njrat | 21373a6d949a357dd7cab0df39490d440415d0887316430771923547f65a349c

Resubmissions

05-03-2023 10:32

230305-mk95wagc54 10

26-02-2023 16:19

26-02-2023 16:16

26-02-2023 16:07

26-02-2023 15:50

26-02-2023 15:19

Analysis

max time kernel
1129s
max time network
1880s
platform
windows10-1703_x64
resource
win10-20230220-it
resource tags

arch:x64arch:x86image:win10-20230220-itlocale:it-itos:windows10-1703-x64systemwindows
submitted
26-02-2023 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ChatgptHelper.exe
Size

36KB
MD5

b50645ca6885b8f2dfd3571eae7afd1e
SHA1

2bc22b2fe4b75825deff008634390661b7802de5
SHA256

2a03b714a7d8a52e79746c1bb5fd0a08615f526d6390272d5678fa452846840a
SHA512

cd7eb7f8bbd4d3b30d7fd3d51f57f2202dbd3949463ec225df6b5c4c64f3cad9bb0f4e173c996cfde570877edf23600937ca5eaba8180083d92d9c83019338c0
SSDEEP

384:of+Nb7LsikZ9zNf/1uyU71evdjsOaP0rAF+rMRTyN/0L+EcoinblneHQM3epzX4F:lNf4l1lU71e9FacrM+rMRa8Nu2Pt

Score

10^/10

njrat evasion persistence trojan

Malware Config

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Disables Task Manager via registry modification
evasion

Modifies Windows Firewall 1 TTPs 2 IoCs

evasion

Modify Existing Service

T1031

Processes:

netsh.exenetsh.exe

pid	Process
4808	netsh.exe
3600	netsh.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ChatgptHelper.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	ChatgptHelper.exe

Drops startup file 6 IoCs

Processes:

ChatgptHelper.exedllhost.exetaskmgr.exeChatgptHelper.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\330867499299d35c5dff831d5c393122.exe	ChatgptHelper.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6cd2d1e60013e2996e6aa628f9ea58bc.exe	dllhost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6cd2d1e60013e2996e6aa628f9ea58bc.exe	dllhost.exe
File opened for modification	\??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\6cd2d1e60013e2996e6aa628f9ea58bc.exe	taskmgr.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\330867499299d35c5dff831d5c393122.exe	ChatgptHelper.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\330867499299d35c5dff831d5c393122.exe	ChatgptHelper.exe

Executes dropped EXE 18 IoCs

Processes:

NjRat 0.7D Horror Edition.exeNjRat 0.7D Horror Edition.exeNjRat 0.7D Horror Edition.exeЛ‮gpj.exeЛ‮gpj.exeЛ‮gpj.exeЛ‮gpj.exeЛ‮gpj.exeNjRat 0.7D Horror Edition.exePayload.exePayloaererered.exedllhost.exed35d1f34612540829739afca13863dc2.exe2b8aa74dd0df4747a29f91f60c249d77.exeChatgptHelper.exedhdhdrhdrhdr.exedhdhdrhdrhdr.exegggfnfgngfn.exe

pid	Process
352	NjRat 0.7D Horror Edition.exe
2452	NjRat 0.7D Horror Edition.exe
6300	NjRat 0.7D Horror Edition.exe
5196	Л‮gpj.exe
504	Л‮gpj.exe
4256	Л‮gpj.exe
5920	Л‮gpj.exe
2308	Л‮gpj.exe
4332	NjRat 0.7D Horror Edition.exe
1488	Payload.exe
5444	Payloaererered.exe
5576	dllhost.exe
5644	d35d1f34612540829739afca13863dc2.exe
4056	2b8aa74dd0df4747a29f91f60c249d77.exe
700	ChatgptHelper.exe
6348	dhdhdrhdrhdr.exe
1000	dhdhdrhdrhdr.exe
6540	gggfnfgngfn.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

dllhost.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run\6cd2d1e60013e2996e6aa628f9ea58bc = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\dllhost.exe\" .."	dllhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\6cd2d1e60013e2996e6aa628f9ea58bc = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\dllhost.exe\" .."	dllhost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid	pid_target	Process	procid_target
6724	3680	WerFault.exe	86
6032	1488	WerFault.exe	185
5032	5576	WerFault.exe	195

Drops file in Windows directory 35 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeLogonUI.exeMicrosoftEdgeCP.exetaskmgr.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exewerfault.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\421858948\767729314.pri	LogonUI.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	taskmgr.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\AppCompat\Programs\Amcache.hve.tmp	werfault.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Kills process with taskkill 1 IoCs

evasion

Processes:

taskkill.exe

pid	Process
5400	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exebrowser_broker.exeexplorer.exebrowser_broker.exebrowser_broker.exeMicrosoftEdge.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeexplorer.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exebrowser_broker.exeNjRat 0.7D Horror Edition.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exebrowser_broker.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "5334"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "830"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "178"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1207"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\1\0 = cc003100000000005456949410004d4943524f537e322e3430320000b00009000400efbe54569494545694942e000000725b01000000020000000000000000000000000000008a3dab004d006900630072006f0073006f00660074002000560069007300750061006c00200043002b002b002000320030003100300020002000780036003400200052006500640069007300740072006900620075007400610062006c0065002000530065007400750070005f00310030002e0030002e003400300032003100390000001c000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\UUID = "{9016FE33-6301-4311-8BAB-80786B561B4C}"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomain = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "160"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{1D75D9ED-236C-4F2E-B0BF-2AEC38F4213 = "8320"	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://www.facebook.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "3319"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	NjRat 0.7D Horror Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "132"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NjRat 0.7D Horror Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "653"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\AA549154B737EF29C5	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	NjRat 0.7D Horror Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{E599DFC4-0761-4AF0-8498-BC16D9CDE6B = "8320"	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NjRat 0.7D Horror Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 84a3779c5945d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch\OpenSearchDescriptionData = baffc49ee383374a8abf67e99635ea1e0100000053b06a1abe27334898108231552c52911f0000001e0000006700690074006800750062002e0063006f006d0000001f0000004c000000680074007400700073003a002f002f006700690074006800750062002e0063006f006d002f006f00700065006e007300650061007200630068002e0078006d006c0000001f0000001600000047006900740048007500620000001f0000000a000000000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	NjRat 0.7D Horror Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 89da64de064ad901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\anonfiles.com\NumberOfSubdoma = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1c1f68f7064ad901	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NjRat 0.7D Horror Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe

NTFS ADS 3 IoCs

Processes:

browser_broker.exebrowser_broker.exebrowser_broker.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition.rar.s7l5qs9.partial:Zone.Identifier	browser_broker.exe
File opened for modification	C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1).rar.4z8jinh.partial:Zone.Identifier	browser_broker.exe
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN.rar.jap4mpd.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid	Process
5564	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

ChatgptHelper.exe

pid	Process
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe
2440	ChatgptHelper.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

Processes:

ChatgptHelper.exe7zFM.exetaskmgr.exeNjRat 0.7D Horror Edition.exeChatgptHelper.exe

pid	Process
2440	ChatgptHelper.exe
1460	7zFM.exe
6628	taskmgr.exe
4332	NjRat 0.7D Horror Edition.exe
700	ChatgptHelper.exe

Suspicious behavior: MapViewOfSection 51 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid	Process
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
5264	MicrosoftEdgeCP.exe
5264	MicrosoftEdgeCP.exe
5264	MicrosoftEdgeCP.exe
5264	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
5332	MicrosoftEdgeCP.exe
5332	MicrosoftEdgeCP.exe
5332	MicrosoftEdgeCP.exe
5332	MicrosoftEdgeCP.exe
5332	MicrosoftEdgeCP.exe
5332	MicrosoftEdgeCP.exe
5332	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

ChatgptHelper.exefirefox.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	Process
Token: SeDebugPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: SeDebugPrivilege	3680	MicrosoftEdge.exe
Token: SeDebugPrivilege	3680	MicrosoftEdge.exe
Token: SeDebugPrivilege	3680	MicrosoftEdge.exe
Token: SeDebugPrivilege	3680	MicrosoftEdge.exe
Token: SeDebugPrivilege	4848	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4848	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4848	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4848	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4992	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4992	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4992	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4992	MicrosoftEdgeCP.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: SeDebugPrivilege	5376	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5376	MicrosoftEdgeCP.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: SeShutdownPrivilege	5904	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5904	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5904	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5904	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5904	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5904	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5904	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5904	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5904	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5904	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5904	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5904	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5904	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5904	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5904	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5904	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5904	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5904	MicrosoftEdgeCP.exe
Token: 33	2440	ChatgptHelper.exe
Token: SeIncBasePriorityPrivilege	2440	ChatgptHelper.exe
Token: 33	2440	ChatgptHelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exe7zFM.exe7zG.exetaskmgr.exe

pid	Process
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
1460	7zFM.exe
1460	7zFM.exe
6552	7zG.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exetaskmgr.exe

pid	Process
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe
6628	taskmgr.exe

Suspicious use of SetWindowsHookEx 44 IoCs

Processes:

firefox.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeOpenWith.exeOpenWith.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeLogonUI.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeNjRat 0.7D Horror Edition.exeexplorer.exe

pid	Process
4348	firefox.exe
3680	MicrosoftEdge.exe
3508	MicrosoftEdgeCP.exe
3508	MicrosoftEdgeCP.exe
4992	MicrosoftEdgeCP.exe
4992	MicrosoftEdgeCP.exe
3680	MicrosoftEdge.exe
6588	OpenWith.exe
6604	OpenWith.exe
6604	OpenWith.exe
6604	OpenWith.exe
6604	OpenWith.exe
6604	OpenWith.exe
6604	OpenWith.exe
6604	OpenWith.exe
3264	MicrosoftEdge.exe
5264	MicrosoftEdgeCP.exe
3264	MicrosoftEdge.exe
6940	MicrosoftEdgeCP.exe
5264	MicrosoftEdgeCP.exe
4488	MicrosoftEdgeCP.exe
1900	MicrosoftEdge.exe
5344	MicrosoftEdgeCP.exe
2056	MicrosoftEdgeCP.exe
5344	MicrosoftEdgeCP.exe
1900	MicrosoftEdge.exe
6904	MicrosoftEdgeCP.exe
1900	MicrosoftEdge.exe
4776	LogonUI.exe
4776	LogonUI.exe
2168	MicrosoftEdge.exe
5332	MicrosoftEdgeCP.exe
1120	MicrosoftEdgeCP.exe
2168	MicrosoftEdge.exe
5332	MicrosoftEdgeCP.exe
4332	NjRat 0.7D Horror Edition.exe
4332	NjRat 0.7D Horror Edition.exe
4332	NjRat 0.7D Horror Edition.exe
5564	explorer.exe
5564	explorer.exe
5564	explorer.exe
4332	NjRat 0.7D Horror Edition.exe
4332	NjRat 0.7D Horror Edition.exe
4332	NjRat 0.7D Horror Edition.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exeChatgptHelper.exe

description	pid	Process	procid_target
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 2596 wrote to memory of 4348	2596	firefox.exe	68
PID 4348 wrote to memory of 5052	4348	firefox.exe	69
PID 4348 wrote to memory of 5052	4348	firefox.exe	69
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 4348 wrote to memory of 2008	4348	firefox.exe	70
PID 2440 wrote to memory of 4808	2440	ChatgptHelper.exe	71
PID 2440 wrote to memory of 4808	2440	ChatgptHelper.exe	71
PID 2440 wrote to memory of 4808	2440	ChatgptHelper.exe	71

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\ChatgptHelper.exe
"C:\Users\Admin\AppData\Local\Temp\ChatgptHelper.exe"
1⤵
- Checks computer location settings
- Drops startup file
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\netsh.exe
  netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\ChatgptHelper.exe" "ChatgptHelper.exe" ENABLE
  2⤵
  - Modifies Windows Firewall
  PID:4808
- C:\Windows\SysWOW64\shutdown.exe
  shutdown -r -t 00
  2⤵
  PID:6520
- C:\Users\Admin\AppData\Local\Temp\ChatgptHelper.exe
  "C:\Users\Admin\AppData\Local\Temp\ChatgptHelper.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:700
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\ChatgptHelper.exe" "ChatgptHelper.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:3600
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe"
    3⤵
    PID:2420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.0.1879050549\93206038" -parentBuildID 20221007134813 -prefsHandle 1548 -prefMapHandle 1512 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df7f76d6-d68d-48e6-9535-ebac7e7967f4} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 1668 14b53717258 gpu
    3⤵
    PID:5052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.1.1727814180\1526478475" -parentBuildID 20221007134813 -prefsHandle 2024 -prefMapHandle 2020 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {582062d1-87d2-4051-9721-15be9f4a44f9} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 2036 14b5260e258 socket
    3⤵
    - Checks processor information in registry
    PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.2.539419021\120061678" -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 2816 -prefsLen 21117 -prefMapSize 232675 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {873569ef-e378-4def-9912-f98f81a6b735} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 2992 14b56f51258 tab
    3⤵
    PID:4164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.3.130741640\1160636330" -childID 2 -isForBrowser -prefsHandle 2188 -prefMapHandle 2184 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7f3700b-a5e4-4a68-823f-803cdb1c231c} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 3368 14b555ad058 tab
    3⤵
    PID:1416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.4.1736684940\2005455439" -childID 3 -isForBrowser -prefsHandle 4024 -prefMapHandle 4020 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1872ed1-e52a-47d8-b766-91d832b95592} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4036 14b575b5958 tab
    3⤵
    PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.5.1481377229\1849181048" -childID 4 -isForBrowser -prefsHandle 4424 -prefMapHandle 2604 -prefsLen 27046 -prefMapSize 232675 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01b89c86-c727-4dd0-90dc-2de6ec0dc438} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4380 14b540bd558 tab
    3⤵
    PID:4816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.6.1382131698\1790326778" -childID 5 -isForBrowser -prefsHandle 3132 -prefMapHandle 3352 -prefsLen 27046 -prefMapSize 232675 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91fadf20-8684-4ab8-8a2b-91a85ea43b55} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4640 14b47865c58 tab
    3⤵
    PID:1944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.7.786834138\1513033984" -childID 6 -isForBrowser -prefsHandle 3356 -prefMapHandle 3096 -prefsLen 27046 -prefMapSize 232675 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {706896f7-6c2a-4a85-b135-08aa1a35dcd5} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4688 14b56db6c58 tab
    3⤵
    PID:3600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.8.1095056460\1496711446" -childID 7 -isForBrowser -prefsHandle 2704 -prefMapHandle 1868 -prefsLen 27063 -prefMapSize 232675 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa3a28cf-6c9f-4a28-81d9-63e5b3d23847} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 2432 14b47864458 tab
    3⤵
    PID:4468

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3680
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3680 -s 8592
  2⤵
  - Program crash
  PID:6724

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
PID:2524

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3508

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
PID:4848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4992

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5376

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5904

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5884

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5648

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:2576

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2124

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3856

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:4100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5560

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:1748

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:4704

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc
1⤵
PID:5136

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6588

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:6608

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4748

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6512

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1460

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN\" -spe -an -ai#7zMap21603:266:7zEvent26762
1⤵
- Suspicious use of FindShellTrayWindow
PID:6552

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN\NjRat 0.7D Horror Edition.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN\NjRat 0.7D Horror Edition.exe"
1⤵
- Executes dropped EXE
PID:352

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops startup file
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6628

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN\NjRat 0.7D Horror Edition.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN\NjRat 0.7D Horror Edition.exe"
1⤵
- Executes dropped EXE
PID:2452

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN\NjRat 0.7D Horror Edition.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN\NjRat 0.7D Horror Edition.exe"
1⤵
- Executes dropped EXE
PID:6300

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\вирусы\" -spe -an -ai#7zMap12013:70:7zEvent26415
1⤵
PID:6812

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3264

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:6348

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5264

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4488

C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Desktop\Л‮gpj.exe" ContextMenu
1⤵
PID:6596
- C:\Windows\System32\msdt.exe
  C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW24FF.xml /skip TRUE
  2⤵
  PID:3396

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
PID:5776
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1conl15x\1conl15x.cmdline"
  2⤵
  PID:2560
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3D69.tmp" "c:\Users\Admin\AppData\Local\Temp\1conl15x\CSCEE26115B84A4672B190602F846BB71E.TMP"
    3⤵
    PID:2556
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2sna1v1k\2sna1v1k.cmdline"
  2⤵
  PID:5372
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES420D.tmp" "c:\Users\Admin\AppData\Local\Temp\2sna1v1k\CSCAF385042B15A43008FD8EF3DF8497CC9.TMP"
    3⤵
    PID:5712
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gtuwcyb1\gtuwcyb1.cmdline"
  2⤵
  PID:1060
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4AF6.tmp" "c:\Users\Admin\AppData\Local\Temp\gtuwcyb1\CSC86526A3514AA430AAEC7FD7FB4C59BBE.TMP"
    3⤵
    PID:5884

C:\Users\Admin\Desktop\Л‮gpj.exe
"C:\Users\Admin\Desktop\Л‮gpj.exe"
1⤵
- Executes dropped EXE
PID:5196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- NTFS ADS
PID:6912

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5344

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\Desktop\Л‮gpj.exe
"C:\Users\Admin\Desktop\Л‮gpj.exe"
1⤵
- Executes dropped EXE
PID:504

C:\Users\Admin\Desktop\Л‮gpj.exe
"C:\Users\Admin\Desktop\Л‮gpj.exe"
1⤵
- Executes dropped EXE
PID:4256

C:\Users\Admin\Desktop\Л‮gpj.exe
"C:\Users\Admin\Desktop\Л‮gpj.exe"
1⤵
- Executes dropped EXE
PID:5920

C:\Users\Admin\Desktop\Л‮gpj.exe
"C:\Users\Admin\Desktop\Л‮gpj.exe"
1⤵
- Executes dropped EXE
PID:2308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6904

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3488

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3992

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6572

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3384

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a7f855 /state1:0x41c64e6d
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4776

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:4004

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:4156

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
PID:6572

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5332

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5900

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:4344

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3868

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\" -spe -an -ai#7zMap17941:120:7zEvent14621
1⤵
PID:7104

C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\NjRat 0.7D Horror Edition.exe
"C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\NjRat 0.7D Horror Edition.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4332
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Payload.exe"
  2⤵
  PID:5904
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Payloaererered.exe"
  2⤵
  PID:4488
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\dhdhdrhdrhdr.exe"
  2⤵
  PID:2344
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\gggfnfgngfn.exe"
  2⤵
  PID:3324

C:\Users\Admin\Desktop\Payload.exe
"C:\Users\Admin\Desktop\Payload.exe"
1⤵
- Executes dropped EXE
PID:1488
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 1396
  2⤵
  PID:5884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 1400
  2⤵
  - Program crash
  PID:6032

C:\Users\Admin\Desktop\Payloaererered.exe
"C:\Users\Admin\Desktop\Payloaererered.exe"
1⤵
- Executes dropped EXE
PID:5444
- C:\Users\Admin\AppData\Local\Temp\dllhost.exe
  "C:\Users\Admin\AppData\Local\Temp\dllhost.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  PID:5576
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 1404
    3⤵
    PID:6620
- - C:\Users\Admin\AppData\Local\Temp\d35d1f34612540829739afca13863dc2.exe
    "C:\Users\Admin\AppData\Local\Temp\d35d1f34612540829739afca13863dc2.exe"
    3⤵
    - Executes dropped EXE
    PID:5644
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del C:\Users\Admin\AppData\Local\Temp\d35d1f34612540829739afca13863dc2.exe
      4⤵
      PID:6248
    - - C:\Windows\system32\choice.exe
        
        choice /C Y /N /D Y /T 3
        5⤵
        
        PID:5204
- - C:\Users\Admin\AppData\Local\Temp\2b8aa74dd0df4747a29f91f60c249d77.exe
    "C:\Users\Admin\AppData\Local\Temp\2b8aa74dd0df4747a29f91f60c249d77.exe"
    3⤵
    - Executes dropped EXE
    PID:4056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 1376
    3⤵
    - Program crash
    PID:5032

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5564

C:\Users\Admin\Desktop\dhdhdrhdrhdr.exe
"C:\Users\Admin\Desktop\dhdhdrhdrhdr.exe"
1⤵
- Executes dropped EXE
PID:6348

C:\Users\Admin\Desktop\dhdhdrhdrhdr.exe
"C:\Users\Admin\Desktop\dhdhdrhdrhdr.exe"
1⤵
- Executes dropped EXE
PID:1000

C:\Users\Admin\Desktop\gggfnfgngfn.exe
"C:\Users\Admin\Desktop\gggfnfgngfn.exe"
1⤵
- Executes dropped EXE
PID:6540
- C:\Users\Admin\AppData\Local\Temp\dllhofgngfngfnfnst.exe
  "C:\Users\Admin\AppData\Local\Temp\dllhofgngfngfnfnst.exe"
  2⤵
  PID:6072
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 1440
    3⤵
    PID:5856
- - C:\Users\Admin\AppData\Local\Temp\dllhofgngfngfnfnst.exe
    "C:\Users\Admin\AppData\Local\Temp\dllhofgngfngfnfnst.exe"
    3⤵
    PID:5932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im dllhofgngfngfnfnst.exe
    3⤵
    - Kills process with taskkill
    PID:5400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1012
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.0.1336834461\779517813" -parentBuildID 20221007134813 -prefsHandle 1532 -prefMapHandle 1524 -prefsLen 20888 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5548427-cd54-47b4-a70e-10fa70abc23d} 300 "\\.\pipe\gecko-crash-server-pipe.300" 1616 27b78afc758 gpu
    3⤵
    PID:5456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.1.940392326\994010341" -parentBuildID 20221007134813 -prefsHandle 1924 -prefMapHandle 1920 -prefsLen 20933 -prefMapSize 232711 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {421ef178-2f36-4759-b2aa-ecd344e8d8a4} 300 "\\.\pipe\gecko-crash-server-pipe.300" 1956 27b78749f58 socket
    3⤵
    PID:4644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.2.1732977759\328115732" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2612 -prefsLen 21415 -prefMapSize 232711 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55aea785-1564-43c4-92c4-d615809820d0} 300 "\\.\pipe\gecko-crash-server-pipe.300" 2656 27b78b5a858 tab
    3⤵
    PID:2052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.3.378681938\370860896" -childID 2 -isForBrowser -prefsHandle 3032 -prefMapHandle 2772 -prefsLen 21680 -prefMapSize 232711 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f017e5f3-efcb-49e7-ad03-3581a90c58a7} 300 "\\.\pipe\gecko-crash-server-pipe.300" 936 27b6dd2ed58 tab
    3⤵
    PID:5836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="300.4.9878337\1458203441" -childID 3 -isForBrowser -prefsHandle 3028 -prefMapHandle 3040 -prefsLen 21745 -prefMapSize 232711 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81607044-49e3-4d60-98df-58b71e46e340} 300 "\\.\pipe\gecko-crash-server-pipe.300" 3036 27b6dd65958 tab
    3⤵
    PID:5468

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5c6050d7e59d4cd2973503586eb78efa /t 4036 /p 300
1⤵
- Drops file in Windows directory
PID:5884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1600

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
1⤵
PID:4580
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm V2.2\" -spe -an -ai#7zMap28702:80:7zEvent29899
  2⤵
  PID:6668
- C:\Users\Admin\Downloads\XWorm V2.2\XWorm.exe
  "C:\Users\Admin\Downloads\XWorm V2.2\XWorm.exe"
  2⤵
  PID:6636
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tajlqypt\tajlqypt.cmdline"
    3⤵
    PID:3488
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE32C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC1F23D6E6514CFF9817D527E4E7A898.TMP"
      4⤵
      PID:5856
- C:\Users\Admin\Downloads\XWorm V2.2\XHVNC.exe
  "C:\Users\Admin\Downloads\XWorm V2.2\XHVNC.exe"
  2⤵
  PID:3980
- C:\Users\Admin\Downloads\XWorm V2.2\XWorm.exe
  "C:\Users\Admin\Downloads\XWorm V2.2\XWorm.exe"
  2⤵
  PID:424
- C:\Users\Admin\Downloads\XWorm V2.2\XHVNC.exe
  "C:\Users\Admin\Downloads\XWorm V2.2\XHVNC.exe"
  2⤵
  PID:4324
- C:\Users\Admin\Downloads\XWorm V2.2\XWorm.exe
  "C:\Users\Admin\Downloads\XWorm V2.2\XWorm.exe"
  2⤵
  PID:6836
- C:\Users\Admin\Downloads\XWorm V2.2\XWorm.exe
  "C:\Users\Admin\Downloads\XWorm V2.2\XWorm.exe"
  2⤵
  PID:5448

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5520

C:\Users\Admin\Desktop\XWormClient.exe
"C:\Users\Admin\Desktop\XWormClient.exe"
1⤵
PID:1080

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:6264

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5724

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4312

C:\Users\Admin\Desktop\XWormClient.exe
"C:\Users\Admin\Desktop\XWormClient.exe"
1⤵
PID:6796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2992

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3432

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5188

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:508

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5880

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4740

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1344

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3688

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4020

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5700

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1436

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa39eb855 /state1:0x41c64e6d
1⤵
PID:5544

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:1476

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5252

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

T1064

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2023022617.000\PCW.debugreport.xml

Filesize
3KB

MD5
db04891627cf1f97989e44c277a46ef5

SHA1
4709ffb6752cf9a7efc379a5217d4bfb4ae3a3fd

SHA256
696f622ed5e229681f568c2d3f815b60cecb19503ab0b9ce5c75b6756c870257

SHA512
2a03ee8739ae40dbd0f24995e520d8c1a315ebab8fde08dee95766f74f1059c76d3281a935fcfd1710de7dc62ffb4f3b61e1fe6ce7d566f83c3970b330097a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6RO0PN6W\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\dark-0c343b529849[1].css

Filesize
54KB

MD5
48c53d44b57626128ca4e9e0d0ea6dec

SHA1
d2520b7788b6e796cae355bbb83a9633e31dc2da

SHA256
b864505c5900e4979894f653af260013afba70f2879808f3915d2391e92237d9

SHA512
0c343b5298499e3432bba2db90fe5002cf522ea92114b0fd56040496e63b585c90d1da19938dccef9a508e2aaaea60285e6b2f2973e0542ef900d52abb67453a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\github-b27b810a3ca1[1].css

Filesize
165KB

MD5
060d07c48839f2f08dfe37dc7fac9016

SHA1
226dd02b9086dccbd730357c3f793be2649b6cbc

SHA256
f7ba3a51e5d6af54e06c7b0d60c1dcf8edbe249f2837a602e2b058229dcd93f8

SHA512
b27b810a3ca1c84d15ec6f1463a1f8c601479e7b7f0be1a5359e662970b45bc90db60bc1606c94566eb46cd610b8d0abf7e8b8e52aab37bb09cc20d4f3aa184f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\global-351bab218fd9[1].css

Filesize
227KB

MD5
14a18325d52301377a3b37c65deeee56

SHA1
b6297b0034181b69971d1922c9eedd6c94be7e86

SHA256
1890d6fae38512e4418e6e02b3eabb2d3ed0dbcb19e516e507f6c82ca07cb935

SHA512
351bab218fd99b5d7f47e08bb4864f061ff00252e893171333ee17b659cf0541a40729018369f61fca7dcc288ab1b10f9ccf778c8823616181c33922698d08a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\light-719f1193e0c0[1].css

Filesize
54KB

MD5
8ec3214af15081686dd359ec817cbe9c

SHA1
872279c434c219a5c3f8b9f205c0e735dd566dfe

SHA256
820c5308dc2f48a0cf31f75dc19c7f8791404baf05c3cc1162e8f36ac4976532

SHA512
719f1193e0c06b095877032dc9f2bdb9b3cea3be9a1fad8dbe76d8e101de79fa750e224b4e9201f82aef199f2b39e25fef488e7c836e49ab3e415bc43418f76e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\notifications-global-83502d97888b[1].js

Filesize
11KB

MD5
3b3eff9e59e3f6b7d144a5144febeb9d

SHA1
20a108293bce81ffa41363aa32324bfdf9947cb1

SHA256
dd03c8c19bb674a6cf82a402ddc9b4c6a284204f4308c6a8f6394ac5ad2863ff

SHA512
83502d97888bcbc5c2e5a34b1ff2da3641fe1cfea39c91e858318004739c0c6f4879b2092152795bb2f960f3ed0d1c08086e1da537acbacc54f8f4bc322af0cb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\primer-1677771a5a91[1].css

Filesize
341KB

MD5
93d1b0f0f9a9d74ce54acd2d749681bb

SHA1
8eb6ccecd9da94290bed6b656180b420e21691e6

SHA256
2ea6b3d7585bfcae1a3a108dc0fe980c79248d69eb0a2900d4645a7c5ec24f8d

SHA512
1677771a5a91304ae6bb83716cfc1ff862c4f3b0474e63a07fd62694e01d97371252129bd79b21c329519c62d5fc306d5a23ba1fa2e87f9a243c8c0756aacc3a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\profile-f01352d46d55[1].js

Filesize
27KB

MD5
4a9fa3da3e7f35ec06d690938ca5ecfc

SHA1
52c7a21cd5ada031fafcc30a64334a51338276ff

SHA256
0345060e61efe29ce7936924fe34d4dac01b0e719aec927b4d7d40603deb9bd3

SHA512
f01352d46d5512075e8e1d934f867c49ea943c8e66770485348f94490bbf08b577405b3dc2799ba3c0fd1e4ca3d87bbce4add3b2997f2ff3489a24713d85c37f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-32d7d1e94817[1].js

Filesize
11KB

MD5
cdb9b8f6f7399cbc728ea9ef48a2b7d5

SHA1
b93f2411173bcf08704660715b540b83bd9a6ea3

SHA256
a61c4017e49cbc779099d5620da2e53f3947e8fcbcdac83ae744b7002b015608

SHA512
32d7d1e948178ec8b379b7bec87020e1fcdbab55d5427b98c14129347daa39a18419a431767889a1a654af7b1f4575eb05602e79440fed242bc1e34c515815bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\vendors-node_modules_github_remote-form_dist_index_js-node_modules_primer_behaviors_dist_esm_-b34105-c2daa8698316[1].js

Filesize
15KB

MD5
093fe03e90857ee83b43466d26764946

SHA1
adad50ad79fc731bf14311eae8b071850a5a4483

SHA256
0ee54432e7c51fd8cf3edb2444acff7963ace260f034d13447a78c721d1b0f2c

SHA512
c2daa8698316f2460c302f95eaa50c5c335dc0e77b9f8c68aca3848c859a3adfc42c2bae35f1e6bcfe2dee9159fbd53c5f57cf165c6b066df9241d78e0645a04

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\warmup[1].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\app_assets_modules_github_diffs_blob-lines_ts-app_assets_modules_github_diffs_linkable-line-n-f96c66-0b1e8021c86d[1].js

Filesize
21KB

MD5
649dd7cb5dc2747bed7efb6370f38686

SHA1
4950829986c258e654c213f7e87558b70b43f626

SHA256
d0282e5931c57baa7c08c682755234e6fc359e7d02bdeffa2e4f04a24fc2633c

SHA512
0b1e8021c86d92f75ab367a489dc3b394b78361eddf6541fac44d51fe6dd1683a3c05efbfb469600e16594a0f94b66637016257a2ef6adfc189a7c2feff77811

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\css2[1].css

Filesize
2KB

MD5
f7aab2e4f194ab8d1f396c0c40318299

SHA1
969ef8e2bdd4cc8670a281270f6cfa6850d04b2c

SHA256
f57cac4f1bfe3bda19f853a4c497b0186481fbb5f7b786825da4cb0edff79d7d

SHA512
042ce410c42c494399547aafcd8df73275175ea076cff2ca2504a01ed49dbabc594c21157fc3a64d6fd081b2e30e4fb1237a0b836d57cce81546d68242e2a98a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\diffs-0ce7b80166a4[1].js

Filesize
75KB

MD5
4b33fe2a34624c57fa9a3742b9403b20

SHA1
9cceee49d68c78b4d0194c5797723cbaf9d8330d

SHA256
f9d9d945e249481118b63ad4b034ed6da320bd276d6301c25b2dbd8f220fe09a

SHA512
0ce7b80166a4bc5b1110c098c9f501f2f4d37c5b2353305120cdbd98e65f454751893bc53edae21ea1a29704272da7f55272dbb5a761b522a71c50f6d63109f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\github-elements-c79b0363e2e5[1].js

Filesize
34KB

MD5
0a1cb671eb8930e21d0ca462645685b1

SHA1
513bcde702302a52ed4e8e9d04d92c1c5305699b

SHA256
64599073ee3a3b7a7a962498dc9560565efb616013632cd0846cddc6d8047ad2

SHA512
c79b0363e2e54617a5965ce88ac546f242801bf352ef4d7305f7fc78cce9f113e1588abd6bbaf81437b78b90fc0097a4ef346bca0854c1b04e629d36ad1a439c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\njRAT%200.7d%20Horror%20Edition[1].htm

Filesize
134KB

MD5
a1f8aff680920da3b329a20125502bc4

SHA1
26a7ffc4294d23a8448c86c20e5564b4707bb560

SHA256
d121cf974f3296a455ac8896cd0134f71fbd2d00570980aa4f12c7d199de60f2

SHA512
140eeb4c3c054d8f380ac0882495c7e78c40ebdcaf1a8a12cedd4b79542b003429a20e4608b65dec9ddae266df80ea634ff492bebbc2071b93ad6fd11d439a1c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\ui_packages_soft-nav_soft-nav_ts-3a87d1399b65[1].js

Filesize
7KB

MD5
48ab8a2bc29b85726ad6b9cc2358f977

SHA1
8fd608f6c6b547e898d6b5f47ca4ce6042cc1fa2

SHA256
d1f60c5be18ff37bd7c7967da9a5b022b5421b833f6d8b04ffcdbc3d3ec92fb8

SHA512
3a87d1399b657d1b9475c7139d31b7e4de16609642628415b5793ad731503654119dcb83f32fd18a07546d3857e18effeb6cd81f58a5578060d6cdd625eeb156

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\vendors-node_modules_fzy_js_index_js-node_modules_github_markdown-toolbar-element_dist_index_js-e3de700a4c9d[1].js

Filesize
13KB

MD5
186933c0117b94c9b8aade71f6f310c0

SHA1
ae67ade0e920b536137b6e98bb5e9e6c34b96925

SHA256
1465e7c16987bcaf9bb6209172d23d157cba309e9c8b2e4751b77ce4feb1b14f

SHA512
e3de700a4c9d4e1a490d2daa45c518f837ba0f6e065274231627b3911c43faf07e365ba42dc6d110627987662366ea1cdebc9ed4f5a8b88a04b64a7980c7b5b5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\vendors-node_modules_github_clipboard-copy-element_dist_index_esm_js-node_modules_github_remo-8e6bec-232430bfe6da[1].js

Filesize
10KB

MD5
58f0adbb26b860ca74b89da3531c159e

SHA1
0b62fb07fcfeb10f9ee7d7ded4e896a34bfd4fb8

SHA256
da2b49e1ad7ab0838a6330d369747b41d7a42f3fb4b03ac78b89eb29058f0e7c

SHA512
232430bfe6dae4db9d49c67d85bba5fcb85dc0d144fad0e974ff08020cf42feeeee0abad6ecabb3d88308b519fa2294e93569b763fb572cff7ce91c452d1bd25

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_text-ex-3415a8-7ecc10fb88d0[1].js

Filesize
11KB

MD5
bb1800636a88e2cf90f48ea181a1c3e9

SHA1
486238b0e8fbb84b4f92e462ba7f337f8c6c091d

SHA256
7bfa93a6b92eb9a2f1668a9b16ea5e1f7f2591d3664351788a48107ec879bf84

SHA512
7ecc10fb88d0dc86ce7d35b7a2be7b44f51904fbb1908b53c9afdf0d6d1fe9760753f6cf8f9ca1897bd537552d3f8238c68e9b993a167cc52f43b5f7a58b37e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_scroll-anchoring_di-e71893-cc1b30c51a28[1].js

Filesize
12KB

MD5
1b1fcd7ae6a6b96cc0c1c93e68200539

SHA1
1983497adec7d209ad78e0fc639acdbf7d39a0d6

SHA256
644b9a73cee8fa16c6c850f07b7b65a643b8f78e02fc6c7cc202798e99e6bbe7

SHA512
cc1b30c51a285966b53f7992219643eafebd23180f8d4093412bcb15d7977a3b9ece6fcd7e75369af1eebd88838e3510376bb452b3360f786dae9a953c3a7d8c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\vendors-node_modules_github_paste-markdown_dist_index_esm_js-node_modules_github_quote-select-15ddcc-1512e06cfee0[1].js

Filesize
27KB

MD5
ba0337096eb968e764b8ffd5b2abb5b3

SHA1
0251ebe5d24d4f28a5dafb1cc5f8a6f0d3849f2a

SHA256
50b06abab308a6d25648a06be15a9f240e046923393975bc7a360e86b81f8069

SHA512
1512e06cfee0f42ef212f7b094fb77426f02c061cf5855cb93ed7b2b97f6ca0ff982630edc056068661828f2b1bf307b8577eff0262e0029370c51a5c6a2b110

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_session-resume_dist-def857-2a32d97c93c5[1].js

Filesize
9KB

MD5
1bcba1bda12164c8c2d579162033c34a

SHA1
db1b6d4c9c251e71d8fc0489078f1c1a729ba4a7

SHA256
7ffd8135cd23c01d2fdb738b6d518bd4bfc911e42d909becf28e1646585e6427

SHA512
2a32d97c93c5f32500377208e5a11c2c5d8af27fa58b068c5f2e235d2071682c49dbe9380057d89447907c7be2ef80fb61c1a9d89360aaa01335c2b10a628aff

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_js-4140d67f0cc2[1].js

Filesize
74KB

MD5
0148698533da59a02292640ae04357b1

SHA1
fce88d19a5b8c563c35e6e3384c8445923dc5ea9

SHA256
743db34172a50a9c939c9c1c7a16ba993b32330020fa7e153d5b3b78a918eeb3

SHA512
4140d67f0cc282d11feb4630affc147d6942d055ca0c6fd19920b207eb35c277c54b7ae29a7dd44dca0a5bfe33bfe9e616cda58f9f4097c9fedbd4b7f15a4789

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-3d65ff0c13c2[1].js

Filesize
7KB

MD5
f84251c70557d95882d3a3bbeefe8f97

SHA1
7bce75d78f3db25cd30357bdc07ec76cb45fea26

SHA256
d943d1e203f99988dfff1a4422fba0e82013f59f74a83d7a5b32ae05ede8c5e2

SHA512
3d65ff0c13c23514c0f555ede5b55301c81cd4a6ba822933f18111683fd16427e35e722b652ace67b6c79cd92799fc4bb197ad397bb84b185e60c11b04e1c9a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-327bbf-fe611eb551b1[1].js

Filesize
10KB

MD5
ccb96d3f1e41ad2140211125ae2d9409

SHA1
f218bcc4939e4de3348fd75be4c5608f9371a73c

SHA256
b14234aab1bcaa976afff5a9a56b28a8b0e757cd3676cd5541dee0d3cf06fd31

SHA512
fe611eb551b1a53d5404aff029e0073e1f07bb968bea645a8995769effa8a985bbfa31bba193e3115697ab7b0ddb5cb85608cbbd5fcbadee0531650cc6ec2503

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\app_assets_modules_github_behaviors_keyboard-shortcuts-helper_ts-app_assets_modules_github_be-f5afdb-a6f2dc8f5da6[1].js

Filesize
14KB

MD5
b9f3bad707d61030023fcdf69e6be233

SHA1
acc70b87b5abaca5541a121998b89e8b330c39c0

SHA256
cac6f09fa9ff0e1a09731fea09f42931e813a05a7ec3bb0de935394f4d580f58

SHA512
a6f2dc8f5da64897506b5a5dfc6f1883fc798d25233da90ccdd73a563566afb21bb415ff72383f235e7e531c3890227a903dd0e0be12ac0e501b35147fea8f30

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\app_assets_modules_github_sticky-scroll-into-view_ts-81847f2066b6[1].js

Filesize
9KB

MD5
8d6aa46f6ece38d2166dff942c57e4b8

SHA1
457c802d9b5ac2d8f779af9d0991b268f69b4234

SHA256
955bf5cc0a7234d685c0556933b1e1e6fceeb0a6566248e2c8f6bcd12bddf696

SHA512
81847f2066b6230eca9560708fae903e77de56799a9edec2fd87357288a9536d9132201e0261f81886eb1b6a9f533e43a2ad0c9bc31f5a2bc05d19cd3efc489e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\app_assets_modules_github_updatable-content_ts-cfb228eb374b[1].js

Filesize
7KB

MD5
c6a7feb24f1b1ded83a98b1234f58912

SHA1
a7e7da2a20116d318afbc051c450932f87718928

SHA256
679012f50ce6ebec14f32201cabe85b12515d7f5c7abd29d5c21cbf795631884

SHA512
cfb228eb374b199621b10c7af3e6607c35697499a10089a3d9b19f2ecee2cde382c043f029f95be066b52c09e7196175ddf39848896ffa3d20d23342a571f724

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\jquery.min[1].js

Filesize
90KB

MD5
397754ba49e9e0cf4e7c190da78dda05

SHA1
ae49e56999d82802727455f0ba83b63acd90a22b

SHA256
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

SHA512
8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\njRAT%200.7d%20Horror%20Edition[1].rar

Filesize
13.3MB

MD5
aae8ae77c61d55ab4a73868452c1c6e3

SHA1
8f91be50bcbccd657fc65a754475082a4432a075

SHA256
283bd650429f0596ddea77ea9edbeb33832abe6a7d3e0dbdefb095494f4019d4

SHA512
ec1a71f41afcaeb1eecc107e3af825c4f9ab8fc8cca98fe50b8d94dd816135097ec3201062e6751c6ae8e27e959cddbb0bd77284f75ae432173e54eb6edb52ab

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\profile-085697a49485[1].css

Filesize
9KB

MD5
8120a3ddf3285c8546e04c3e007532f9

SHA1
d55f0de733773e502bcb61109d778ab9369ae1f8

SHA256
1e59a1f49a6d32f0f8dc45a4159cf20e335a2a0e9445ed320924beae79f12053

SHA512
085697a49485a056b8bebee9865008388986a115d782339f703df2cd45a24fb74c43ff3e635ea8113a6b5547132741df83f49ea51d440e18d18015a09d88c3e9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\vendors-node_modules_color-convert_index_js-35b3ae68c408[1].js

Filesize
13KB

MD5
9dc040f59be2a61a2c9e74568e81a859

SHA1
7ea23e783cb7242b748c0630d5946c82777fcfbf

SHA256
b05a7e19c59be8422fa87b0c0a3ec37a9aa64757092ee6afc887500c186324ee

SHA512
35b3ae68c408451d73656d48ecccbb9663b4e824ba12a41275a8878859bd48ce96612c54d7a72e8201b61efb6054187571d3da8d4db02418d54ed74cc0dd6126

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_details-dialog-elemen-63debe-c04540d458d4[1].js

Filesize
9KB

MD5
486783c45a0765dd3834c713beafd949

SHA1
fa5be15586f80db7be9e4b62bfbe87e2abacc422

SHA256
5ffc2ea5125732bfea2581586569ac7229239f8273cc21c9aa8261a6b9e1938d

SHA512
c04540d458d49cf4e7691915cf98ebc8ce5f43b88a07f46c408a2dc6df15a2b40af9a2b85f7f35a76170012cc9e81e06124d4133b2ee587a8d05fce981b2bcd1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\vendors-node_modules_github_relative-time-element_dist_index_js-52e1ce026ad1[1].js

Filesize
14KB

MD5
cb2eaff32db3c7b208a1d0ce24ab3700

SHA1
65d04943b70082b02731d17830b5becc317326f8

SHA256
98f799239bc911946de92839cddff52c2c5dca3ff7b3b2faff2b855693d35363

SHA512
52e1ce026ad17b82cbef3a6cf247b2eacc5251368ce312ee902938096c8a169828b95588828e85de88ad88a95920d4c495ddf0ac3b91838f0799bad9799aeb36

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-04fa93bb158a[1].js

Filesize
14KB

MD5
6bdcc1f361d2a2f5b641f77a0a32ac2b

SHA1
0e6f9b63e4878f46617c8a473c00649a09e9d179

SHA256
b1221cadfffc2298df84e959a881d2c42d760c5887a4efe27f3355db6b0675b7

SHA512
04fa93bb158a4d241667f80b9aec3d41ef6f70c8a5f9da259787b0d47ff1f43979dfa33df53f91943c83bfbfd3c370e7cede0c06195f886b27c85fb9b0bf9fcd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\vendors-node_modules_lit-html_lit-html_js-9d9fe1859ce5[1].js

Filesize
15KB

MD5
29b126d180066f2cd72287a725af3dce

SHA1
da1a0918b337b6bcda086580271306fbb2d41ea0

SHA256
9417afb32e38d089ae0e18debddaec99629f25af815081ebf426a48066ef3438

SHA512
9d9fe1859ce5c02054af70a2435b2b137398d7f41f2b71cc138333f706bf3c175eccc001e8ba717e80508a10590fd40c91468a9ee60839cf2cf5464c2601deec

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\vendors-node_modules_primer_view-components_app_components_primer_primer_js-node_modules_gith-6a1af4-feae509e11df[1].js

Filesize
59KB

MD5
f5f256b3c254024ac9672bc2166cb727

SHA1
c5a367aa27217d8b0c59b139a4a4fc11cab9f9fb

SHA256
c654a97d7ac06135fc020c2c31fdfff75da373faaef80ca0baa1bc7c94f05666

SHA512
feae509e11df6b0b16914ce8d3b3fbdb89ceb812d19cf17e776a9697f982176ecd6b5fd1b0a4d5af68deec88c02cbf24872cd273f44e1dbfedc3e905ff46aa61

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\wp-runtime-2d7a352f021a[1].js

Filesize
21KB

MD5
b5655f2c6ea66587053692ac26e254f8

SHA1
01bcf91ad805b0f3f9ac2cf9f5338bbc9fe201a1

SHA256
6c286794b1329811a35df5ff2bc3186ee01082b4b51dc77b379d52addf40b81e

SHA512
2d7a352f021a56b057de659af98195c1bef2b522eeafd730b06aee312ebac54457b224bb442e2bf005e27b7e4850665f79c6aee00433883054a7b63b66cef455

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\www-main-desktop-watch-page-skeleton[2].css

Filesize
5KB

MD5
5f197634e3d476aef3bc1f961ff67d00

SHA1
b191e083fd20b19580eb48955e0c547f4ffb0498

SHA256
fa2f74f4978bddc2f1213c8827000c320aa257377516d8e371499b94d89db3f2

SHA512
de66bd3ad00d618850b9a49412b61621952b74967ab28061e6f320432b13b576199220d2522a845fb9e5ca72c396f3286b9d01078e56056b7c83c71b6ce74319

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\www-player[2].css

Filesize
396KB

MD5
eb8e054dc3a24c7a1e9ac53de09ebb88

SHA1
89ddd0e731e45bbd9e95ca04d570b35ecdd0fbd7

SHA256
7e5a350e35882205d6ffa3c8c493a2746268c8297fcd867349c95d88b93b2f15

SHA512
8a006f103521e34ee4a5960fdf6887add8781a06874be86e337c58d95ab4fbcc988bc510e07b31389bf7d98c92b0847c1fd01a5c581283ea7b660848aca1b9ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-30c68bad2844[1].js

Filesize
11KB

MD5
586606167e5e36a73e0790c09a4f4ec8

SHA1
198fb1c0f9e3dcfe72fda99fd7999b878237fb9a

SHA256
a0e71970232a3d52947d46907948fdd6d90eed8d1aeea29205fb7d808c45306b

SHA512
30c68bad284437fa8b5e040618ef515432fa4238ad65f44dd1282583e3533f355e58ac2e64bdc1e7eebfc9d4f493a71d44198a67bb0b42f0e40a31c12aec40bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\behaviors-48762e4f0888[1].js

Filesize
232KB

MD5
d68e2ae21f8614fb9ee16a6ada34367e

SHA1
2a73c9d995e4793bb04dd09e3d46533843b2bf5e

SHA256
9b44b07ae495face2bec9328956d796f0039c56e57704996b5ba6ab3d866fe69

SHA512
48762e4f088846b3da8b83e1213c7abda39b61c32f6910d55ce700c350735c79b9a2cb391177dbada8af1dd03a552bba5e71fd4045d4e8ada6b7a1d9777c030a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\element-registry-d46d179ca77b[1].js

Filesize
32KB

MD5
e49643d25d6b4072c9c61690034faa4d

SHA1
eb85786f1f97d284d6ae460806f6304bf63775c4

SHA256
c28d42b90bb45156972a249d77c43feee112d21e1cb3f909c9cc1fbffc37c0e6

SHA512
d46d179ca77bd68e17a38e268a59bb13bf0068765d60bf543e3e388106962c883424fb0ae055cf1e33f4b68f6b0d436063090f95bf61733aa8eb72d9ef7fe559

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\environment-7dc00d9708b5[1].js

Filesize
10KB

MD5
4d63995e9332cd5b03bc4c5e3e4fb9fd

SHA1
c60e20acaabc9859f6863a15bf349af1a2550ad0

SHA256
183e1dc240e4f9efbb03250c0d4c5e71dd5908c0cc8c90967add14ff5c000fd9

SHA512
7dc00d9708b5fe8de493a22ed2cac7a7453ec74585c463859b43db816af591bbf495e3f37bbba99e0be30d4d712e797ec60be5642de2a309a3eeb2c8819b9050

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\mrobobta[1].htm

Filesize
197KB

MD5
5ee5f2264129b60bd9947b9b04c793af

SHA1
3d3da13cc41e99f281f686f120b5976db55f727e

SHA256
2f90ad08b6bf6cc41b8d27b4b038e93488757f77808ac9044da224a82af0f129

SHA512
0d2008bebc38f7c744a6e14f802b711387d2bd6909360a8dba177cc1d8b6e0dd26d8d75c04cea108249273c096651ed863e3a93ba6131cd9776ef0a1f38b840a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\sessions-3796d6e32bbd[1].js

Filesize
11KB

MD5
61a2ff2464395d3fe4707009e45b32d5

SHA1
478931f3bd0aaac27ea102cda7acc6258cb1c66a

SHA256
93e8f08d2e7ea17125b8a570021679ff9da22da305b83b929049b296059f62b0

SHA512
3796d6e32bbdab0e5a4add150e4afa24435c09282cae40366f6871345de520b27cffe36deba5ccf47cc88c409af964dd120381c49ddd1a680e784aaa67237c05

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\vendors-node_modules_github_auto-complete-element_dist_index_js-node_modules_github_catalyst_-6afc16-e779583c369f[1].js

Filesize
17KB

MD5
f2f089ae7acdd1e62a89c581df00b65d

SHA1
0f43142b0f2cc8a452f44eabd9cf5ebebdd5a74f

SHA256
3a836f8258291d80eb3a0f8720df6325132398c8518504ae1f9d36c17bd34e2e

SHA512
e779583c369f306593ef582db03a6827bf41b5c372ce13eb55404c7368c05540df9fb71c819030dde790dc4da42ff951d89440a7b19ccd2f178c5e99814e493a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-79182d-befd2b2f5880[1].js

Filesize
17KB

MD5
e66ff4df3ef06eff06b76a4018e6b1e5

SHA1
b60c07119eead674bc49572ef9fecfb22073735a

SHA256
54cf8b633e6d8ff1ba61942511397a4987d89db4511451780d7bf873feed3e41

SHA512
befd2b2f5880fd7d93ab8ca14b486d8fc50b7977b67c217e1ab6e50d80b96446f5e5856b9bfb3ae57b56ab56accb66138137971fae4916e1fa9725ea1611f32d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_alive-client_dist-bf5aa2-424aa982deef[1].js

Filesize
13KB

MD5
fa2bd9163204e6ced0bf13f169206c40

SHA1
ea2d13287aef46af1ad0f04b04eada4e8a8966af

SHA256
0c2a6aa4860bd3d3a135d59418bf4e7a00173c3e974842ae436a0a2fbe3da624

SHA512
424aa982deef4fc0969c58c54d1dfcf1b589d6c9da95575e4b5f88ffb03a8457954a19c03b00afbb5f4fa0d64a6d7b7361c0a4737c1d21490d2767eea227e0db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\vendors-node_modules_github_selector-observer_dist_index_esm_js-2646a2c533e3[1].js

Filesize
9KB

MD5
e5411d902c14114345232eab0b388a2e

SHA1
a079ffbceba09465e2546881d6b963d05edd3add

SHA256
3dd71977f8bc77d1d340787b166bb300047f951a16e440f75c9fe2599659a70c

SHA512
2646a2c533e30cbd3c0ef653c306fdd6052f00fb9479ea664f791ee17c4a8d8321a0337dc9f79b9a0aa0a1d68a9cc84b46bda6b2285bc16a8434712b54794f75

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_hotkey_dist_-9fc4f4-d434ddaf3207[1].js

Filesize
14KB

MD5
2fa124531d3dc3ba4bdcbbd196216a81

SHA1
ab8724c1bf36abc3df111b28ca59d86c36e9c653

SHA256
4fc02788cda90d84e2128a6b5425fa9150b140468d2b4a6a93a05cc02c87529b

SHA512
d434ddaf320797a245b8caeab99107866200a7a341cbec1088206ab404880bb7a5977242d9d67226e3abdb577999df6c6626af21c0a8d79407c3f2f38b731487

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\KMRIY1QR\anonfiles[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
279B

MD5
2b1ae81682fc2334d851b276405c4ebd

SHA1
3ee6d322b7d28559c10bb3040d49c79609e94aa4

SHA256
29791f5d4a2a0ea8438c7d6d823a593c435f3ce619d5af0e80330213cc27ecda

SHA512
08d373583d14725436e9a04d60aac506efd30d04242a79ad532de54c16209797727e028caeadd661de709b24d05f534aa15afe79845472df1d69d1e8710c149d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F4007F33BFDFD6A958C2A17D8DEC3C00

Filesize
472B

MD5
6832ad0cb02cc3a3b8b396c543188bed

SHA1
be89c17eb73e465ff69c67f30162d45fa8e2d8a4

SHA256
4e327ab482594d6bdf040d2fd8f8fc9213aaf1014c1f74587a976981cc741aa2

SHA512
1e05e1e36c7e1c4ded805f7f06119d095dd0a1226f6d05fd4911c9e282a9211692a42686f81f700944ee26f57ca2ee37e2ac6570059d5e967ba12b94879e202e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\0OW3WT2R\IEOneBox_V2[1].appcache

Filesize
755B

MD5
1d566d4dcf6a97eeae24b73e9fcc44bd

SHA1
cf21bea534933b7926947a5e523392b427f15e18

SHA256
9500fb565a5bdfb3246f52a81573164baaa69b745963a8e5765b8a9516177208

SHA512
169501fcc4ac9fe92e29fdf0f867346d8e669cd99a991b964f00301da0d7725cdf2e6d88c5298908bc45ba8f12f4bfc901254cd52647e44b8c0196cc2d629c47

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\53GJD8DF\www.msn[1].xml

Filesize
364B

MD5
a79b4f943b6b235ed8a5c08b016b11e6

SHA1
d37775e27715ba7c65a7a50f0298f45eb6f6a57a

SHA256
20c105d9faba4fad814c58a51b7c7e313182d12845d112a692745c9a58d038fe

SHA512
4e32a20cb2251959e41fe3eae2fe877cede296d736eb5529b3e70a3d6c652f8b2a88fc6e0e5e6007f48d1a97b9055a63c4a17a99d57520c7612962db37bd6f35

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\6XRCMEBO\www.bing[1].xml

Filesize
8KB

MD5
dceff90a8de8c97013c6271f2e272505

SHA1
885fe32bb7c0aa039f68cd86072ff8b6ed8cd7eb

SHA256
21b2e26273bdd23e8322e213bfa7a130bbf68897f47c3eed17067507aba7d03f

SHA512
068f061edb12b199594627088273b44fc02a3a81d45265164966dca0af14b232bf50f8ac11bf3d0a6982e3dc14904e510abebf013797c135415ce412fe06ed98

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5ZQKBZPH\favicon[1].ico

Filesize
5KB

MD5
d33c87a4d2b6beb84a284e113937d36d

SHA1
b05e912df7fbdcda4e75e97efed547a1195bd3d7

SHA256
d25a6988d1a41d545bc094ac072776caa7913a3a0f840af5000ce8986e230543

SHA512
bb9d0fdeecccfd94524c1a5f38efe71716b556e84a76a899ed34f2819e0b1e1ffac0b18be16189c98b6e9b0f34c3ab7a599fb1d3e1fc37466c07eabcaf71e76c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5ZQKBZPH\favicon[1].png

Filesize
958B

MD5
346e09471362f2907510a31812129cd2

SHA1
323b99430dd424604ae57a19a91f25376e209759

SHA256
74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

SHA512
a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\72T62SEO\favicon[1].ico

Filesize
49KB

MD5
bbb740d8fca2a19655321303a3bd95d1

SHA1
5e70e05aa394122dc2a8a77050cbb9bc9254277d

SHA256
065aea427b49b3d098c55cd2ba7c2d8f92ca8d80fdd26325e601a30d429599ca

SHA512
ced2c70172df71bd4c873787444c640bb80481ee49f25993ffded91f3acba8a7be0099bfcdc5fb1dee922c366f42ba6e3f82866625316b0696dc2969fadf0e10

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GK7D8MQI\favicon[1].png

Filesize
7KB

MD5
9e3fe8db4c9f34d785a3064c7123a480

SHA1
0f77f9aa982c19665c642fa9b56b9b20c44983b6

SHA256
4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9

SHA512
20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RMQTRBLU\favicon-32x32-anonfiles[1].png

Filesize
1KB

MD5
ee0e6dd4ef643128a1b7bd4ab32b8a79

SHA1
8136c70aac1e50f8356c83f91fb77ea4b6596cbc

SHA256
51f305558b4ed6fcf3a31b4f9e404fc2ea426cb5e785ac46ce827de0c5cabb4c

SHA512
f57a1882e4d57f6cdb67fc5b8ed61d0dba28f000af87644bfd402275958163b66f7748b83e4d78dff72bb8edd9077c3fe67f5e831a6b79bce72ca4bd1d086b34

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RMQTRBLU\suggestions[1].it-IT

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
4e8b7cc9992cb5e56c94d99f5564ba4d

SHA1
523657b4f5b38cea774a5669ef3ae5d7a5a15088

SHA256
361d5859105ac556abd82273e6fb279e486b8e662c820d24ecbe1acf1ae7e582

SHA512
b4465e59b672e0d5810e32f7cf57d829c02b950184d1dfd8ab977fe42771ff20713e71f554bf29e70b6f5b1a2a867afec49f2ed73d9968871b6e0edce1c710fc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\pyjsael\imagestore.dat

Filesize
15KB

MD5
a4a18170d9e948de41eac88969433903

SHA1
eaaaf19c0c991837178e3096b4e0c0b536356e0c

SHA256
a118eb6aa7c5124fd7dbbc4e52ac1a0f1cd2c1af600c371cbc0496d482623099

SHA512
1bdff365745e273474e28e45a6d8107e41efbbe962f06fcddf75470245071e8b3223c05b57e43757e54f67e69b72029d6ae457ab7e6eaa73f3f0198df24a8bcb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF69D56F7CDC43A59B.TMP

Filesize
16KB

MD5
cb1bc29ee977e801d22881fb4b5fddd0

SHA1
be8fd1bb6371fa58f3e567aea4cbdbd4f81f1d3e

SHA256
3af7c8c5f3f2ebdc2ad61b9e8a260ddd2cad564759ae2e023ffdb494fc4b5aeb

SHA512
746efa939651573c679294ba908f235fd1fdd4eb02cff260d29c25fc54cb49cffa844ad768faa63dd1da12688d118a4e7c1e386d5b6a98dec64013d60d366968

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\RoamingConfig\RoamingLastListCleanupTime

Filesize
20B

MD5
b7346db47ef6390ae30212dfdb1f3c69

SHA1
186af257cd659265b578e7189cc10699f34fc3c7

SHA256
966d72f2468d3e72c99bfc0915e86f1a4b589765734164ab0a435079615bedbe

SHA512
6c2809869f9af3c528b143b8c5557009d868b05d9fb964f689a3800e7bd7c02f77dc5ed9bd0605c15d6cfeebd4de6a8068b9bf75a0ad9898492d4ca728a20eb1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\RoamingConfig\RoamingMachineId

Filesize
38B

MD5
725b73aacfcf7cbd2b1fe14bd09cbc29

SHA1
373986d870f12e0b112e60a8ba39626a9d1994eb

SHA256
4da8ba64fb67d0f53609fdf02f12843d8452a2d9bbaff6c6c43ad7a34a8034a3

SHA512
b76eab06ff6aad5a8ad3d80294b5f49841af22a8a9aeac7b2bc12cdec417ad3ceefc8b25872082fdead5ecc0f80cd3b635dd97362e2afed229758328a47d9bbb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\RoamingConfig\RoamingPersistedHistory_Heartbeat

Filesize
110B

MD5
8049b9eea2cff93fb90e1798ff50ea97

SHA1
8a0667d6890cd1d5f1b7aa8434a65afc6c58b489

SHA256
032e7bf962a8ad973170fd453b855cc2c0eced83dbfe78352cb44fcf2299ba59

SHA512
2d07b3115af48e6fad78393ac0d13d9725a1adfa4737a601943fa65b273bf6a840b42f379c3ce4791a0cbf927de4b3421019fb59b39f3be9f4349a548859e853

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\RoamingConfig\RoamingUpdateList

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\RoamingConfig\RoamingUpdateList

Filesize
9B

MD5
d8ec974c83ba8724e141ef0ecdcb021e

SHA1
7eb41653993550b4ded1045bb5d7c6899a23887a

SHA256
14307b91e474cba906281d65e11814e05bc6e2ee9417afb4d75a9653a06c1938

SHA512
99a6acdde21378846b31266407ca14d134d00fe3067ee62e603bf53aa1bf806ee7c6e0abe95f0f2fe413c0cc877a4665aa46a227556753bbf2f292a4711db3f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\RoamingConfig\RoamingUpdateList

Filesize
5B

MD5
61464d90bc2ae67b93035582c6e220af

SHA1
99ce3b4ce612d31738d5a46a6334769e9ef2366a

SHA256
02c35f89df185acb365f0245c92d0cd2345c396f4789a8bfec3d99bea96faf4c

SHA512
b52468d85a0ab3e86a25a6ba27ec6bd9316aecef9e880d60934e9d78e9dead7a245c16c1c71531251368757294c8ea54f0ea9a5f0dbd488a1c95d987500bbef3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\RoamingConfig\RoamingUpdateList

Filesize
7B

MD5
d682de055fb06bc0d35adc1d73ee30cf

SHA1
fe75a889143bf5a002e76211753298e957cf266f

SHA256
552caa0a38f27ffc3d2c3dd8c6f2af291fbca609a02ea0461f78fb5aaaf52eaf

SHA512
30546f0bd3941836661b785ed986cbd50d2c5da0deacfcb2cb0c71097ea4381f6269b0ebab5cf16935fa028f6584a396e1a652543ee55ed231979998cc040877

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\RoamingConfig\RoamingUserId

Filesize
38B

MD5
8c3fc3f0d968d84e2bda1bd34451ad6c

SHA1
74ad1e8542d3589b5d7f69c0c0f3ea30a4036b93

SHA256
1be2ff621701c2ab56126ffbd42e3decd6a5d22a76366d18bb591d2842468028

SHA512
94e04a5cd300e0243fcfe93e8cbd14e4f3beca49ec0a1e6be6114ab57e2167697a39a8bd7be0817fc04f919ef9de0722db5e820927a8802a0228c5899e8838b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\RoamingStaged\roamingstatus.json

Filesize
211B

MD5
5579615ab18f5a1ae76926006b91343d

SHA1
a9d5893066d0918e8256822fcb1911072e8b0af3

SHA256
e8ed8d13e8dfd577b5be3270f6a76746d7142b4bccd4ddbbebf08f58ca258020

SHA512
2e3b9ca12db178c2b1c14764f024a5bd7263a1643711e1d3356e9a41395f3a11e5990346cec41471fd2e97ba1242f03503f111a02e2e594146d4f5b05a7f4d3e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\RoamingStaged\{a62af571-6a95-4ba2-8edd-92a8bb9743f3}.json

Filesize
282B

MD5
1af48ca636a869787f7e56268b6a601c

SHA1
12e231d83aa5e8a218b4e9be81805341c8a5165e

SHA256
780c23a774d2c30571e390e7fcc847f0a998b1dc686c05600eae0b2618c79aa3

SHA512
f59f5d6e68e94640fee8271079416296a516f672fbc31b84e8e1ca2e696846328396f0aea8939336c2afd17f492299f884eb5a6629434f86c146e3c7d00f8d3c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN.rar

Filesize
35.9MB

MD5
e83baaaa123b093a7860d92690368432

SHA1
eab00461eeae987a343adc7674a5d7a205143239

SHA256
c71da1db4315e270febb3cff5d016d83977216368fef979c064baa7ea2611a4c

SHA512
01e2ad20a318987ec9dfc06f51cf7e62f83fb0accc68c4d49b5378dccc4f1e5f909642dbe5171aa847009bb053b99343d82619a94e144238fd3fb3adf641f950

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\njRAT 0.7d Horror Edition - BIN.rar.jap4mpd.partial

Filesize
35.9MB

MD5
e83baaaa123b093a7860d92690368432

SHA1
eab00461eeae987a343adc7674a5d7a205143239

SHA256
c71da1db4315e270febb3cff5d016d83977216368fef979c064baa7ea2611a4c

SHA512
01e2ad20a318987ec9dfc06f51cf7e62f83fb0accc68c4d49b5378dccc4f1e5f909642dbe5171aa847009bb053b99343d82619a94e144238fd3fb3adf641f950

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8CF21OQ3\ls[1].png

Filesize
1KB

MD5
87593e2e9077bbb4cd26c75c57eead62

SHA1
57271165f45baacce782517997493afa5a17f62c

SHA256
9f70ceac02f200a01f4afe6571b0028299316eeeaf2b4145713161abd958d4ab

SHA512
9d9d088f0216f8e81612cf37cc3455d8bd33c28968255a6ab318589ec6e0fe02bcdfd1e5d0b4737b6a0a158788cd8ae475c3c36cc4de5aee4a7e7fa7224738b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\omfgdogs[1].css

Filesize
2KB

MD5
037dd1bb2a11925e296d5abdae5c60c8

SHA1
e9c28964806ad863ed2a2d170d1cf9609c9eda6c

SHA256
f4861479bc7e1511c7e5c9654f5f3c91094502ba44f1ca58a4ec977222ac2e7d

SHA512
62cdb59f7c0bd1c2939aa92cc350a387832ea340c09a797795ada019a20d7817154e98cc0e846c21443ff853a358a09dc1b48a8c220de89d3bf81b4b06e57cc6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2KHDB0J\wat[1].js

Filesize
1KB

MD5
7abbb33866a85281c787aa081171cbb9

SHA1
d8c09df57d59ecea26405bd1476cc80408d17599

SHA256
5d8038d73fa5e59685483ab1c666fffc2627fb90d2620e353eb275f0a61419b2

SHA512
24607e11c60994d1f745fa655504f7ebfefbd20d7f28abff7a54ec828a7428e9dcfdccd11be41c0f7ae07ed7426814fa75e3b81f96f12801d1d9d0c715773f32

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\JMS0L0YQ.htm

Filesize
2KB

MD5
6f9286e54bcd7ddec18579573faa4513

SHA1
fe4d8b93c8a287b9e80c69747135fe70eacbe50b

SHA256
a056e0cac310f0231ed3a835508e40d76fe7b509b69dc99470393c1822834c87

SHA512
f1f39761869a0f373b992f068008def50bd25206d1ba1cd4678b8166ebd213f2df58674fe504b596fc2ef078d71e54d5868d1badea37353321c8c8de900f5969

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\gg[1].png

Filesize
1KB

MD5
d784f6d870ae88dbcabd82b094792258

SHA1
7ec9baf1d6ea81c867fc5255d759e0688e5c6844

SHA256
4f5176116f71681d9e47824126dec114bda65d1c26e95bf0127fc478e8bae2b7

SHA512
f10da73466544d5b9be624738a467aa96ebd7d1aab3769d49e79ed45249c1df2f7ce8e95c193a9777b7c81d43f6704f74365d8f3206f13614cea44d318f5d8b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTDHU4RC\njRAT 0.7d Horror Edition - BIN[1].rar

Filesize
379KB

MD5
fddeb64733567de439f317f0385cf4e9

SHA1
b66a71b03cbbd0f4cc59e632d2804fccd33cda46

SHA256
87c05a62e1714963626dc8ac4f757af5c0362471e5ed910b04df18d2c9bb5f3e

SHA512
fa4f42420e16b16fcecf55228387334edb1e5620169d9c7c031cd25f420458ffd062a5b3ea48297a1bf2d96d25388cc5540212a0ce7880e1f57f87993c6ce5f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N3I532NG\ldh[1].png

Filesize
6KB

MD5
f841ac9de5aef77367723ca1ab719d30

SHA1
935cf8edf2114a59f13265ab2d4061c630a15498

SHA256
0e70488572ff630cd18448bb9e7cda990f322c12914abc86b1b544fe809618b6

SHA512
0df9e72d8a1cbc063469a00ad8494a7a1e17d552347ea6529cbc444af43d5cc74eb0f9373968c1d1f8790c69c63c4d84009c0bbe9cad0bd684b8751d7e3ed6e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
1aa81fcb26e933ca29faa9924047bc46

SHA1
1fd46e6485eebeff5bbd32fca2977a3862e95e7a

SHA256
286b6637dca8da7e1fa3baffed2a88306898dc6c35f6e1469c4e957c4377ecb3

SHA512
fc94fcfac6845ba0b6565e36dd0274f5ebf836b971b5202c95f8e609908542cc6fa4ed3eab59d272a5698f83213731554ab402f6693787c3d4ae948cb9d0f1f4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
04d2688082d98d8d70258dfb66cf30ba

SHA1
63f7bc3add729fa08dda58ce5ffb55f1c51828b6

SHA256
21e24a085065004343aaf774397f00a130d189acffdb8fad69021e4d7bb522ce

SHA512
6a258e727ce39ed50fe6df4fe3872a95650533441fd79ebc783ff0cfa83a5454bc18e8fd4e67442f299f49a2370545a0aa9e190252fb5ca3560fbc1d5128af5a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
3a41c2aef80e9cadba112ef694fe9fe4

SHA1
280b9511fce2b787be354835c1d2d4a86c70172e

SHA256
e2f3eb6f66a54341cf34aa4b7947230bbd0ad689ba27d923c0282736962db628

SHA512
5000cae83f3571c892ef9532245ec227a6c552945cd00a95b810b2387080b6d912b941d3b837aba245f0b0feb60398f41dc5421116d4e9cf50445ed68d86a11d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
3a41c2aef80e9cadba112ef694fe9fe4

SHA1
280b9511fce2b787be354835c1d2d4a86c70172e

SHA256
e2f3eb6f66a54341cf34aa4b7947230bbd0ad689ba27d923c0282736962db628

SHA512
5000cae83f3571c892ef9532245ec227a6c552945cd00a95b810b2387080b6d912b941d3b837aba245f0b0feb60398f41dc5421116d4e9cf50445ed68d86a11d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
279B

MD5
2b1ae81682fc2334d851b276405c4ebd

SHA1
3ee6d322b7d28559c10bb3040d49c79609e94aa4

SHA256
29791f5d4a2a0ea8438c7d6d823a593c435f3ce619d5af0e80330213cc27ecda

SHA512
08d373583d14725436e9a04d60aac506efd30d04242a79ad532de54c16209797727e028caeadd661de709b24d05f534aa15afe79845472df1d69d1e8710c149d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
279B

MD5
2b1ae81682fc2334d851b276405c4ebd

SHA1
3ee6d322b7d28559c10bb3040d49c79609e94aa4

SHA256
29791f5d4a2a0ea8438c7d6d823a593c435f3ce619d5af0e80330213cc27ecda

SHA512
08d373583d14725436e9a04d60aac506efd30d04242a79ad532de54c16209797727e028caeadd661de709b24d05f534aa15afe79845472df1d69d1e8710c149d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
279B

MD5
2b1ae81682fc2334d851b276405c4ebd

SHA1
3ee6d322b7d28559c10bb3040d49c79609e94aa4

SHA256
29791f5d4a2a0ea8438c7d6d823a593c435f3ce619d5af0e80330213cc27ecda

SHA512
08d373583d14725436e9a04d60aac506efd30d04242a79ad532de54c16209797727e028caeadd661de709b24d05f534aa15afe79845472df1d69d1e8710c149d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
279B

MD5
2b1ae81682fc2334d851b276405c4ebd

SHA1
3ee6d322b7d28559c10bb3040d49c79609e94aa4

SHA256
29791f5d4a2a0ea8438c7d6d823a593c435f3ce619d5af0e80330213cc27ecda

SHA512
08d373583d14725436e9a04d60aac506efd30d04242a79ad532de54c16209797727e028caeadd661de709b24d05f534aa15afe79845472df1d69d1e8710c149d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
279B

MD5
2b1ae81682fc2334d851b276405c4ebd

SHA1
3ee6d322b7d28559c10bb3040d49c79609e94aa4

SHA256
29791f5d4a2a0ea8438c7d6d823a593c435f3ce619d5af0e80330213cc27ecda

SHA512
08d373583d14725436e9a04d60aac506efd30d04242a79ad532de54c16209797727e028caeadd661de709b24d05f534aa15afe79845472df1d69d1e8710c149d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
279B

MD5
2b1ae81682fc2334d851b276405c4ebd

SHA1
3ee6d322b7d28559c10bb3040d49c79609e94aa4

SHA256
29791f5d4a2a0ea8438c7d6d823a593c435f3ce619d5af0e80330213cc27ecda

SHA512
08d373583d14725436e9a04d60aac506efd30d04242a79ad532de54c16209797727e028caeadd661de709b24d05f534aa15afe79845472df1d69d1e8710c149d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
279B

MD5
2b1ae81682fc2334d851b276405c4ebd

SHA1
3ee6d322b7d28559c10bb3040d49c79609e94aa4

SHA256
29791f5d4a2a0ea8438c7d6d823a593c435f3ce619d5af0e80330213cc27ecda

SHA512
08d373583d14725436e9a04d60aac506efd30d04242a79ad532de54c16209797727e028caeadd661de709b24d05f534aa15afe79845472df1d69d1e8710c149d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
279B

MD5
2b1ae81682fc2334d851b276405c4ebd

SHA1
3ee6d322b7d28559c10bb3040d49c79609e94aa4

SHA256
29791f5d4a2a0ea8438c7d6d823a593c435f3ce619d5af0e80330213cc27ecda

SHA512
08d373583d14725436e9a04d60aac506efd30d04242a79ad532de54c16209797727e028caeadd661de709b24d05f534aa15afe79845472df1d69d1e8710c149d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
e2e6f21156d6222bcf0942868e383ec0

SHA1
b57e7e0f69f7d33e4b5f9c5edaaaf6d2896b5fc6

SHA256
9d82170b4b63d75be11b3ed16d5492d5470d41a82995c45bb822d4ff4da7cbfd

SHA512
5b9e0fc6755317783dc43bd05254c20d717aace1d9717f7e91a85d4d18260ef0407fb1d6cf8d5f86f7467cda8302026543e9a39195adf32365ec665a763218f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
446B

MD5
2c02c655999d2ef3b139bf2ff213a2d3

SHA1
759e644e50fb3198020bf07eb9501b5f19030386

SHA256
54ef0bdb2d7a6170a74e80f2dc447d2ec089cc3bead49093f1d7746843518732

SHA512
05515e1e3bc6145119b0b6b76f8115e418c37dea90e3b62247e82af48bdce18b5d45f85b643162b1f30949a65b0817dd3f4f568011984d1b8dcd7150704abf70

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
97a5ab5461eb5dcf26ada5b2c4992325

SHA1
a72541cc732cfb04f4f660b0e2d34ce247a1e5e7

SHA256
3e0fc725f06c8ddd68b250f68eed852ba64f2a68c98d0183d56ac8a0b4b58e5e

SHA512
c45842e4bd9ff44cac3845ccc6681995030988890238e07fdd462430b26f9ce8b555eb68cadde7adbd28c5dfad8321f74af6dacdab375c1cc0d845103f31a816

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
97a5ab5461eb5dcf26ada5b2c4992325

SHA1
a72541cc732cfb04f4f660b0e2d34ce247a1e5e7

SHA256
3e0fc725f06c8ddd68b250f68eed852ba64f2a68c98d0183d56ac8a0b4b58e5e

SHA512
c45842e4bd9ff44cac3845ccc6681995030988890238e07fdd462430b26f9ce8b555eb68cadde7adbd28c5dfad8321f74af6dacdab375c1cc0d845103f31a816

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
009818f7c9ff508c3f8c6efbd6d24d12

SHA1
e3cf58a322811ebf1cc36ff952b8d3f07574b2c1

SHA256
cb9af8a3ae53dfa776e4d63ee16ed180faa52806bf37fdfac64dcd5ced519062

SHA512
53f61ea555878e54ea87d5f1117cffe3561cd7f1dbf59afc95258db28d7da4888ca928f06202fdddc349a7993c83fe97f36e3031b81375df37ad2fcaac71f57b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
009818f7c9ff508c3f8c6efbd6d24d12

SHA1
e3cf58a322811ebf1cc36ff952b8d3f07574b2c1

SHA256
cb9af8a3ae53dfa776e4d63ee16ed180faa52806bf37fdfac64dcd5ced519062

SHA512
53f61ea555878e54ea87d5f1117cffe3561cd7f1dbf59afc95258db28d7da4888ca928f06202fdddc349a7993c83fe97f36e3031b81375df37ad2fcaac71f57b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
e1aaf6d2e182b8dcd2e26a3d3bb5a7a8

SHA1
59a8b9a836dd47a52e94d867617249af3d4f6da7

SHA256
9aba0df44f9c0ea15dd8cbc2e0692f63128ddd95dd721c6cff814794468d64cf

SHA512
85c30e6580d13889fc905f1287c6753f30ab2dfccdfca28d8ead79de5b3f12f09fdc70529bb06fffba68e69afb95672a6f63ed2a85120a56ed958a5a5d19b84c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
e1aaf6d2e182b8dcd2e26a3d3bb5a7a8

SHA1
59a8b9a836dd47a52e94d867617249af3d4f6da7

SHA256
9aba0df44f9c0ea15dd8cbc2e0692f63128ddd95dd721c6cff814794468d64cf

SHA512
85c30e6580d13889fc905f1287c6753f30ab2dfccdfca28d8ead79de5b3f12f09fdc70529bb06fffba68e69afb95672a6f63ed2a85120a56ed958a5a5d19b84c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
3b9484ede2d73132353189bb50a5ca8d

SHA1
1705cb53f355312c538f2623402139c7979d06a8

SHA256
e90f1b47fe931f302e663b1c4e66fb3028d217d0603d26d64ea2a082831ee9f8

SHA512
f6dd1d9eae5c6116d5c2a7889cfa6306c2714fa2cb9dba03ce82ef3917e1e410d78a571a5fe3ba41541955547bc374d41898b7f101a1c30f9ab5dec2c2efb520

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
7fcbff996c7a6a898b6f183d704881a9

SHA1
063373c1fa5f2b361bb9d92f6def667e7c12041a

SHA256
d769f980777ff1f3d3b0f125abdc7423eabba2aeee99116d3d3200209cc2735e

SHA512
10a1d0bb3b3f31695c73e86ab04be78b8a5d0ee275c5d465e75bb8132ac470a10d0b68eb8c7025cc1f0db727e12fa6034c54806ae7baa0da6a03e67fac2ae2b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
3e6524d47d21682d8eda364a3eedc130

SHA1
ed59b593f0a7a8f69484a0a7931e48010d858bdc

SHA256
fd11a1c0f4002ea89ccca3442f71bca627fa06213562679fb54f098c64b06112

SHA512
2732595f68b0f7490972f8352698fa2cc0215fac2cb0c75bcf955b398682369c72909f8f700412b4c8ca0cfbf4093712653f0714bf10f15edd99b6be6720e8d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
3e6524d47d21682d8eda364a3eedc130

SHA1
ed59b593f0a7a8f69484a0a7931e48010d858bdc

SHA256
fd11a1c0f4002ea89ccca3442f71bca627fa06213562679fb54f098c64b06112

SHA512
2732595f68b0f7490972f8352698fa2cc0215fac2cb0c75bcf955b398682369c72909f8f700412b4c8ca0cfbf4093712653f0714bf10f15edd99b6be6720e8d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
ba0147ad0a9ce9f01497bc3e798922cf

SHA1
b89c2f39c2c7fb571abf837b5b16c995054d5bbd

SHA256
c1db628572ac4e39f9928e554289b53428bbc07dfa3e265f05a41b774e03bd36

SHA512
d129795d582da1f257d403707d5bdf7645ed962ed164d8a6ee17fb1ef7036c1892b1924b6ad45b63648650636fe7d2b99e7b6d376416744d64668413f201e03f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
ba0147ad0a9ce9f01497bc3e798922cf

SHA1
b89c2f39c2c7fb571abf837b5b16c995054d5bbd

SHA256
c1db628572ac4e39f9928e554289b53428bbc07dfa3e265f05a41b774e03bd36

SHA512
d129795d582da1f257d403707d5bdf7645ed962ed164d8a6ee17fb1ef7036c1892b1924b6ad45b63648650636fe7d2b99e7b6d376416744d64668413f201e03f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
5ce45c8040d6d59fc0f9937ee4422b54

SHA1
64f6a5c72c4d26463aa06ea289076ebb5b7414d8

SHA256
54eabe4b272792d2f3f4d0b377d2a9248ddcef9a6e415fd12daaebffeb70719a

SHA512
ebcdba7fb222c71c58531bbc5ea2e30ecfc2cc60f45071ecfa800c4513f962541a771183f83606dd6be6f6757aa8ad647a2b224245f6b1309d4bfb0e0dfd230a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
5ce45c8040d6d59fc0f9937ee4422b54

SHA1
64f6a5c72c4d26463aa06ea289076ebb5b7414d8

SHA256
54eabe4b272792d2f3f4d0b377d2a9248ddcef9a6e415fd12daaebffeb70719a

SHA512
ebcdba7fb222c71c58531bbc5ea2e30ecfc2cc60f45071ecfa800c4513f962541a771183f83606dd6be6f6757aa8ad647a2b224245f6b1309d4bfb0e0dfd230a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
e9b0a32e59019651b1faf80d70a76473

SHA1
5c760ed8a9deb4635616fed497273464cbb40d13

SHA256
c9c43121732ff2317c172c2c01825284bc1aa4949a5beecd6076a3fc085a38f8

SHA512
b0e80eebe6e90641fe56a9f1975248960a478534a61b0c29ac7d92788daeb29904b2bd73e07e3fd67334d093082155551093a06d04ca9cb8135cf2775d290b7c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
e9b0a32e59019651b1faf80d70a76473

SHA1
5c760ed8a9deb4635616fed497273464cbb40d13

SHA256
c9c43121732ff2317c172c2c01825284bc1aa4949a5beecd6076a3fc085a38f8

SHA512
b0e80eebe6e90641fe56a9f1975248960a478534a61b0c29ac7d92788daeb29904b2bd73e07e3fd67334d093082155551093a06d04ca9cb8135cf2775d290b7c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_DA3832176E6CA2A88FF291D0D48999BC

Filesize
434B

MD5
b126a7c569c60bf46a2543d5b5c50a60

SHA1
0c79392244b886a2770fa25ffe8612d49b994dbb

SHA256
99f387f5511c1806de5f2ba41a56399b90e1fea8a747a24cd967ba0f13b316de

SHA512
b6ae87cbc47a9338a22be157f3e845a0af73722abd8acee2d07b9614dfea126d6a6de00ce70cfe1d628fe9ae4717a7b29c0dd368623afbd4d861d19dab3ee204

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
a68934b9bccffd87a337d72a487b3b1e

SHA1
276308134d6dd175fe7a408cbecdc6b51a7ec299

SHA256
d819d801d39b513904ddcae0fb42f3cb8360b60bc3582ee707f1d2fe71e912c0

SHA512
9d3dc832d5e94eccbcd0399ea6afdf4a25057e36a833fb882ab6a27192869fdd91be8f4c403c5bbf7af3efa61f792382dc6f9e437a48b5dfc7ac600df6044a2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll

Filesize
94KB

MD5
14ff402962ad21b78ae0b4c43cd1f194

SHA1
f8a510eb26666e875a5bdd1cadad40602763ad72

SHA256
fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

SHA512
daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qndodpmr.em3.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_9ACA12E37E27494393F3F12407B04177.dat

Filesize
940B

MD5
a401c92c33214885fdf697dbfe85a771

SHA1
e176d2ed2935abb7b83339fe907444dd08e46d79

SHA256
daf904ef06803000fc3e576b27ab624bae58cd91e9e6dde6f38cc150c385cb13

SHA512
66053109589a579d0cf20d5b3cda179291b012e0b9bd68e23f109ab15316bf3a35437b4c2e48d5a4c9c76ff1ee6ce226ba7434bf675c9617ba4550de553f6c0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js

Filesize
6KB

MD5
c205c8a6591363331cd60c7286ad4ac1

SHA1
7d4c89374e88116484984f5d0b5df0d59aa63ecf

SHA256
81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

SHA512
fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionCheckpoints.json.tmp

Filesize
204B

MD5
3e62554c9f218730ddf20915068266c9

SHA1
b19fc85839713623f0d0206870f88d9173705523

SHA256
c40d1a8460187b4e8f141f324e3a988805af7983606dd605ee2aef1cfc07e695

SHA512
31c099d65dfbb1c2fa33a5f6dc2fd088599f9ac2ed093320dccedffe447772817ea6c7e4c99037a927a941fc8e0722b25f04e679a848d4de43c8d8d49d02cf1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
2be536958bfd5d4680c08d77557397c8

SHA1
04387ba004d255457ebe1aca2f8d48d5c147b52b

SHA256
5adff898def40d8eb2cc0dfe47e758d8e088e3566b30c483a92900fda36b5393

SHA512
1a7666e77f323d2c0bb5c7ea0bdc2374131a9b8c97ad8481afda6a4ccc4592efb99f77692421e50a5ecbc15b98aebda4d7816ce2286ce94ee7143b4cd201084a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore.jsonlz4

Filesize
1003B

MD5
6d8b7045b66216101ef3ead833582053

SHA1
5f65c021e6a34053d5cf5830c6e0130e95f92f14

SHA256
173adef19b9daa898eb5320236d0fa231a7a1510f32d9f7ce24fe86ce374dade

SHA512
1f9238d4282b7df2bebec236ab4a1ffff65f333a8f850809b9a8bdab97ec684445a27e2230350ca280a7ab43a135a221bc57d901f47b17a95d70f79903a64cc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
643cd63a8abcd7eab522adb4d02ae609

SHA1
942172af5063027de9d7cf192afdb4bda2d525f9

SHA256
1986ca783bab9b41c6b6318739e11fb4f3e0dbf96656597c947f7300985b2060

SHA512
9622b7aaf84f8dfe272987e0c76ced9ddf9588fd51838e32b71a81129fbc5ce77c1180439887dac3cd37c4964a0fc180f1a0026eb2eb8f31584abb38e65e14f4

Download Submit
C:\Users\Admin\Desktop\ApprovePop.mp4v

Filesize
793KB

MD5
21a140eee56511a844003e30b01b8da3

SHA1
01ddccdd400bfe1367c2d9f84e81e55248d632c2

SHA256
650720393e1b85401ce516107b4abb7b2900d4e9a56678cef23625f46668ad4f

SHA512
306debe3fee7a3bde2834f4304ecce45ee3a6fae7a5b470fc9243cf090b06f0520fc38abd8e1477a2942ab1d78e8803a1d082d505034ee58b35fa9cf052ae964

Download Submit
C:\Users\Admin\Desktop\ConvertFromComplete.3gpp

Filesize
920KB

MD5
fe5470517e13a22c3cf579c7aa918bb5

SHA1
cdb0155a9f65c2620d6ffd108950dec8dfcb3a8b

SHA256
2e1507e73bb395999c71821de38fb2f2fae9844bee6e44a7b9cb8cc45a5dc27e

SHA512
95f53b05eb7252d1000b4ffa190718f26f4277219168b46f3ff132d3bc79cd35c4e08057e61f62dc15a167c5f80cd8d96a14f1b60e963f30e2ffe8cf4fc6e85b

Download Submit
C:\Users\Admin\Desktop\ConvertToRestore.pps

Filesize
349KB

MD5
47bafc120857e02243df1a7462e03d38

SHA1
498778f5f6450d3edd4737427cb53323236c1189

SHA256
bc5236d558761b9920d9e13fb8483d04567165ce4c3922b54bdbbc82bf1d128f

SHA512
c2de771dfd6a102764337244e10fb6d6da770da894bb4e5d3023c5516a475e71b14733f75d990ed9951660ff0ae5d60752ac9e824b0faf18e4c55571872fed69

Download Submit
C:\Users\Admin\Desktop\EditSync.asx

Filesize
698KB

MD5
cf05c207146cee9be77498da5327155a

SHA1
f7227cdf4e397a8821a838e68a040340c6813683

SHA256
c58682f87f0015eeaaddd568353e0bc77cd1a41be44e872489691cc75964e257

SHA512
88ae0468a251333529f3b1c8835d02566b4583f71a53ff9505d92ea95bef4000c774eef43e60c4c484bb24b859aa6d99299e8d4256254ca666c5390f606d7196

Download Submit
C:\Users\Admin\Desktop\ExitSearch.ps1

Filesize
983KB

MD5
f896fd11468cd17c4ee40cf1d9fa4cc9

SHA1
00df2b8b2c2ed845c5fe0fa528cd518110cb93ce

SHA256
58151ea7fec2376d51e39afe0aa7ed3d0057882af3407061565280397ed3bf36

SHA512
db3c7f6391e638d794603a1580a2e4bc19c60cbcde122e143907694ad62b31730b904b9ee4c2b213782efa78fba965727ddc8e3fb090642af0f5fe37e8ec6c78

Download Submit
C:\Users\Admin\Desktop\ExpandNew.css

Filesize
539KB

MD5
b28f84dd2a7bd364c7b8f6f4c0b3a0fb

SHA1
15fdde6a71f8db02ae4bf18623144d59c2f18629

SHA256
4122267ec66ef2845ae9b5fa71222b3e14724b8c79d00eaed83e005086a32f50

SHA512
a59676812bed908e0afdd1ce540c5f057ce4d907dcca26c6629370ac6cf3c52d19725acda76225815f97f30e09294b8bfd540533216079b34d58fdb3bbb7c4e2

Download Submit
C:\Users\Admin\Desktop\InvokeDisconnect.MTS

Filesize
571KB

MD5
b4d5c2780983eb45ff99826978b863a0

SHA1
fc11d898c904aadd09510aa7eedfc7f273726f00

SHA256
78340b48b88975211e2feda7ed1b75e6be88d97bf98d808e4941a10b20e38fae

SHA512
ba9426e07e20339ed0a5533d93f0516726a14ca1003c0ef9af688e43608acb82e33d7a413fe98da0df79cf19bf13b8ec138bbd47aa2bd8380d6ed3fed95bdaf3

Download Submit
C:\Users\Admin\Desktop\InvokeSubmit.xlsx

Filesize
761KB

MD5
563e8851eecbd3ef0aa8481d0fc90c8e

SHA1
c45e4054a904d0ab175ef36f101357bbe08a30c1

SHA256
1355d7fcbfdbf1b0de4367b62f3b25824e92e4423ee69e670ba93042cc783cad

SHA512
d9bb2d585283105ce03c6346b7d160aa7c8f9956f243857287698954ac7551baca6feea8f2fd9d319781d285098821e7fe4cd958f38dfec688b5db5092f1bd77

Download Submit
C:\Users\Admin\Desktop\JoinWait.MTS

Filesize
888KB

MD5
1b3c899d2697e96aacf71a9abc16f962

SHA1
a72b3254b915085b6b2e948804cae8f2f6d325fc

SHA256
050df8eee318e1801c210d456cea2481471a1fbf1e1fc77891e723687d6a97af

SHA512
a40b4effa5745d5d0150527e3676b562912143e4b08be2e999f6ac037a89d7a96c2f278cc1df02269b0a5c1b45287df7bc5e0ed4107054feb8c8926c443241ba

Download Submit
C:\Users\Admin\Desktop\LockCompare.MTS

Filesize
825KB

MD5
c4c5937895c22b2e3cfe39d6c0f70e2b

SHA1
89f2fd2391393ca2a83d130f17c6abafe9dca6de

SHA256
48e7baba731dd8adb96345a612394d2e404133c1186a05f9723016286c2f0f7c

SHA512
6e17be1d0d930ec65ba453d4c19bc288f627d652fad16848589b7ad895fc68b52a01db4b598040b4133a384f055b13d0e2371f4de91e551a14465ecc62529b1d

Download Submit
C:\Users\Admin\Desktop\LockInitialize.ps1

Filesize
476KB

MD5
30973b4f4fc31f38c2feb423d5149c52

SHA1
b711c14998ce0a30659309293f0dcd28ff80b950

SHA256
600faeec14d06fc516018e0a0a408023e5dd19f191af9ea0d1783a6c61ba6e48

SHA512
f994bbf7b1e40012ab162d134d4b1675586459618a8514666df55077932318bef211cf44977f65295419c08d2b8dafd5e480e727d92a0d4db2d42a03433dbab2

Download Submit
C:\Users\Admin\Desktop\MeasureDisable.mpe

Filesize
952KB

MD5
920ac26ad49bb626fe1bda77d806951c

SHA1
7c2ee1f945c5b9ec3934d67e4811dc9cfa9ac939

SHA256
4cbeb98e462b81afce8946992dd4f6ffd44164d5ba89409dfbfd905d6fb66525

SHA512
52d3da9271364a5804c75695335065c01a4373bf277bf8a1b79db156cf16cce00565620e35390da4b91b529e722263c0474eb59a86e1f4bc4598582ff72c2c27

Download Submit
C:\Users\Admin\Desktop\OpenUnprotect.wax

Filesize
602KB

MD5
d6eefc5d7d20218cd3c748d0d9617a20

SHA1
e96d3a855633d056e18c802825be65ede15c894a

SHA256
623392a18b4437a7e20eaa1aad894e03938b63b0ed7cabab7fece430a5db3a76

SHA512
dc9f8c11ba7ddfb71e3e604094fcf77653e1d4bee6e2fc32b49daac92e42790b5b30bc34ad24a8a1dcf6d204a4ec0558fd62d5aa1f4d93feec9581adb1b6aa96

Download Submit
C:\Users\Admin\Desktop\PopLock.pptm

Filesize
1.3MB

MD5
711da977378f6888f4c1d00f98ad5510

SHA1
99d121ec9f80aebd30d9ce76cc822494afce4f37

SHA256
0f48bcebcf9e5b04b3d1350767aacdcd6cbb071862ba1731c0fc304e4522830c

SHA512
f6735ba78bb6615b66220eb51336917f4d73a8cf50a2289cf411475f4476f5ef913b4cbc7b2791a22b2ca0ce7cc61d236689d5b6e4c9a5651f66e41f9ecb981c

Download Submit
C:\Users\Admin\Desktop\ProtectTrace.wvx

Filesize
634KB

MD5
46fb2d394f69d88568e858986971dfff

SHA1
9e71465c2fbda9e954ff382cba908a329a5c5427

SHA256
b6a1eacbe07e93b5f11e018e5b4107115fd7b4bc155f55ffae37924de3927368

SHA512
5a9ab984404e82358b6e8145fcf15ff93af3fd8cca0bf7147dcecadb34095d3e4c0b8a8c7d5ec049d1e70f54f25f4d8e39f6711f9531d2335ad9882764dafcc6

Download Submit
C:\Users\Admin\Desktop\ReceiveWait.ps1xml

Filesize
729KB

MD5
a66e129b326b908ee4778c8fad4b1c8b

SHA1
cf04eaa4513f12795071b5aa4349e5c7302c3dd3

SHA256
722f7f0f0266f5dae67f4e5548a5e2fa07bc64ebff15826fe8e31989cefc67c7

SHA512
32921eaccae19a67e7380e91ca790180b115ce85d489b4fe8f2bd8c792eb82aecfc6b7012613632e28a60fa28d786c47ea5dc0ec9ddfb275c616e239761bf6f8

Download Submit
C:\Users\Admin\Desktop\ResolveUnblock.xhtml

Filesize
666KB

MD5
b642e3990f9acf7010a38f0626f4ca5c

SHA1
7b83bead0e9c4b5ee5c9a82d6397f736314e6ab6

SHA256
4fd416c7f4c323088cc5b679a4c944c68445e53404c52db6110f4eead1b60a1d

SHA512
166d2d7e69e710373d9977fe3fd278a380522e81110fa45303c53ac6123efd190ef9b785218bc322e05fd5d4577c88190677c7771dfb4b4a86cc4055231f0e00

Download Submit
C:\Users\Admin\Desktop\RevokeEnter.mp4v

Filesize
856KB

MD5
f3c4eb46d0095dbecb14b218f0539cf3

SHA1
0d480174902be4ea2fc806cb36a4fd73b61f2e24

SHA256
dc1b96c80d8d34b9f8e1cc2e07ebf3fe661ba935db590a33627fe4432640b5f1

SHA512
f21629388461db8da69490044722c50f9d65fd04f016a7ba6d4afab0df1cde22b366787aa7ea79ae0968e965b3ead9212df25d187c8c4fc2ece4e0f2d3334094

Download Submit
C:\Users\Admin\Desktop\StopDisable.jpeg

Filesize
444KB

MD5
592147057fede4cda9455cab4dcd6b3b

SHA1
8727318668aa9ea9636aeb1d81419a1a4cbcd32b

SHA256
527bacbcb6bdc30845847a98b57b63b58b2027cd683afff9d25cea0cd76d06a9

SHA512
53f6d1daf1b25f150c8dd26947f4c857ada8c70e54ed7c8cda9f2a44d95ca2b9e8471af1aed35ce286d8c29b963ee23fe19a990d318a153ed0608a26f9abcbc0

Download Submit
C:\Users\Admin\Desktop\UnpublishDisable.M2TS

Filesize
380KB

MD5
9756d9bc3bf15b1eba9b48674c6e22e4

SHA1
e2ace1efb017d824b6e7caaf6c2ffac840b725a6

SHA256
d7da2c5eec54d04ce315ec7a1cb0f33fc45b37517006aa7db34bd627cc32c474

SHA512
0043de49d70a9d71bd43fd74d7a4639c4cb10f6dd6fdf09dd405d83464a17472a1d6845a5a6b4ae101d779974485c350f95ea696b6cb92c3d409aa931a6e68f4

Download Submit
C:\Users\Admin\Desktop\UseLock.reg

Filesize
412KB

MD5
f5135000004f894059b4e6100d4c5b02

SHA1
887794270260e9b913fb5eb912a0559254049cf1

SHA256
93d60f5ee20474e73aa73d3346e0948a289b704d0e142855c9f80027a585e695

SHA512
a8df3eda1f262d47f3a7a7310cfe74020ed5afe4e7e2892047929856498f1ed3463616f9c0ed22fc50274e3b6d05fde5805d308024c6e951aa172f5ab4acfa10

Download Submit
C:\Users\Admin\Downloads\XWorm V2.2.7z

Filesize
23.9MB

MD5
3358d14995f04a5dd53149ad54080a0c

SHA1
1975d9876fee7b5f47f16cb51ddc094ae21d75f4

SHA256
a8ec96ffe4dbae53cb7264bc5ac75107d2a5d19684d124351a1935c9d7d4ec8a

SHA512
bbc8a8d569827b1eea580085c491666fdd7263174b8242b192d8a7adb7960d1b0ecf6fd58b5aa667c1c2cc2774859e808bb941b400b967068a3d9d8299f31cf8

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\GeoIP.dat

Filesize
1.1MB

MD5
a0a228c187329ad148f33c81ddb430bb

SHA1
d70ec83d1b15b3156df73802dd1bec024b1b9346

SHA256
b4bfd1ebc50f0eaab3d3f4c2152feae7aa8efad380b85064153a6bfd006c6210

SHA512
0fe0a62c07f7ade0e6bfac8843c13c055369177935d801488a993bc4bcdb9da220ba1b37df2027dab8af7c15e5cf00b3e8f223b12165d8a1b0b9c30dc9939332

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\Clip.exe

Filesize
13KB

MD5
fd829592c5abc1361c2f5e81b2678019

SHA1
91b6d23bc43332bb7fee1b2d924a5c26a86747e4

SHA256
88b7a47f63f149d273015f4f6ce9ef8c5a731b6cf19db7a95220298603000b8c

SHA512
4e3e3b3cbfc2c25ac23399d15dcb6e7b40e5572fe9e5e741152f20589cd94de390fe0bea4abfb53ff427c6dec366d41a43a3a67ccdbb34c139f781be0b6b6c34

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\Lock.exe

Filesize
16KB

MD5
683bcb1f86f4410931abe39a63eb7057

SHA1
d338aac5ff479fc94d3c840e862665de1dac8c8f

SHA256
c9f03a39789f7322ae43604db6ce7da86765ad4b13207091683cf47bdea8de12

SHA512
60b596947d93fdb196fcf338af92d26cdd82396283316352ead078ce1a85943bb85264901318f7061e6b0e49058ace521831a9275c025526373d9168c757cdd2

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\Screamer1.exe

Filesize
844KB

MD5
8cac1595b184f66d7a122af38d5dfe71

SHA1
e0bc0162472edf77a05134e77b540663ac050ab6

SHA256
00201a2fd4916193c9c7bbba7be6a77fa5876085480b67da4e1228fd8b23ae5f

SHA512
88d3753ce73bbf95ee1fdbdff21eb9331e59ca92cfa5c489f141c07dc90871e3032e331c9dd77b1fec4522add3ac25c51d5c699d7801a5343dd2ae447c60f8f8

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\Screamer2.exe

Filesize
345KB

MD5
8efb7339fe13cf8cea9f6445776655c0

SHA1
081afd73c757c83825cf1e8ed4a4eab259d23b97

SHA256
c1badbacd2abe44fe4e8685c8eee7e983bf8b6780cfca03ae31f8fcebc98b1fb

SHA512
2a37e74aeff17b4f435d02a30019a017a4ff4fa29fc898229f6195876f53b38154c063cf052deebcc06785650f875d67eeb0de372a76df3c4e71bd4fc0392956

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\Screamer3.exe

Filesize
280KB

MD5
dedabad13c1c4cc92c4ed2122473eb8a

SHA1
a13385641ddcbdc371dce3607381883d52ed9822

SHA256
5dc4f19b34a738b4eef99c1229b2c7e7492040819d92ddbbf52bbde2a600c2ed

SHA512
45b66665cb3e484c82775c9972f444b1d8fe6f7ef5a55185a3c071f84e9f5dd2a039c9f9e26392e950585cbf965b987df9c789106bddcb35ee55ad0ff91b190b

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\Screamer4.exe

Filesize
961KB

MD5
4723c3c04794c09bbcb6e03f48440f15

SHA1
a5ef69c9dc9eacc2099d9c239146a0e360f1837f

SHA256
0d635f035cdb2fd3afda768cd631481ff980957b614a3cf3fca6c592c6c06470

SHA512
5b68e1cd3d6bb85b5f449014cc288423faea76ff0ecf8834047dac1ed6e84c4d858a7ed23abe3625d781391f636893736bf5c00474ad0995e75611c1557c5c4a

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\Screamer5.exe

Filesize
997KB

MD5
28aaac578be4ce06cb695e4f927b4302

SHA1
880ab0560b81e05e920f9ec1d6c0ecf5e04eaa7e

SHA256
8929d3b749ff91527b8e407eff6bde4bb0bb27739313b5c0db0434cbf700dbfc

SHA512
068698bda0543c773b36830f6760456e40e9046d9d20089ad88cb646ef5c7bd6c6716c6d59cfc7abd5bffb9129f5a7076e2f9c9b321795f224923f00b7b91374

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\Screamer6.exe

Filesize
583KB

MD5
320b1115164e8b5e1316d86eb29cd299

SHA1
bc046d8b14359a7a2bebdecbb819e76c47d84d1b

SHA256
d88f5b00da5f05ab7f55fd7c414bb56aaf47e9f51365aaabd71f3ace3cc77523

SHA512
fab558cf31aa79caf8e4f6e5649e4e484de3e29bae1386aa61749b70e8c791d74b01fa964501d4755c7688d0420e932f30e36699a2fe4488fae82ee23558afd0

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\cam.dll

Filesize
99KB

MD5
8ce3060686462fc72ece2701caa13e3b

SHA1
19fc9892200de4db332ddd0c14b4b6fd9a35ccd4

SHA256
881d5afb9aa4799c73e75dcd28587dba85dd844e4137287ea48c6b66525e2638

SHA512
ef38e00b054240a0d4747bfd79db860015ed027735c360de58af6889a69482109ccf74770608a2750542457ac38aa79367431ff6ca77fae44d7e3a7023f33a17

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\ch.dll

Filesize
44KB

MD5
11fde8a47647c3bc98d57f3a9f3a97a3

SHA1
e813c17973e77b7aa22b9f539c3c97c624acafb1

SHA256
7032cb496f866ec1c9304f2c3cd8859472168838a11aba1571f51875a75074af

SHA512
1401f40569db7679014ab282477a5560b3bc6f51284e501e0e878881522db102b448566bae50ab6c1027a196de410a9ac8770dfa2208d14e5dfcc3c05e766763

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\fun.dll

Filesize
8KB

MD5
ddce53e6a021aa8e146d9fce35e97e53

SHA1
7a4c69888e821e1d775c899ec5b3fdab267c7fbd

SHA256
57b66a81716e1737e5b8ecff2c269f00e2ca6ffbff88960e973c02f5800037cc

SHA512
a644892e51a5f09b35b3a89fee6031eeb92eb3ed5e5d05b8e06a96f0348305366f211ee959f94aaedb6f0c59608e49a1c2efb157f09cf520c43fe5455abfee15

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\mic.dll

Filesize
77KB

MD5
9b376f0d44995ca15d43f7943a602fb2

SHA1
18a2bb7d13836256bd5f39089203f18d740669d5

SHA256
27528a77e27d02aadecabfdf658b2da638bb0ca2f2c60bdd9d0fd5338c1fc346

SHA512
4dfb0c49816e0d0c2f7d0d76081725bd48d3713506ec51ac6c06ae7092908d14e3683d707d6f332505163fb0ade0ee6b50a355cd69c25725e829ebb23a3e93b2

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\plg.dll

Filesize
65KB

MD5
c179e212316f26ce9325a8d80d936666

SHA1
14d08b3cda60341d1e9187fc14bd64ebefe4a5b6

SHA256
13043521ed6876edf2736fc46a7c49e6b639cfa7a866ca11de26f119796cd521

SHA512
1b5eb687a9932c82ab2e655dbc5df8ba667a023e7568dbbd13c503a54661763193bde11937f87e2e09b88d770c8357eda07589d526e6103db058038e3ce3b750

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\pw.dll

Filesize
284KB

MD5
ac43720c43dcf90b2d57d746464ad574

SHA1
eae39df1c717ca74f6f04d5ca8478ea55145535a

SHA256
ca6367d1ab873a55ced13d7024c530bbe4a6a703813225233e59041c7ce14eaa

SHA512
9082b3cd8b36031256923c8f2bed628e9331129bbf09d111d9d02268a49e493248e5638ddee5b02da66e9159a608f8f26499ca0f736d6a369a30f71950c60d40

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Plugin\sc2.dll

Filesize
46KB

MD5
2d65bc3bff4a5d31b59f5bdf6e6311d7

SHA1
43962fbeb93fc267fb1c7036a12b8c5d6f40c28a

SHA256
010b1ec566be774a2d12146f9826aa31fd7eb6ffe7b45ce5e572b2d8c7f815c3

SHA512
b210d447cc9b4b89402a2a1d3d5e9cfe13ae897c47094be4110ed3aac109152c8a45ec138f73b703e7d3799934234cba4ca3f2439b3dd193a4cec671b9edaa6a

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Stub\Admin.manifest

Filesize
498B

MD5
ae08a3b3c72a07aa6b5babea340edc36

SHA1
cd758742b1872eddf9ffe0bc715097c467ad7f64

SHA256
8ea63e8ae4a6ca4769da44b9d934dca248c2ffc0169ae251bd0f6eadca457f24

SHA512
0cbd2abf49b1155ce2c0f4645e20e1c40c8dd2d78f43276e01b14d5bdf3ba0ea52bde985c215868fdfe3ec61e6e4f83555394ce5ef3ee82a928bd26e413a0fcc

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Stub\Stub.il

Filesize
566KB

MD5
ddb962ecf023ba1a781a3241f6557866

SHA1
f63349964f326569aebf2546be02b044386ae103

SHA256
ad630e3c023a2d10c61f3d1e6d14e60b4e691bf900f2c3b42ac1aefd16d2c12c

SHA512
46f1ce3c8ef81536dc95305d9b4c617227e810028999718019629a657335e2fd60866c25188e5b419b49a89c6a0bfab59116d21a4ba8906576373206bde850cf

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\Stub\Stub.manifest

Filesize
487B

MD5
4d18ac38a92d15a64e2b80447b025b7e

SHA1
5c34374c2dd5afa92e0489f1d6f86dde616aca6c

SHA256
835a00d6e7c43db49ae7b3fa12559f23c2920b7530f4d3f960fd285b42b1efb5

SHA512
72be79acd72366b495e0f625a50c9bdf01047bcf5f9ee1e3bdba10dab7bd721b0126f429a91d8c80c2434e8bc751defdf4c05bdc09d26a871df1bb2e22e923bf

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\WinMM.Net.dll

Filesize
43KB

MD5
d4b80052c7b4093e10ce1f40ce74f707

SHA1
2494a38f1c0d3a0aa9b31cf0650337cacc655697

SHA256
59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46

SHA512
3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\10.ico

Filesize
97KB

MD5
1cb45cb1fc481e43d11f518a12c007be

SHA1
b01cce7784e27405a2f5223c51210cc4f9cf8b4e

SHA256
b5c9954fe4f300e11226301e4fdefd35a180a9dfd38385ad8448ddfe07447eb0

SHA512
f3c835422ae8a5b905d623902f5987257d03c9b76201394baf39d6f3441cdbd737215e0c90182b21abc39e41d8ec874ed63fd787dbe09f1fe27c07b5fe7751af

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\11.ico

Filesize
80KB

MD5
a999bd85d73b4b4581350ff5f6c28d84

SHA1
0dc32cbe11badb57ea39f434f43ab035a432daad

SHA256
6418f9a87c22029f8bbd6690d30bf845e5852d3a2ff2cf7b72ed3e34def8b25a

SHA512
882738cbd3437d9d965c2a6ef1db1ed8081742f9a042611cdc85d84b39beac4d90f7cd853b54e509b0c5411bbc032e3869601bb908eebf8bbb535a562cf5d6c7

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\222.ico

Filesize
17KB

MD5
4f5c162d6c6a8102e72fad0822e0d1b2

SHA1
de7d371c3afc460f531b7be75f1ac70f6757cb50

SHA256
f7c66d34840bad867c64809d1eba416832422d8230c7bfc55a1ec066e5fbd77a

SHA512
a84f1029bda3afc3c0e06df5394bbac782de58170e780630bff68c79bde13f673ba209aa71929143d1ac8ab30331366ba67899534f146670fa7647059b0ea48f

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\33.ico

Filesize
4KB

MD5
2a28ecebe11028b280549ca7bea462dc

SHA1
56559e537b8a38f273a7f895ca24f095488c3101

SHA256
04ba6bf89fd52c3d3c93ef77045b0ca6a6087c964841c8fbbd989e6370d655fa

SHA512
2088284b8db352b5d6e7a670e77a7938a6a33ff09a977702078a0f2458d81d9161d0e1865d8c5e4209062a33372df1b3ae2cf23c3ddfa61729f4370552762e5c

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\5.ico

Filesize
27KB

MD5
cdee018e88b7a515827c9b7c0afe9c3f

SHA1
ac81088c72f8a0b9ef14b3f5f86a61b70a28cc9d

SHA256
b8eedd84108576669b3ebe1af006a39dbe7b932a5cfdcb4eed8e1028464da24d

SHA512
bd2ec838514cd61f2cda60c94f835543184ffe29985cafcc6887d57061613986c7e2901d20fdda5ce608b8baf25708bbe3abe0e52142565397893e382255ad4e

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\60.ico

Filesize
21KB

MD5
1e2f8337310abec7e1697b11fa5b5c45

SHA1
27b42e545cc953aef27891d15a795d0240fd01b1

SHA256
6e7bc8640eb3c9abe2812315ce0856b25c92867db899e402034190ba276d7c40

SHA512
d0bfbf88c30308f1f5aa14d3560ca39fca1b37b6671052963dd5044a709c8cadffdaedfb67657a1f5bb790ab3d4ade9033a905e1b5b4447d4a5f37a96b3516ee

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\Boo.ico

Filesize
64KB

MD5
4c4f2810791a51dadec0f7d88dd8ae2a

SHA1
0347349dd7537229c9c8ae4bd483b5673f1018b1

SHA256
5c068bc7bb5be167fbd36ae123515b43de8ec82f5d6d4be32712cb88037cbe89

SHA512
55212e9efc10dd2ffc269bd7ba333eda22e4595bd09a35fb2a4793177d85deaa45ea43cabecc18736e1696e349b1df0ff11919ed07131454ff3b4f5344e34d24

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\Crazy.ico

Filesize
2KB

MD5
ec483d61999fa717bc521822f0bac949

SHA1
7a6f19dc246148c3ec58131a2ee02f2587121b3f

SHA256
38f672b76268cba9831d39542d75c1011d1d1cae444c182033151473bc28b9c9

SHA512
acd9668689a8defa15c24b9e1c579ca7a4a47e21a65efb3fc66365f2c2c3566bf4a8956746ead15525f0ff7aa8e7cc9d451d7f4074cb5a4ff7be5c2e669e2a8d

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\Luma - Blue.ico

Filesize
73KB

MD5
47c3ca39c929688e84558438e1142e10

SHA1
f03acc85eb11ab4c8f4b972d849cefcebbba916f

SHA256
0b5b1fa5030a11eaafa818b8d4ea41ab7d69b97e9ec46a7494b8e5495a182807

SHA512
6ed0f1e3ecdc93e3452f751a244a1d4e3b3cd99e586097c7e4887a373d702d51e3bdb5e63e86e9d7a15e261751f1df487f2c5bca92ab4886ba6487994771ed4b

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\Luma - Yellow.ico

Filesize
69KB

MD5
372573fb768c0ac6a5a467becd74271d

SHA1
efda5a732eb9f388333c212539a00661f0853571

SHA256
90c3a8ec41f20c19011bfff58c4b437394121828a093bc3c9f0d2d4cdb23d824

SHA512
82bc786de5ea8d35f6ec1a67ea2726c180a860ba29f4380cb4a5633048fb8ff5ded96e7f3ba5661f808fc2c9ca9968b4ce9e6780b15a4b7b3ef26fa06dec3d2b

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\Mushroom - Boo.ico

Filesize
59KB

MD5
f8d50877d4abca64a2efa73901ed041d

SHA1
47f43ea88119c356b134970295600f442f6dd6a3

SHA256
470f4597bd7d7ee0f2ad0ffd1b83aab98b02128a618e35f11cd980388b46dc82

SHA512
82386b9d051f521057d0f3db8185a34034f0b066994074988b3c955715cbba8f375545b3334499ffc19653592344a3d0393cebe96e86639fb0d9baecbbb0cf9d

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\SETUP01.ICO

Filesize
766B

MD5
4e13051b87f131521711f2a19670f3ca

SHA1
2b73f4edd8e67e5592d0186432fe08aa138f216c

SHA256
3f5e1605d50459c0b03313d1e5a0ee867454c328794f2244868c2a6c32cab974

SHA512
0ffbf6c9dc8690851ad4b5140dabee6b649fdf40d945e1acce574e9d4721533e77816b366aa5418ff8b4b381eadfbf039b5aaf816f19c7b7689acfed7500716c

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\SETUP04.ICO

Filesize
766B

MD5
390c6059c6f37d95dd92f5f4957fb3b0

SHA1
64d43b39badde5c3503ad7a25e368457d47a34d3

SHA256
3be6f9858550929a81498be36fd4c30e7b4d66207512d030a7eb609557415498

SHA512
ed08e39bba5e30a542b8716b5cb23c2186c98d1b09fecbe9ba8db8aef9d8c68babb3568208411fa431b6d584e9bed2b4a7fac9dfcaf06fdb4f7687d3796d19ba

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\SETUP06.ICO

Filesize
766B

MD5
a688105d2e3df9769a0b8830a7510d45

SHA1
17f98174f7a47998b210d9decf7c90c2633508d8

SHA256
217766ae48fdfaab3b6c6a59003bd95d92effbe0f8d1b58c2bbe2a2fb85d8610

SHA512
6f2bea1172568ca2a55a66f50d0d6df31f4425739ccdd137bbb56f7495ce879c1d9eec6cdd756f92c8280e5cb2cc87e943d7f1bfe0c338496d01eb98a90603e9

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\SETUP07.ICO

Filesize
766B

MD5
92396f10abe4461edcafac05e7d9698f

SHA1
8886597b1c49803571edf8c779e850921464c35d

SHA256
1a92b60da099f44ae3ce5aae5d5be3a714b245ad143e66279a8d0c8ef191b23c

SHA512
5829bef01a3ab4e5c7cfe3a66826bf6f765c05886f488f55bc445219f318a9663d24a1599404c85dce8665df44ad9dcad686729591ad7a8c3ffd78a46b2121e6

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\SETUP08.ICO

Filesize
766B

MD5
22781c9a7fbda5ec38501757b7f8b86e

SHA1
7af597b41cecd874e520da71e99929c1b1a3a0b5

SHA256
a42d890a1441a9fca17b70f790ab761a4a0a230d84441cf5649cbf1ed1c9911f

SHA512
92d289ce0df5e3f0b311cc871e8c0197e6bf4119f8f9e9ce97337b5668e1928abd4553ad4559635eb1572bc39e7d4958ef62fccd765e02773ef9e42021dc26d3

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\SETUP09.ICO

Filesize
766B

MD5
0a3959aac836b844f386eca454b113c2

SHA1
b6563dccfb6f64cf6a66f4804388895c34d8bdd5

SHA256
a650a609cce6d1a7ba46cc28d63c30615a398c8e8360c9ed7879abadef366d5d

SHA512
0cac7ac8d90ae5a4eff1fa6bcaf049167c57307404cd97148f7fe71c243f2971a17893622e9c3205ef491d8c718d1e8dc5357511f590e5f91c5630d46123a877

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\delphi.ico

Filesize
766B

MD5
8276169897cb90cf7b1350be6d54ebc0

SHA1
c6334a0c9322decbf3bb58c9552d3102a0abf3be

SHA256
4479905ca3c44ad6b0339ee27ab2e513483782e930ac8854fd577a7661fe0b58

SHA512
b942e044ad2a3d812429e81129f5faf6bb630ffac7e2ab6eb8de29fda4794fe83d73efcee58838c64136591f629888e05cf7583f7e66276a057b20c33fb7505f

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\hydra.ico

Filesize
39KB

MD5
64597460ac24c93849e480b58228a930

SHA1
9b5e76fc5b5d2eee1e0ae4d8addb1e82043a0b9d

SHA256
a5ad07b74a7e333b7a46103d0594a101c71dea9e642aa9e378d3d9bc2e511f45

SHA512
f9677b1d038e2006e014985532a63abbeeeb45ab20eaa279f044f4196badead5667269f4c1d0054cf6514d23f96d5215d270da4f8e863944e9b2ec2c71678f9c

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\installshield.ico

Filesize
2KB

MD5
599e51a4abfbc61dc8ad4d1723564eca

SHA1
47708bea6f6e648f8c400cdd996b52209e8083a3

SHA256
e8be461515459e4d641e2b2eea6291e067bfd103d0fbcc2cdce20a184dc766e5

SHA512
84e52962a82ca1c1d0db0c44727534257f48e56d2f099922e9d7fbe6df0aa585227281c3c9005c867f99469f495cff198f8eb7a90adb253cd6e2e65638bfa927

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\jpeg.ico

Filesize
117KB

MD5
9a7ae63dc67b2f1ee401f9f24feffb90

SHA1
748c8c4d383692f87a139d1bec6b1edeeee3899c

SHA256
ecb5acfe689de564248be488a29c798e5186e801c4be455bc2712ff4e8cdfe3f

SHA512
0e1f9b7ae291979a61826e8f3a9880c91be48ac4625b5586b4c8d21e294afa5e60ab371343ac0ada4ab10fba6a35bdbb3d1e064516a06b940822ddf58c67266c

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\jpg.ico

Filesize
96KB

MD5
38dd6c975e70d6661caf1e664050ff90

SHA1
09231a58f67249662f235f104b2aa7bf88a3e9c8

SHA256
a05a08e4b8adbe08fde7af6591e845e733ad959802edc67219c4de2a265e493c

SHA512
d316d416991ea37b69b896d0d700a035d768be9cd7f589b57ed6ef5abd75434b14a589685066f5214a842d482e8656abc02831a294c28b6e9bb2fb90e81485cc

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\mp3.ico

Filesize
60KB

MD5
77f4107e399ce8c1ca3428bce27368dc

SHA1
201fe5f7168491faad8dc83044a7fac53ea2e63b

SHA256
f3c09cc904e983fbd222caa9fa9d0d432f7e2c0b52902d60fd5047e264a30cb2

SHA512
528ea2a9e64f91bd7d14c946b7a5acb0b892fdc49d3ba99024498023697542be07b85aa3d8145b7683cd26fff9ff0c5b3fd3fe9de48242f4fe15fa81ca608af6

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\ms.ico

Filesize
24KB

MD5
70834fa0882922829416cc3080d51a13

SHA1
6307f656c13912b4cd786c67ea228a61901653f9

SHA256
56d796bb2a527c3e414314de4074b0d58f1bc40a1e6a8cf7e0d89791c844ff0f

SHA512
b49bd651cae66726ec7832fe048483036f89cc8c4f5351237f2c0914a389822f9fc4148624e653fbb9a30c50b0cf96c10b3cd9b86e0082bb2ec360a240378ce1

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\pdf.ico

Filesize
79KB

MD5
721c10b15ec8c56fb1c0bda7ed370e92

SHA1
4c76849c6debe936602ba003e96e94c6645030b7

SHA256
d1ca4a262546037505b9e7e3056eaf23673b3350502611a0aba5b60d86a634c6

SHA512
dbd6f3e07b9c8a336e4f48e006c567e1bd7269efde1fcbb1e187d8b25128588cae6bc4c6f7196d45623eddb7c08b4fec33ad44696430e63554e4d050a41ff98d

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\ppt.ico

Filesize
74KB

MD5
a45be89532ad43dc477d55b06c3196f5

SHA1
ce45e2c51d27225fa4ef771ba2a8b29e2cc2e131

SHA256
9ff9b3447ff8a88db57c5902a46f558991f4c34f3a893cbafb294a4f25a40b76

SHA512
1afabbc44d22dd29291be04fc2fbe8da9d52a3c5b8bfdff498ed1ba9268fbb998f937e85e47af309e6ffdbd8b1f289524bacf8eb817b9780d53bfbaeda5ba127

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\pptx.ico

Filesize
59KB

MD5
d56a246808f379da636dedbcc0dc06a6

SHA1
cb3e54447dcd711c81f1a56b4f0097a0bf7e2ebf

SHA256
339e120042c22d6a12e8e36ff14f0741d35453996e013a0823be44daccca4d9a

SHA512
4662817d67b3af3f66aaf08bef7e8b67152b6b99fb58c8566ebbe08dc83e9f09920af9a7b2f85479ebeee9bf26f1d4339b6010761fbff3f8f56f4229f0eb0d41

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\realtek.ico

Filesize
281KB

MD5
480b7d4be5af6ba8522b2120ae913537

SHA1
b4fa13bfe055a01d48b79266b1dcd44e1b83a923

SHA256
c24d5290e5ea28a5bed6b6bbcc12cff1f16b31effcc003ff171820b1a604e636

SHA512
d27e9a316b2da85f9d6c18a2e8bf1cf67290bd12761bc82907083e262cb0a0894eb60568cb1b5d1c8d4aea58f7b0861c12e7ebd56f0cd33a788d7e880122ec30

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\setop.ico

Filesize
97KB

MD5
2315ad99d860ab9917f3e61abc7112b6

SHA1
7ac2814b86d3a394e2b5b155dacaeecdd6ae2961

SHA256
32c575dfbd7bbb8e3bd55a19c5540efcc3ea59b7c7d9a5944aad856917d16dba

SHA512
98b64bc1003f0e15c31910b8ee43171b8f7456c94d55f9312f194b068550304875c28c76e23e22434d7f0c7bba772a2108211af35baea22a85c6efdb2b7b2bfe

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\setup.ico

Filesize
4KB

MD5
76685dfa5860561a421b7acc5f5c37fb

SHA1
5fa8562c445fe49cc9359636135201e6a536ec7b

SHA256
1fe1b2d465347bb462a1df2eae0359a1461dd84e709581b5f26f6fb8654c2152

SHA512
214f54e0049d7c46ea4f2ab5117e92468e39cc9e14351eb1d269ba0c7de1f4b819a67ef7624aee78d1c1a8a592a421bea14f7b401206adc41166ade4c31f55cf

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\themida.ico

Filesize
20KB

MD5
58404306348d0769ed86f0249aadfae9

SHA1
ae59e6881fd1e09ae1ac72e6fa9131d81a0a1f3b

SHA256
901d058a955d945abfcfd07ec1a7634ffd79d8c484b3ca9e2f942cacbc3081c3

SHA512
e2ddae9496fbc1ecee46fdbed9b5784a8b5eced6aa8a91809865df32fae563883734f0c0f5ead74c2a663ecd356b9794aa6e4098c2461d201a0f9f59d2f3701f

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\vbs.ico

Filesize
1KB

MD5
897b4de105686f8a1c3c618654d8ff84

SHA1
c637a5801566fb37d99fd875357f18db88e108a0

SHA256
59ee0f59485bfe2310c653362687a1d5500b3bae14d16113858e36a520f52374

SHA512
6dd3d832c25e574114463535887411107ca3fd61df13e3af71f01177b4e80158fd6fededa0ff699dff0ebc7db58cf025741d11e5bb978cebeeb2b755df596cdf

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\windows.ico

Filesize
172KB

MD5
53094f6a2875bbddb2df21faf5c57a77

SHA1
5132bdcc502318cef2a4163a32f2b32009f833da

SHA256
0a3f6bd796c12c8a118f7ec83f53371259ce86e0256ed00687e33d1e0a2fed80

SHA512
7f90981d9ecd59104afd39edfaf164f10b39874d36c2ed6724be070747803542b6ce13d84fbc662df7d47b2ef1fd39d898bc2c562769d19d3dc7b5e4e6bc7743

Download Submit
C:\Users\Admin\Downloads\njRAT 0.7d Horror Edition (1)\njRAT 0.7d Horror Edition\icons\xls.ico

Filesize
57KB

MD5
0c6b533abee847d53288e3502531093a

SHA1
b9b71016ed4289abacc3700a29df710df1ffc152

SHA256
d04a38caafa0962f8b6b8affb15c4db3a48e20c355755e8cd5f588dc00824a2a

SHA512
d4fc20cc98eb49a6f8d1a834ef9ec2ee04544d8c02e5776dc9262579fc4119c6482b5a077d9b6dd3c0dad5decb21bb597e0d8330936aedf4743be8212912f0b2

Download Submit
C:\Users\Admin\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms.ENC

Filesize
16B

MD5
5b6367a81ee74c65984c3163a1b673d3

SHA1
75b26501dfbf15a0531439e48bbf609803372455

SHA256
29b530832300f63e5e8bf05e5eb5714e4b6af2569216db3b766b3a461b09327f

SHA512
0ec0d4a0d35f3e3820274f3635f88c40c80f11815ab9f9bc107fbcb041f902d0f95e6bd35523b6b621989276cc54db629293228404acfd679ed9ae0acd2b566d

Download Submit
C:\Windows\Temp\SDIAG_8d4ff7d8-de7d-4293-9080-a6441eab7631\DiagPackage.dll

Filesize
65KB

MD5
e99b38cf7f4a92fc8b1075f5d573049d

SHA1
406004e7acd41b3a10daae89f886ef8b13b27c32

SHA256
812ebb05968818932d82e79422f6fd6c510fd1b14d20634e339c61faeb24b142

SHA512
5637e6e949c24dca3b607b4f8b5745e0bb557e746fc17eff1274af36d52d5d7576723f4cd055fcf8fcf9fd267254e6d7fbb53cc173a15d3dfd3cce2015ac757d

Download Submit
C:\Windows\Temp\SDIAG_8d4ff7d8-de7d-4293-9080-a6441eab7631\it-IT\DiagPackage.dll.mui

Filesize
13KB

MD5
96ab3783e4d14e1d5c25801574b330e2

SHA1
df1ddebe84153bd3f24afcefff90fe72194e3973

SHA256
18c9b49b16d9c3683ec00f8d8f693b406b49239370c5d1f18f6d2edc6401eb82

SHA512
606c1f61d75e4b9e58d34db83a2bd6aae65e00436d829a886014a7396ea33d4651e831637b635922650cf0d8b1019dde65a635b79955dbcd3a34acf20c515fe4

Download Submit
C:\Windows\Temp\SDIAG_8d4ff7d8-de7d-4293-9080-a6441eab7631\result\results.xsl

Filesize
47KB

MD5
a4a90b82eecb6bed95e8a29d8020a5e7

SHA1
0f75704f10b9292448126a564362957126f1581f

SHA256
31d939b768a4dd1a150f78823b9b02964b93dfd57ede97a7e8a57c734c7c5d0b

SHA512
442877be622fbec90cdb548e3e07356e96acede6dbba100745d141ce15614ff1141fc5259bf52eef362b51734e36286ffc85fe337ce4d097df58d757760e0a04

Download Submit
memory/700-7184-0x0000000000C80000-0x0000000000C90000-memory.dmp

Filesize
64KB

Download
memory/700-7182-0x0000000000C80000-0x0000000000C90000-memory.dmp

Filesize
64KB

Download
memory/700-7185-0x0000000000C80000-0x0000000000C90000-memory.dmp

Filesize
64KB

Download
memory/700-7186-0x0000000000C80000-0x0000000000C90000-memory.dmp

Filesize
64KB

Download
memory/700-7187-0x0000000000C80000-0x0000000000C90000-memory.dmp

Filesize
64KB

Download
memory/1488-7125-0x0000000000790000-0x00000000007A0000-memory.dmp

Filesize
64KB

Download
memory/1488-7126-0x0000000000790000-0x00000000007A0000-memory.dmp

Filesize
64KB

Download
memory/2008-373-0x00007FF8F55B0000-0x00007FF8F55B1000-memory.dmp

Filesize
4KB

Download
memory/2008-372-0x00007FF8F51D0000-0x00007FF8F51D1000-memory.dmp

Filesize
4KB

Download
memory/2440-1737-0x0000000002720000-0x0000000002730000-memory.dmp

Filesize
64KB

Download
memory/2440-121-0x0000000002720000-0x0000000002730000-memory.dmp

Filesize
64KB

Download
memory/2440-954-0x0000000002720000-0x0000000002730000-memory.dmp

Filesize
64KB

Download
memory/2440-1271-0x0000000002720000-0x0000000002730000-memory.dmp

Filesize
64KB

Download
memory/2440-1323-0x0000000002720000-0x0000000002730000-memory.dmp

Filesize
64KB

Download
memory/2440-1609-0x0000000002720000-0x0000000002730000-memory.dmp

Filesize
64KB

Download
memory/2440-604-0x0000000002720000-0x0000000002730000-memory.dmp

Filesize
64KB

Download
memory/2440-1976-0x0000000002720000-0x0000000002730000-memory.dmp

Filesize
64KB

Download
memory/3680-3139-0x000001834C800000-0x000001834C810000-memory.dmp

Filesize
64KB

Download
memory/3680-3165-0x0000018351650000-0x0000018351652000-memory.dmp

Filesize
8KB

Download
memory/3680-3164-0x0000018351620000-0x0000018351622000-memory.dmp

Filesize
8KB

Download
memory/3680-3162-0x0000018350CE0000-0x0000018350CE2000-memory.dmp

Filesize
8KB

Download
memory/3680-3160-0x000001834CAD0000-0x000001834CAD1000-memory.dmp

Filesize
4KB

Download
memory/4056-7169-0x0000000000AB0000-0x0000000000B8A000-memory.dmp

Filesize
872KB

Download
memory/4056-7170-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

Filesize
64KB

Download
memory/4056-7171-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

Filesize
64KB

Download
memory/4056-7172-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

Filesize
64KB

Download
memory/4332-7109-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7107-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7094-0x0000000000E40000-0x0000000001DB2000-memory.dmp

Filesize
15.4MB

Download
memory/4332-7095-0x000000001CCD0000-0x000000001CD76000-memory.dmp

Filesize
664KB

Download
memory/4332-7096-0x000000001D250000-0x000000001D71E000-memory.dmp

Filesize
4.8MB

Download
memory/4332-7097-0x000000001D7C0000-0x000000001D85C000-memory.dmp

Filesize
624KB

Download
memory/4332-7098-0x0000000002520000-0x0000000002528000-memory.dmp

Filesize
32KB

Download
memory/4332-7099-0x000000001D8F0000-0x000000001D93C000-memory.dmp

Filesize
304KB

Download
memory/4332-7100-0x000000001EE10000-0x000000001EE7C000-memory.dmp

Filesize
432KB

Download
memory/4332-7101-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7102-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7103-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7104-0x000000001ECC0000-0x000000001ECD2000-memory.dmp

Filesize
72KB

Download
memory/4332-7105-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7106-0x0000000020EA0000-0x0000000020EEE000-memory.dmp

Filesize
312KB

Download
memory/4332-7159-0x000000003E020000-0x000000003E120000-memory.dmp

Filesize
1024KB

Download
memory/4332-7108-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7110-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7111-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7112-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7113-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7114-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7115-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7116-0x000000003E020000-0x000000003E120000-memory.dmp

Filesize
1024KB

Download
memory/4332-7124-0x000000003E020000-0x000000003E120000-memory.dmp

Filesize
1024KB

Download
memory/4332-7093-0x0000000003F90000-0x0000000003FA0000-memory.dmp

Filesize
64KB

Download
memory/4332-7160-0x000000003E020000-0x000000003E120000-memory.dmp

Filesize
1024KB

Download
memory/4848-3504-0x0000028E867F0000-0x0000028E867F2000-memory.dmp

Filesize
8KB

Download
memory/4848-3550-0x0000028E98CC0000-0x0000028E98CC2000-memory.dmp

Filesize
8KB

Download
memory/4848-3552-0x0000028E98EE0000-0x0000028E98EE2000-memory.dmp

Filesize
8KB

Download
memory/4992-3347-0x0000025E6A9A0000-0x0000025E6A9C0000-memory.dmp

Filesize
128KB

Download
memory/4992-3294-0x0000025E69850000-0x0000025E69852000-memory.dmp

Filesize
8KB

Download
memory/4992-3523-0x0000025E6DA10000-0x0000025E6DA12000-memory.dmp

Filesize
8KB

Download
memory/4992-3469-0x0000025E6D570000-0x0000025E6D572000-memory.dmp

Filesize
8KB

Download
memory/4992-3466-0x0000025E6D550000-0x0000025E6D552000-memory.dmp

Filesize
8KB

Download
memory/4992-3354-0x0000025E6ACE0000-0x0000025E6AD00000-memory.dmp

Filesize
128KB

Download
memory/4992-3292-0x0000025E69830000-0x0000025E69832000-memory.dmp

Filesize
8KB

Download
memory/4992-3471-0x0000025E6D590000-0x0000025E6D592000-memory.dmp

Filesize
8KB

Download
memory/4992-3298-0x0000025E69870000-0x0000025E69872000-memory.dmp

Filesize
8KB

Download
memory/5444-7144-0x0000000002E80000-0x0000000002E90000-memory.dmp

Filesize
64KB

Download
memory/5576-7158-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/5576-7148-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/5576-7155-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/5576-7150-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/5644-7163-0x0000000000F80000-0x0000000000F8A000-memory.dmp

Filesize
40KB

Download
memory/5644-7164-0x0000000001380000-0x0000000001390000-memory.dmp

Filesize
64KB

Download
memory/5776-5938-0x0000025473F60000-0x0000025473F68000-memory.dmp

Filesize
32KB

Download
memory/5776-5914-0x0000025474570000-0x00000254745E6000-memory.dmp

Filesize
472KB

Download
memory/5776-5913-0x0000025473F20000-0x0000025473F2A000-memory.dmp

Filesize
40KB

Download
memory/5776-5947-0x0000025474030000-0x0000025474038000-memory.dmp

Filesize
32KB

Download
memory/5776-5951-0x0000025474060000-0x0000025474074000-memory.dmp

Filesize
80KB

Download
memory/5776-5973-0x0000025474940000-0x0000025474948000-memory.dmp

Filesize
32KB

Download
memory/5776-5912-0x000002545AF60000-0x000002545AF6A000-memory.dmp

Filesize
40KB

Download
memory/5776-5909-0x0000025474000000-0x0000025474022000-memory.dmp

Filesize
136KB

Download
memory/5776-5906-0x000002545AF50000-0x000002545AF60000-memory.dmp

Filesize
64KB

Download
memory/5776-5905-0x0000025474100000-0x0000025474200000-memory.dmp

Filesize
1024KB

Download
memory/5776-5902-0x0000025473F70000-0x0000025473FF2000-memory.dmp

Filesize
520KB

Download