d5848ac9f96549b

                                                                                                                                                        SHA256

                                                                                                                                                        7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

                                                                                                                                                        SHA512

                                                                                                                                                        a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        5KB

                                                                                                                                                        MD5

                                                                                                                                                        a6437f6ab6529c34ca865118884200e2

                                                                                                                                                        SHA1

                                                                                                                                                        d2e10dc1edf60958db99f6379911f6e757afa33f

                                                                                                                                                        SHA256

                                                                                                                                                        1d78fd8a36213e46c631127425e153eb1feecd8c611c0a6a52cf7b312fa088c7

                                                                                                                                                        SHA512

                                                                                                                                                        54a524e92ebcdfe286e632bc3825995a7cbce33edf851d0a9f6c427bb15e633d8054ee0eb2a4a717dcbfbbeb921f91bd2fe5796c49ced57077152b9e317058d2

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        935B

                                                                                                                                                        MD5

                                                                                                                                                        3458ea18b285ec3a3fa9843d54ba6161

                                                                                                                                                        SHA1

                                                                                                                                                        27e7a82ffcb2b2c2594ed40637e521a0ae904946

                                                                                                                                                        SHA256

                                                                                                                                                        b0af4e0861fc9ba5514a294ba2d721f150f35ef66c19d44cb4c662fae6adc5c8

                                                                                                                                                        SHA512

                                                                                                                                                        91ba404509d91e8e221c5ce60c5e490eecd6b0acfbc32948e6a64665e6246b536b48e6f6fd4560174f5f07c1350698b5457994873cc7e34683ace44bb541addc

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        d2c16d5611ea6de343ade240a2391b0f

                                                                                                                                                        SHA1

                                                                                                                                                        b62489638be6f26d3517d138a80b444c78401c5e

                                                                                                                                                        SHA256

                                                                                                                                                        7f75f678b56e2cd78334a9e1fb839f6f2ddea669e8eb8f69e3404d6f110f370b

                                                                                                                                                        SHA512

                                                                                                                                                        f0418386f5f55ed128fd54ff2b11bb187f61568758ab3c6412a296168affc0f78a832ff6912180751ca084c474dac7f752a783a743177ed3d2d0f43e5fdc0fba

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        8KB

                                                                                                                                                        MD5

                                                                                                                                                        798f40865ffdbd3bb991c444a9494d1d

                                                                                                                                                        SHA1

                                                                                                                                                        1fc71dedbc19aa01f4d0df6dd9936620878c8c54

                                                                                                                                                        SHA256

                                                                                                                                                        460e93cb34a9958553b78edb0ced88adf91811c8d864a6b44779ed94cb455c26

                                                                                                                                                        SHA512

                                                                                                                                                        e517668b93a67d060c412e1257c3615aa7687456206b21be139ed269dbdd8669083fe5c03e65ea1ec14ee4a40bd429aef6da585cb11b1fdef214da73d2bd6f66

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        6KB

                                                                                                                                                        MD5

                                                                                                                                                        82ffedf0497069634397ab638b06d02e

                                                                                                                                                        SHA1

                                                                                                                                                        0938b911f94653c53de309f819bc83a10cc2b543

                                                                                                                                                        SHA256

                                                                                                                                                        ff00ae6bd0aeb7049c4971e38a322ea1b0d3ed8bb839f37b4dfc17d04ade8bb5

                                                                                                                                                        SHA512

                                                                                                                                                        4926c3e1c36478e853d42f8c8e3592df452544a5c9539c74f0bc2fbdf9f3315947dc665275c48347134d23218668adfce87b309b196b453959aeb4f8c6306bf1

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        b2d97241c22c01cdc4e4117c53972bfb

                                                                                                                                                        SHA1

                                                                                                                                                        6666c3b6b773c92d012220b364e3a29c52af5332

                                                                                                                                                        SHA256

                                                                                                                                                        132f9073cdc750731fe529c6b668eed188edf5fdb53bcf24f9f660ce842256b9

                                                                                                                                                        SHA512

                                                                                                                                                        93011641cb8ceb8fad2d2c403887b604a6e99ad0179da5a680304f93d01f1f0023e4a7e919cec137a5eb20906c9b3ad22828fdc0980dbc35324290014c0e1bc4

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        1fb5bea7ba1f9eff7e04f096ad55ebc2

                                                                                                                                                        SHA1

                                                                                                                                                        a82fda8ed3473334d176f3813eeee9d51681f7d3

                                                                                                                                                        SHA256

                                                                                                                                                        f5171c90c15791a6e896cee8768835bd346cc28b26fa92afbb698c11e2f9109f

                                                                                                                                                        SHA512

                                                                                                                                                        9ba26f2a6eecee266eef2273f572660107237548f1f459b1d43895c2ecc101afd32c3d20d2d594a4009f7fc0dd4b6ed0d4a3ff62ec352a9ef8079633270d014a

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        a4a92c98f15987fbfc4e4f9b0abbebcd

                                                                                                                                                        SHA1

                                                                                                                                                        45306197517ef3538cc38ed7be73e64d7ff04414

                                                                                                                                                        SHA256

                                                                                                                                                        688a3121967187507ddc5378c193799236be44dbe3b93537f19abeccec3cae3f

                                                                                                                                                        SHA512

                                                                                                                                                        3280fd5ec6392a57aa5cb7e0831726a363161716a81633f31e8dd6556a3848098f2f9ae5be622c2f0c94a531cbe35c7207b5b9cbc47116dd749a61cf0ffe96c7

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        936f8172662dfcccfbf6f15ad7a1ffb5

                                                                                                                                                        SHA1

                                                                                                                                                        758a1e80defabdc656656115fb3e8ebe8ebfaac6

                                                                                                                                                        SHA256

                                                                                                                                                        4da23adf27c3d9425b2e71b13ba3899a84a5302761aec51c35dea233074fa995

                                                                                                                                                        SHA512

                                                                                                                                                        25d132b1d9e5da8cfb2f87359cab084b5c2351fc8b35256080a6e6cb1c5311c2b25c57965bf4f1f7b419099a337382f62696d41a64b523ab4e880994e4e65a1a

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        6KB

                                                                                                                                                        MD5

                                                                                                                                                        05f85360edb5a256a13b2280999b6013

                                                                                                                                                        SHA1

                                                                                                                                                        1e7d9861b9913c262890f42cb42deb90c91379f0

                                                                                                                                                        SHA256

                                                                                                                                                        d2167e9e8b1567835d02d2844f7ff707f265e37b25513b38486bebac6509de3e

                                                                                                                                                        SHA512

                                                                                                                                                        828d65061fb26f1d19e6fe16b5bb83fecff5a067f97d358467b8e071baf01866558a79788da02d34a097dd6cb239d3725c77f26ec94ef88d5d5fe066d4727bec

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        8KB

                                                                                                                                                        MD5

                                                                                                                                                        60d44cce5800feb94b957df6179cf3e2

                                                                                                                                                        SHA1

                                                                                                                                                        85b41fb372cee6560cbcf56fcbe33c6f9838ec40

                                                                                                                                                        SHA256

                                                                                                                                                        6fb2ef43bad5712268a47c153f1d183cc53ff2398c6591ec76c8d28f5f8517f3

                                                                                                                                                        SHA512

                                                                                                                                                        f5e1e48c0cd4e85b3419489c83b852073d783419a399ec6b6c946e7688f0743e63841376bee9c2abce749e513f938e7ddeda2984db868c56ca0ff8b540673e60

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        bb59d60e23d1d8a7586fce1fc121a574

                                                                                                                                                        SHA1

                                                                                                                                                        3fc63443215fcc3dae341ba6a2c4256cb7dbc067

                                                                                                                                                        SHA256

                                                                                                                                                        43a5530a70916dd162cc1c7701be5632fd7fa32ac5141d89c7f6ef4dbae4a8a2

                                                                                                                                                        SHA512

                                                                                                                                                        23f997ad4a0db521bd8a546ebf7a29199d3a2bdbee789cbe363c639ccb9136caee215bcbc81b332055fb61d99d59bf3acafbf33c771b116853e80f62308b27fe

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        11KB

                                                                                                                                                        MD5

                                                                                                                                                        e55ef6462ed48f6b84ba3d542abea3a4

                                                                                                                                                        SHA1

                                                                                                                                                        6cabf61089b304712c695916e303c5b035ce5f9a

                                                                                                                                                        SHA256

                                                                                                                                                        cc18fba1ab58ec0195ac68b1ad0a214774afdff3182d734d480bff01c5ccb37d

                                                                                                                                                        SHA512

                                                                                                                                                        2dcd650c617faff006e96f2c758b2dcf437eda6e1a2ebecf41e1abb3883b40c245e92d44efa4e2c095f65ec40523d109fd4d84eba7251338b23c114632b62735

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        5KB

                                                                                                                                                        MD5

                                                                                                                                                        6c4e20610d9fead8912a96bed4fa70bf

                                                                                                                                                        SHA1

                                                                                                                                                        ac67022eda2e3540800fe017802ab697955ec345

                                                                                                                                                        SHA256

                                                                                                                                                        d91fee31c5ed26fc6fb52a0fbe246501b4cd5d69ac26d8a87feaba8962bae98e

                                                                                                                                                        SHA512

                                                                                                                                                        bdbfd3b204911a413040d93726471417841848434e431629a87090c589511a4d5bdb40a64a1980513f9a7558916de47746d6d683f4949b1214f72cc482db043a

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        662c466c3f7f4ab89ab77c8afb21a105

                                                                                                                                                        SHA1

                                                                                                                                                        52ec906e33e0e5af5a63165f46c809a888fe3308

                                                                                                                                                        SHA256

                                                                                                                                                        1085cd95d068c515d3b3dcb48f8ba050ea3f7b93d9aa3eca851113420dfa0384

                                                                                                                                                        SHA512

                                                                                                                                                        c77ad68df080753c3bae495b61afd4cff8a587385c9b31b197a2024b65676ccc6d6d692e869f8f045e9d5aa5193c75875888e5f7497920bab1dca69d9f1a9fc5

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        6KB

                                                                                                                                                        MD5

                                                                                                                                                        084d319bb7fbd47fd600fc361464ce4b

                                                                                                                                                        SHA1

                                                                                                                                                        71e9c70a5f6f71aa6fa233669f76d80f513c128a

                                                                                                                                                        SHA256

                                                                                                                                                        7cef340a6e3d7454f3c2cc2e857c8bdf124af8dc5ea33b8b8372cbcd1b65e7c6

                                                                                                                                                        SHA512

                                                                                                                                                        19265e7734221677936b5b510ce7a40a4faa6bfb18fa60353e34274069ac002e7c15d08cf0e06f158416d70379f5c8cc37e40fd0fdd9b4171edd03e4ca2e52e6

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        2b1a64bec66fd6b81b651d050eb4b39b

                                                                                                                                                        SHA1

                                                                                                                                                        b99c9abdf1d45bda287b2f68e6b825e6f095dccb

                                                                                                                                                        SHA256

                                                                                                                                                        84e7b7ef7c4df20f547931683962b86d00dabdbc61c2c74ad12416faae6add6b

                                                                                                                                                        SHA512

                                                                                                                                                        1dbdc017071e9ecb1fa341648277bae338f95d70e25701c1313f162776fc95c8ecd9da2c1a3e4871dcaa754e3ceb33a8d0c4cf4a8f44f966735806fce52ead10

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        5abd954cbfa7c0edc0177b80a79660eb

                                                                                                                                                        SHA1

                                                                                                                                                        29b7a3588305fd8452ce63b27ef08786398a12be

                                                                                                                                                        SHA256

                                                                                                                                                        7e4b2cd6cfcd1759c94a4b189afb02b6d669caefb2bf93a7331fe989b8be1836

                                                                                                                                                        SHA512

                                                                                                                                                        4599dc83777d5cc127ce595d2721e8a638df1c53efe9ba68717196db835d6c3f4701bc7225068fcf6b1b32163e42cc5d83ca9d70a8e56846dd046bda373fb40d

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        4bab144065b1949dd6e56977734eca63

                                                                                                                                                        SHA1

                                                                                                                                                        78f3753c188d188f86f2424eb4b64915b4713278

                                                                                                                                                        SHA256

                                                                                                                                                        3a7a1486cfcc4c58063e2424696c45699b5f2b866bf952b6f326408802bb3320

                                                                                                                                                        SHA512

                                                                                                                                                        0fd2d6949753b4aea21056fea758a2e5e8b9c178d771d649f0a39612a3be55b9638c6487d9f2f625511666b7f42ac86f8cae7dc1b21bdc9f327ea788860b417b

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        5KB

                                                                                                                                                        MD5

                                                                                                                                                        aef367568fcef54f27a2f93b1bd1ba5e

                                                                                                                                                        SHA1

                                                                                                                                                        3843facf7408b84cacb3c89cce0ccece083d15b1

                                                                                                                                                        SHA256

                                                                                                                                                        0ddfd3a82550a797ab7dbf8c3ff5455b69ef83099f37d463ab9287223003bc64

                                                                                                                                                        SHA512

                                                                                                                                                        9e8a3f515830945ad1e0dd522c5bdc669650d5cd1745bda60de8de5d2450926c012362107949ef4dd8661678707fcdfbfa92008623368355421b057ca2ec78e1

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        b2f3c95ca45d579eb05dc54d18060fb0

                                                                                                                                                        SHA1

                                                                                                                                                        b591153c6b29bb2e2399454ee21b7bd4f9500632

                                                                                                                                                        SHA256

                                                                                                                                                        70f4dfd262ae0b537baefb2e827372f55ba86a136de71226b38304b475a32d6c

                                                                                                                                                        SHA512

                                                                                                                                                        94374371375db573cec132f215d99845b8a5e3fbff75a79629da85306282596a7196ca39cf6288380c4e3c16e60426985df85eab20dbdfac43a05bd50d105c4b

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        11KB

                                                                                                                                                        MD5

                                                                                                                                                        a161bdb731d3ce99140fc8cd5cf3646e

                                                                                                                                                        SHA1

                                                                                                                                                        57410329ea4161863e20331067ef1d369b63524b

                                                                                                                                                        SHA256

                                                                                                                                                        772502a6f9782c0359335eb937707e76e2c70dcac6e8019a8444a85f272dec8e

                                                                                                                                                        SHA512

                                                                                                                                                        605942891d6158da0055c7c715979c7c4e38250cbb6dc9786057715e398efba7a7dac2e26f8e0b1e9016279c758636de7f3d193a08860c739fe4a4f006a0bd0a

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        8KB

                                                                                                                                                        MD5

                                                                                                                                                        4767067adf2f9b31e8987db2b423e68b

                                                                                                                                                        SHA1

                                                                                                                                                        d7c5ecb997675be0464b834880c0f08df2c902c8

                                                                                                                                                        SHA256

                                                                                                                                                        a7bbb1106522e6f23abdb90b3f220b8d82ac68929069beae101c7f6c2f7c3dc8

                                                                                                                                                        SHA512

                                                                                                                                                        48e2e4849da9d28b869ec42392d667c65c66e3d2ad3aef9bf663d522361e13c889325c5e3d0bb99d15991617d2ecfa5cfa1bf0d87a917d4c35a32f2196207b6b

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        222aad13fb302414cceb57bcd577963a

                                                                                                                                                        SHA1

                                                                                                                                                        1ca4d9cf3c4e9489f2d08f956c7c1d46633fd19c

                                                                                                                                                        SHA256

                                                                                                                                                        d0201fba1d534f1c26f7c10fbcd5984e688f2efaf759368a94e1da6ce1621784

                                                                                                                                                        SHA512

                                                                                                                                                        f35468f3d925646e04942ff41e63e4efb671aefdf95571507e910df5300e34ef241e3ffa8b15550527f5bf452536fa54da75eb583bde46b78a91d489bc3e50ff

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                        Filesize

                                                                                                                                                        295B

                                                                                                                                                        MD5

                                                                                                                                                        73ff1bd557c151933ab8fef95185523f

                                                                                                                                                        SHA1

                                                                                                                                                        3da4e7e205478d3a02b25dd058b55472e5bd8fa6

                                                                                                                                                        SHA256

                                                                                                                                                        d710f972b08de0237e685ef4230a4122222d45b67c3a0f367ce4ba006d85edae

                                                                                                                                                        SHA512

                                                                                                                                                        9df1060d3ee58451409aa140c9fea388b336f822d0267500c02426268df87eb110ce5e4ec3bc952b384e49188c4f616388e320610ba47b2e268e0d6e4f403ace

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        96B

                                                                                                                                                        MD5

                                                                                                                                                        fb1ff32eb6a6e61a90e9723f0803feed

                                                                                                                                                        SHA1

                                                                                                                                                        bda4957b73e98797353853461702169c906da7f4

                                                                                                                                                        SHA256

                                                                                                                                                        02fa64f61e1faee9247c3af668d1ed02628912f6daf934c482768ea18dc43638

                                                                                                                                                        SHA512

                                                                                                                                                        d9e586e676dda18b6a272ae51e338769f3466d8129190643c53283c2611dc1bfa957a1d193ec03e6094d4340f59ce107af51b6fcb296276dd9224aa5130b5398

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        72B

                                                                                                                                                        MD5

                                                                                                                                                        29aee3c0b53272f20efc230f2e270540

                                                                                                                                                        SHA1

                                                                                                                                                        33ab48e4f2c657ad0b8d097fbcd6b7481bc87aab

                                                                                                                                                        SHA256

                                                                                                                                                        37661a7aa40290848645582e387d1874fd12ce3053556541071802a443cff672

                                                                                                                                                        SHA512

                                                                                                                                                        023d1d025fbdbafc9c5e399f93ddcec5479dbf6171fa9fe8ee044b4dd9d29caeaa4f12775c0eec53b18452d99defb26ebbe3421807e82458b4c60cd2dad96329

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585176.TMP

                                                                                                                                                        Filesize

                                                                                                                                                        48B

                                                                                                                                                        MD5

                                                                                                                                                        75bba572e13f67896a6341cd77f92d09

                                                                                                                                                        SHA1

                                                                                                                                                        9b9647b67c6ce155e395abdb9d5ff6e9f2643cf2

                                                                                                                                                        SHA256

                                                                                                                                                        25b4d3582666bd7b345f5dc21bc10fedb5b45560d2a4aece3508107cb1a93cc9

                                                                                                                                                        SHA512

                                                                                                                                                        584cb2ced105dd4d71eb9e8792b28c2998889034c6412199ac599d148caff8a3f99b300c0933ce3371f78d6f7fa12ad1ec7cd63068a375f7415e5102f165bbe8

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378248054994011

                                                                                                                                                        Filesize

                                                                                                                                                        46KB

                                                                                                                                                        MD5

                                                                                                                                                        1528a8c128b9484e0c8dd0aa50001b5c

                                                                                                                                                        SHA1

                                                                                                                                                        af2127a773096d7a41e7a340f1bfa9ca65b4e3f9

                                                                                                                                                        SHA256

                                                                                                                                                        fc010f475ed415d362e4ef71dc58eb393ab3029a623d77f6d6900336b0b5cb1e

                                                                                                                                                        SHA512

                                                                                                                                                        0ec3e614fb5d277020c1aa9ab2aba93e17270ca1108592a64b4a311c63eee3c26eac016c0d995bdbb6f6c2c27fafade1ecf478418204fbeaa8bbde6858ee6bf5

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                        Filesize

                                                                                                                                                        319B

                                                                                                                                                        MD5

                                                                                                                                                        be914a0e18e736a128b2231867940373

                                                                                                                                                        SHA1

                                                                                                                                                        25fbe0d9132ea03dbd7b0c874216e1c6201927b2

                                                                                                                                                        SHA256

                                                                                                                                                        c7684840f3951b9157b4fce90a48e7d4725b680586fedbe8adf69e06d1b0d797

                                                                                                                                                        SHA512

                                                                                                                                                        cfb6c7b040c740de770ff9f87d95044d71712849b342a898a9c41960b97b1defa14fc87d64f4e7a8d35f21d1efaf1d88fc54a5f02a284250acb34cb380caea8a

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                        Filesize

                                                                                                                                                        350B

                                                                                                                                                        MD5

                                                                                                                                                        184237b349ca0490dc8d7b09948240fe

                                                                                                                                                        SHA1

                                                                                                                                                        0ecdea89b2fd9ff6294c10839b1e716b625c6ca9

                                                                                                                                                        SHA256

                                                                                                                                                        257d53fe8757dfe1d863a679a5332fb9c612e68cc4114c7071718667a2c1a416

                                                                                                                                                        SHA512

                                                                                                                                                        37bb7c55f2b92eb70493cfbfbcbc8cfed7d93cabe9223f5cc6950fad99b8d1f849623b0361d633250544319e07a8394b5bb877967d7b776b1b0968a20735e318

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                        Filesize

                                                                                                                                                        323B

                                                                                                                                                        MD5

                                                                                                                                                        27d0b62e5fae699b9ef4d8e405525a88

                                                                                                                                                        SHA1

                                                                                                                                                        78b124e17763d5964fb1ab77693ce91edd1eab22

                                                                                                                                                        SHA256

                                                                                                                                                        da44478640339ba6a7dbb39fc4fa8e674afad73ecf9d362ccb88190a6d9dd14f

                                                                                                                                                        SHA512

                                                                                                                                                        bfd0969170dfdc1e02a04865d6b1bca9372849d887aeb21a841246c9173d0dff1ff5f9e2c5f8030471b9b6a6ea3c66adc3bea95319c0008d6f0667c21eb5cb4f

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        5cc4e7aeba91923ee5d1522cc60e133b

                                                                                                                                                        SHA1

                                                                                                                                                        9f0ab3f9348ced420814c2077dbd25813891bb81

                                                                                                                                                        SHA256

                                                                                                                                                        91db048e5c498b2832b9c4f7e7c4077887293bf3c71264449c8376198e5b6a76

                                                                                                                                                        SHA512

                                                                                                                                                        17145872c5ea84f686d6f1e17e6cba3eedef5e876fb225d8572454b76d5d9a4b943ceb00328ed79a129486fe15e84bceb4f82522537c3b3b0f3d3fbba31a6367

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        3KB

                                                                                                                                                        MD5

                                                                                                                                                        b5f7fab3ff10c6d1a910bcfc7b018cb1

                                                                                                                                                        SHA1

                                                                                                                                                        f6ed10f67dce0d44bfa4557efdbcfe246a24012d

                                                                                                                                                        SHA256

                                                                                                                                                        d76d8e22a03379e19bd3a90aa211eaa34456b8d31ed62cb6be72b7da837eba20

                                                                                                                                                        SHA512

                                                                                                                                                        3c0c019a3c6a51fb97abae9041a1a0bc961981ef2fd2e9563b0ed2edea5f6058e7df6bb6a0a87f892060834e4732674a74e917702350e639d38ed6b6c7a838c0

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        3KB

                                                                                                                                                        MD5

                                                                                                                                                        0b6400a081b26848abe08d2c100df4e0

                                                                                                                                                        SHA1

                                                                                                                                                        1d600a74f1ead26d1b532b6a7bd239b7e75ec055

                                                                                                                                                        SHA256

                                                                                                                                                        a0e1b453b04a1a233eb259c529d5fb1a1aa03c63ffd4c2584d940e5b8ddf5eec

                                                                                                                                                        SHA512

                                                                                                                                                        81b66dada887c7dd77f0fc30a2a6acb17ff01a65034c4ab67618dceb74f2f86cc16e45be6d324547c3e2c28fe2c2ccaf04f70cfd637ad92e8753c06826f1ea43

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        4ee630567234577025ef7aee44a827cb

                                                                                                                                                        SHA1

                                                                                                                                                        cd6e62f2a872189a9f2df50113556da8392356a7

                                                                                                                                                        SHA256

                                                                                                                                                        c5585b9fa4c301702e775754d5051691b4e40921c6a9405b74a6494c4bfb0b0b

                                                                                                                                                        SHA512

                                                                                                                                                        da5561e51a2b4aebfbfdaa1c6e320b47657f9e1eee18f74c4e22888fc7695d8e660fbea9a3350dd39780ec1ef1b4a15d51283874beec1ccd48538ef59c4a7002

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        MD5

                                                                                                                                                        d894b07eebe7fa804377b90d2306a68f

                                                                                                                                                        SHA1

                                                                                                                                                        64f547ec201d98d0a63f161d3532ff88b983a4bb

                                                                                                                                                        SHA256

                                                                                                                                                        17f27e66e37563c833fea77f27c43f34431fd6b9742fb38a5ffdfabb6e0f21a5

                                                                                                                                                        SHA512

                                                                                                                                                        7eb744006f729f4d25d63686b0d5b72c487d029415e2dc4bd2a0afdaf50187a2b64a6d3e5c41ca332f5e0aed25c00fa7cae8017616677eba2dde1275fa707bf6

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        3KB

                                                                                                                                                        MD5

                                                                                                                                                        ffae615795328c57c8860faf5f4b3801

                                                                                                                                                        SHA1

                                                                                                                                                        b6b459e18d0870b66b7b5c1b9a74203b8588ef4f

                                                                                                                                                        SHA256

                                                                                                                                                        fdb7299184abd0903fd54e049c414e13e917a9ff9548e42bbec26e3074d27149

                                                                                                                                                        SHA512

                                                                                                                                                        3ad7d22f916b26822b5e9da5a5b766cc347ccc7186fd9012e50658eea4e582c330f91c45ea12ab9512426cfeff96e96f4de2202df0f5941f11bab8e711812797

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        MD5

                                                                                                                                                        88b6bc71a383a88de74987873cc922bb

                                                                                                                                                        SHA1

                                                                                                                                                        75aff128df2489eb8c784f166fe02b3f25c831e2

                                                                                                                                                        SHA256

                                                                                                                                                        b42742a894e518092b2f3133c9ada7e9a477d45436afd50bef6efc44916ceb95

                                                                                                                                                        SHA512

                                                                                                                                                        12db5e069870511ec77950969981eaa06506456446ffc173d5018d807dcebfaf1fa7c483ab7d58b9c91153f46bc427f7384f20507bf54beccfab1d1f8b1a77aa

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        MD5

                                                                                                                                                        4909c30c5d5dd3e42c9bfe9dde436b5d

                                                                                                                                                        SHA1

                                                                                                                                                        ce44671d0dc9ffd7dc02df0e076126af5c4d853c

                                                                                                                                                        SHA256

                                                                                                                                                        0d6b6600133602c11c2f7b3882153d83bf2f7a1c9b845aad5ff5a2f7ac4da9d1

                                                                                                                                                        SHA512

                                                                                                                                                        21bcaff89a6f37d1d1e7729cc295cfaf9bd28162a6fb4e2538d1438859a0a31903a846242f2e3163d70af9fc0ae7c1b229c0136ad8b5666ae7dfd3cf15c3eab5

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        5KB

                                                                                                                                                        MD5

                                                                                                                                                        8eb000126af8abae75eaadd20b194654

                                                                                                                                                        SHA1

                                                                                                                                                        7cb15b05c9ab9dae87d412c09acca97cd8eda712

                                                                                                                                                        SHA256

                                                                                                                                                        20afcb4ad54b789ff8b10dc0a69edfda5c537dfd54baa681ad7129ab16415064

                                                                                                                                                        SHA512

                                                                                                                                                        bfb68f8c9dbabcb876717f72d3e7c0a5189d0227feb195bdf9f5c16b3b1c27cc297ec03dd9592a7603f1880a1795d4415cae0da09cd19383017febcb568c89a6

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        7243a1d03b6ff7b422fe5e51d176ca2d

                                                                                                                                                        SHA1

                                                                                                                                                        c26ed74b718f751b77a095153e051ab9b551d985

                                                                                                                                                        SHA256

                                                                                                                                                        a2657ef28de1a7287b1ffcf50c7941ef1e4b98848d1c316a8553d77fe4314f17

                                                                                                                                                        SHA512

                                                                                                                                                        28d187454221684fc6166431dc87c3c9ff5edbb3d04ab055847d5f959f74a7a84409997823389c9c2185d448dc1b096f5203695639327f3e1ff7d4cd3233d209

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        MD5

                                                                                                                                                        cda2f41a892ee86180b8e3b48aff403c

                                                                                                                                                        SHA1

                                                                                                                                                        02dbb604b6c053f165ec246043338e804dba39dc

                                                                                                                                                        SHA256

                                                                                                                                                        eb219d19d1f82396480c4d33ea27bbf3f50a0e4c94ec6cd8d6dce98603e3b5c8

                                                                                                                                                        SHA512

                                                                                                                                                        da0ee7af637f4406c9d523ab6dc14c10ba81abf1e6c23cf5f7ab680ee5be779f5ba0e092a388de9dab33c5e811e06c9d063ee6b275fec9bf30e00d60b2820798

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        MD5

                                                                                                                                                        c839b44644840e771deca4c981ef662e

                                                                                                                                                        SHA1

                                                                                                                                                        28523b259c9d047ac49791b02040ff97f78888af

                                                                                                                                                        SHA256

                                                                                                                                                        3fa5f77fdaada41ef944a8835c463be5635753f83fdd940e0d899800e036194a

                                                                                                                                                        SHA512

                                                                                                                                                        811b4dcb813c6d4dc67503e5e3b8f3bf2480ad93fcbf13d5aa5dae2ebd0f8632a6c55c03900a5a3553bdc9e9a3f26a31ca7bc0e1082a09d51a25383c5e56e8fc

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        8715e4c5528ea06e50a4f9a5051b380e

                                                                                                                                                        SHA1

                                                                                                                                                        f638d0bb2b8dba7ecccc04d0936fda0f811b7382

                                                                                                                                                        SHA256

                                                                                                                                                        d3fe1b83940362b1c0372cdc53767bb797066ae429087ac7718f03a5e1f5d598

                                                                                                                                                        SHA512

                                                                                                                                                        216e380bc0ba8fefd2ec74a3188ac85fd02d2737a96f4c301fa89360b5236c6585fb0a52d91421fcf4e8c54bdfe9d7f85c63de489e038ac45011b119cc639b66

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        3KB

                                                                                                                                                        MD5

                                                                                                                                                        190042a6f9304bee2551f4cc33794762

                                                                                                                                                        SHA1

                                                                                                                                                        92eb06a43a8b5822f9609b4e5fa8e5edc5c005ee

                                                                                                                                                        SHA256

                                                                                                                                                        096055e4b45d8a539b73ad4443b161e3caad1d139dda73a6031875c98eaa475e

                                                                                                                                                        SHA512

                                                                                                                                                        3f0233fb0e8f32fc5aefd3048d1d8df3b648e8314226f48896168b524d05bd19826a7ce7fff1666a0d40faa7327730eee5723cdebaafafcc0b7b4ff74b0144cd

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        5KB

                                                                                                                                                        MD5

                                                                                                                                                        3798a72266146a7f6774dbec13d604d8

                                                                                                                                                        SHA1

                                                                                                                                                        b9388a3fb347ed20635ada5a10cffb9de153f4be

                                                                                                                                                        SHA256

                                                                                                                                                        7be2ba93fdc4d1a85a5c02c81f85bedbae78b0a8b9409cdc88c608adf2054e43

                                                                                                                                                        SHA512

                                                                                                                                                        495847af163afc491c8d09736fbb00cb7a348b960595fcfcd327657be8f81e02fd9f4e793147b8bf4873611e47d032f1b4b93d7f6f715111fc7d32c80f6f9ec6

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        3KB

                                                                                                                                                        MD5

                                                                                                                                                        c738e842d493471620a8056e9d30f61b

                                                                                                                                                        SHA1

                                                                                                                                                        c443901c37feb330546f22811278c48b99ac68f1

                                                                                                                                                        SHA256

                                                                                                                                                        649e192559f4f894e0d4dba11857b5dd3ad38b237bcbc8ffb28c52a5d2cc7dc1

                                                                                                                                                        SHA512

                                                                                                                                                        e91e04354efd7a9746e264dd4363e31dad31e2f4585dbe2b4d6f378d50571560ff143418665305e2a56cdca641b1b0bb163a23443af0686aca2ead8b5e05d5b0

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59eb41.TMP

                                                                                                                                                        Filesize

                                                                                                                                                        203B

                                                                                                                                                        MD5

                                                                                                                                                        83a5fc3bb4e33526d2fb5313444d29ef

                                                                                                                                                        SHA1

                                                                                                                                                        7e400318c0c4add0d8d8d6421a0d6ac0815bb4ed

                                                                                                                                                        SHA256

                                                                                                                                                        1cb3441390771788edc474459e9a66678ac3969b56b994175e1783b3f095071c

                                                                                                                                                        SHA512

                                                                                                                                                        fe7cb9f697e5c040ab2059e776b26b94ae678b3483eab06d97fe84293ed0b349dd3d8411c3d643e9be2121116993561d07c3d47c028b5fc67dd30bd0ab7ef6a4

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                        Filesize

                                                                                                                                                        128KB

                                                                                                                                                        MD5

                                                                                                                                                        f733fb0880c8f23ac068a199ff1d2fba

                                                                                                                                                        SHA1

                                                                                                                                                        a0d36b9dcb01c4761c4068b5490f2b3419b093bd

                                                                                                                                                        SHA256

                                                                                                                                                        eac10c1fdce25e22fb5f66764062c4585a2f576cced71beeacb796102f77acbf

                                                                                                                                                        SHA512

                                                                                                                                                        a2b4d0ea0b66224df4bcca5fc8a62b9bf79d364055ebfd3a776037bdf2eddedc8a55d931d1c5c64886d472d30b87b209d17c4189c5e1b9a7a1d4850adc1bbe42

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                        Filesize

                                                                                                                                                        112KB

                                                                                                                                                        MD5

                                                                                                                                                        e3fc052db524e0af6335529847c14140

                                                                                                                                                        SHA1

                                                                                                                                                        d59fcdef5df502edd035f8bdf7d213e9d22a0630

                                                                                                                                                        SHA256

                                                                                                                                                        96a4183abd7f21baacf73bc2462718c20910b890bb782dc1180e20fdc19994c3

                                                                                                                                                        SHA512

                                                                                                                                                        b198b7aaba33d8c51b77ec231f41e730c501b5c4b2316ab6a9128471a127eaeebf5d79888edae3b51cbeec722ec9f9f8b98185563cd9e320e76814753f49869e

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\beb1034c-528a-4d17-a297-5a08d7763f74.tmp

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        e2f3750072be60d1f398cc8fc1b41256

                                                                                                                                                        SHA1

                                                                                                                                                        f98a23014d7f3b5c84c37ad27ca7e2e01629b045

                                                                                                                                                        SHA256

                                                                                                                                                        a6c66faa5691869d8b68a36836ceacb39dd3df10065002817c2c4433412ace98

                                                                                                                                                        SHA512

                                                                                                                                                        8839789d0c5f7c9af8ae7f129d6675e336573a7dbd0edee9e843edf22f5f702e4f917b5e1247e15ad1ade25c166ee59ca6a0a6c72fdcbdcfe549a22c4f7e9ce3

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                        Filesize

                                                                                                                                                        16B

                                                                                                                                                        MD5

                                                                                                                                                        46295cac801e5d4857d09837238a6394

                                                                                                                                                        SHA1

                                                                                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                        SHA256

                                                                                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                        SHA512

                                                                                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                        Filesize

                                                                                                                                                        16B

                                                                                                                                                        MD5

                                                                                                                                                        6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                        SHA1

                                                                                                                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                        SHA256

                                                                                                                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                        SHA512

                                                                                                                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                        Filesize

                                                                                                                                                        16B

                                                                                                                                                        MD5

                                                                                                                                                        206702161f94c5cd39fadd03f4014d98

                                                                                                                                                        SHA1

                                                                                                                                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                                        SHA256

                                                                                                                                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                                        SHA512

                                                                                                                                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                        Filesize

                                                                                                                                                        3.2MB

                                                                                                                                                        MD5

                                                                                                                                                        5ee6491cd3b78d9a10692503889f6c2b

                                                                                                                                                        SHA1

                                                                                                                                                        6addb7e1287985aff39cf5e900c1125e4b236ac1

                                                                                                                                                        SHA256

                                                                                                                                                        6a6952329720966ab6de91a1b8c2d89a4b960498173deaddcacde095cff1f465

                                                                                                                                                        SHA512

                                                                                                                                                        a49c6203f1a9b3cce5b76eafafcbb7e697251311b06829e7094d646abf1df8549982fcda2ed8fd4acfe0e6d396dbcc9dba4aa0f3e52e2677625731b437618d2f

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                        Filesize

                                                                                                                                                        11B

                                                                                                                                                        MD5

                                                                                                                                                        b29bcf9cd0e55f93000b4bb265a9810b

                                                                                                                                                        SHA1

                                                                                                                                                        e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                                                                                                                        SHA256

                                                                                                                                                        f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                                                                                                                        SHA512

                                                                                                                                                        e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        fb55674d6838f93bf2d5ebdb43cf63a5

                                                                                                                                                        SHA1

                                                                                                                                                        563a30ea6aebc6f080504f33b74c9c0f95fc191f

                                                                                                                                                        SHA256

                                                                                                                                                        e5cb110b03c08acc6b3e644d8f9638a6052cbfff9693ae84f400075a8c6f5aba

                                                                                                                                                        SHA512

                                                                                                                                                        9b52e76955c42431f54e5be58711fd476ee47000e5d3ba63f36c473e1b32fb03e959c75d6f4db18a70ed1ae924391ed807368dd7904e1d67023e8d815b2c4ed9

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        11KB

                                                                                                                                                        MD5

                                                                                                                                                        90193a88dc61cbc1a26b0e261b558a13

                                                                                                                                                        SHA1

                                                                                                                                                        38decc54e1523a1c6afc2759d7a942a3d149f025

                                                                                                                                                        SHA256

                                                                                                                                                        9e7f7b8f34bce2e15efdf7fbcb2a66a07232e7f30a6e3e2884c1706a3d354bb8

                                                                                                                                                        SHA512

                                                                                                                                                        fd3a97598fd905a6beb79c1e4e256671f7109604f2b8db660b24f5642b9a5355cc3a284c324ff9d527aa79d2e183ca937e1eafe1b7d2fcb92a89bca3b7c97fbc

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        a14fbb74a6a781c5c253667d5a073897

                                                                                                                                                        SHA1

                                                                                                                                                        12d4078ef3c3f1ecacb73db4f7221e231b21c636

                                                                                                                                                        SHA256

                                                                                                                                                        3fc41e6ac1d0ef6ebb8d970ce5c25dcda34fbaee34cf5bda7f2e0ac0577a58ec

                                                                                                                                                        SHA512

                                                                                                                                                        4baeac37708678032a4ab6e28be0482d72bac514605f435889f4c68fa0239ac84462c0dcbef06a93f616fe0b8e14efda059f5b38f515fdecaaa526ed1e58b78a

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        11KB

                                                                                                                                                        MD5

                                                                                                                                                        2d1788b0b61ca3e452262afece079d30

                                                                                                                                                        SHA1

                                                                                                                                                        694cda7115236c29ad7688024612cc342330d6ea

                                                                                                                                                        SHA256

                                                                                                                                                        8e6980536a3ded2a6e256bdbddbac9419dfa0a816c4592c6d22d19c5ecc17f5a

                                                                                                                                                        SHA512

                                                                                                                                                        e6218d5b32f44f2eb7d17e2c34529ef25e4e1a74323783ad59869befea1cf989a81d0d6f0ca15b1f2f4bc7d8ce92954a52c1a4d6228c87ae9cd6339e00814e68

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                                                                                                                        Filesize

                                                                                                                                                        264KB

                                                                                                                                                        MD5

                                                                                                                                                        5596d8a3996d388045af11fb425291cb

                                                                                                                                                        SHA1

                                                                                                                                                        f4f717fed247f3bdcd64c05225ff5e067a3f3e39

                                                                                                                                                        SHA256

                                                                                                                                                        2136db2f3ee2556aa904988a99b6405128fc09629966e1b2af309bf80dbb79e3

                                                                                                                                                        SHA512

                                                                                                                                                        58847fab149ba6236fc802c072a71bea10d2e75dd879b8c08e2bbbb5baf7e6a32c8ccf81112a5541f0b9d1ebdb14156548178bad270e65961743e6789122dcbb

                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        afdc2e1d340a658ff0515fda3a58c475

                                                                                                                                                        SHA1

                                                                                                                                                        57a452287f0caaa15199e699c58d65c282a56822

                                                                                                                                                        SHA256

                                                                                                                                                        b7dc6055f93e19690f28833d10d6bd051b52a608665e1a59ed131f93ca66d324

                                                                                                                                                        SHA512

                                                                                                                                                        2eeea9681e1482952d2f1477ddca7d9d6cf919ef7bbd324d3491733825b26e5d55620f0e81abf0c91ed337f0be5220e6a206ffeb3dc648f4440213258013c694

                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        c827d3678e4f2bf58e22c9215a25971e

                                                                                                                                                        SHA1

                                                                                                                                                        5ca36cd1d30204293d012fb5f807e210a94cdd54

                                                                                                                                                        SHA256

                                                                                                                                                        b82144d7c29086fa5458ad7707ed09b9dd1172ba099116ed90912e4962bf0634

                                                                                                                                                        SHA512

                                                                                                                                                        ea21ca669f9b8b23d130c329e24a70daebdf8c93aa337837a562cc5a0ca6f013d3e549acd453a73b9c7b54fbd900e4490ca2b9aba7b5c19d3028e5e6951e24ce

                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                                                                                        Filesize

                                                                                                                                                        11KB

                                                                                                                                                        MD5

                                                                                                                                                        86b5ab48caca66b43b4475573f09a9c7

                                                                                                                                                        SHA1

                                                                                                                                                        444445fd776ec630c660bd18c0c141a4434c9bae

                                                                                                                                                        SHA256

                                                                                                                                                        4009b95828fa0f21017a6843b87f1fafb740b3d2bd904bca77e84458afca7065

                                                                                                                                                        SHA512

                                                                                                                                                        64fde892efe4f829af6e30d97e2d0de68bbf2226d490854508645e269a5bb5e9f58381ab41e122b151b10eeb7c438a3731ef2685774c9eac83ebd8cef69b8511

                                                                                                                                                      • C:\Users\Admin\Desktop\nexus.zip

                                                                                                                                                        Filesize

                                                                                                                                                        369KB

                                                                                                                                                        MD5

                                                                                                                                                        a9bbfc89690d3095e180b07c6d1e367d

                                                                                                                                                        SHA1

                                                                                                                                                        e05cfdcb8701c3d9e3840aecdd77516572bc0278

                                                                                                                                                        SHA256

                                                                                                                                                        a66f58a10ae4cf981749ae70edfbe2759c93eb6eedeaa332c8dfafc3c89e8d53

                                                                                                                                                        SHA512

                                                                                                                                                        4d8358b3b4ed88db446d819d2e74fed91f51b68f9d9b2d8c63b1e0a1d223b6e044030eb4d5824c1fc8d4cd05ad05c1e684b05623485383d5866593989436d3a9

                                                                                                                                                      • C:\Users\Admin\Desktop\nexus\Combo.txt

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        2c68694119fd46cc86d20058f0f4f980

                                                                                                                                                        SHA1

                                                                                                                                                        f9ce8cdf355e8af553eac5336ac95b554e9c4bf8

                                                                                                                                                        SHA256

                                                                                                                                                        7fc2ece54f5703a99d93f4c96a3911d66dbe6963f9bd4b787a5f6dd5d8ae4e95

                                                                                                                                                        SHA512

                                                                                                                                                        ab197545f4e8ba0d3412db49a8eea467b7b84c580ffe45df45c5d36507712701eb47d0b6a5313e77c550d3d04b604d27e552ee614570c4b3efa3359f55896c73

                                                                                                                                                      • C:\Users\Admin\Desktop\nexus\Proxies.txt

                                                                                                                                                        Filesize

                                                                                                                                                        14KB

                                                                                                                                                        MD5

                                                                                                                                                        102bb28f390aa590c54d3d060527a4ce

                                                                                                                                                        SHA1

                                                                                                                                                        76aa3a83d4a823edf0477a8b7f959fe9315df32c

                                                                                                                                                        SHA256

                                                                                                                                                        9d99d2c06b7b64ca47d62fbf6770831913b92998b45243994bb29fc72d4ac482

                                                                                                                                                        SHA512

                                                                                                                                                        354274f5b7864b0f98112cf9d0dc5496534a206dfdcc1817c522c687e749475dff702a1b6446d4381c9d0ac3790b2112d80408a795e68f6722b9812507b2ad2d

                                                                                                                                                      • C:\Users\Admin\Desktop\random.txt

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        6ca8f7780eef58abb60f2a043a0fbf70

                                                                                                                                                        SHA1

                                                                                                                                                        cc71d763c12bd45935f582d641f03ef92cf551a3

                                                                                                                                                        SHA256

                                                                                                                                                        3621aa8f0683f78c481b1f34fbbeb42131480b3e2e060e48b074b1031bb673b3

                                                                                                                                                        SHA512

                                                                                                                                                        028719535b41cc3fb8507b201a45228ac6d9e80e6d362d46a5dff3c73db0b26e5939ca926d3bf1021425e63f909846d09a53ac04e90cfa95b8a56885c8cf53bf

                                                                                                                                                      • C:\Users\Admin\Downloads\nexus.zip:Zone.Identifier

                                                                                                                                                        Filesize

                                                                                                                                                        52B

                                                                                                                                                        MD5

                                                                                                                                                        dfcb8dc1e74a5f6f8845bcdf1e3dee6c

                                                                                                                                                        SHA1

                                                                                                                                                        ba515dc430c8634db4900a72e99d76135145d154

                                                                                                                                                        SHA256

                                                                                                                                                        161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

                                                                                                                                                        SHA512

                                                                                                                                                        c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

                                                                                                                                                      • memory/3144-880-0x00000000001E0000-0x00000000001F6000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        88KB

                                                                                                                                                      • memory/3144-881-0x0000000002670000-0x0000000002696000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        152KB

                                                                                                                                                      • memory/3144-882-0x00000000026C0000-0x00000000026DC000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        112KB

                                                                                                                                                      • memory/3144-883-0x0000000004D30000-0x0000000004DC2000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        584KB

                                                                                                                                                      • memory/3144-884-0x0000000004ED0000-0x0000000004F46000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        472KB

                                                                                                                                                      • memory/3144-885-0x0000000004CD0000-0x0000000004CEE000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        120KB